diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2003-03-21 01:18:09 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2003-03-21 01:18:09 +0000 |
commit | c8c548d24883eaff20ea1665022ee92bd0632e29 (patch) | |
tree | ae926d0d3ef2d1c08f34c5b5f919451d0d29e7fa /auth-sia.c | |
parent | a5a2648b81c9347c241c37e6cba78f1df47e9320 (diff) |
- (bal) Disable Privsep for Tru64 after pre-authentication due to issues
with SIA. Also, clean up of tru64 support patch by Chris Adams
<cmadams@hiwaay.net>
Diffstat (limited to 'auth-sia.c')
-rw-r--r-- | auth-sia.c | 47 |
1 files changed, 16 insertions, 31 deletions
diff --git a/auth-sia.c b/auth-sia.c index 071e154d8..5c9b3f5de 100644 --- a/auth-sia.c +++ b/auth-sia.c | |||
@@ -45,27 +45,25 @@ extern ServerOptions options; | |||
45 | extern int saved_argc; | 45 | extern int saved_argc; |
46 | extern char **saved_argv; | 46 | extern char **saved_argv; |
47 | 47 | ||
48 | extern int errno; | ||
49 | |||
50 | int | 48 | int |
51 | auth_sia_password(Authctxt *authctxt, char *pass) | 49 | auth_sia_password(Authctxt *authctxt, char *pass) |
52 | { | 50 | { |
53 | int ret; | 51 | int ret; |
54 | SIAENTITY *ent = NULL; | 52 | SIAENTITY *ent = NULL; |
55 | const char *host; | 53 | const char *host; |
56 | char *user = authctxt->user; | ||
57 | 54 | ||
58 | host = get_canonical_hostname(options.verify_reverse_mapping); | 55 | host = get_canonical_hostname(options.verify_reverse_mapping); |
59 | 56 | ||
60 | if (pass[0] == '\0') | 57 | if (!authctxt->user || !pass || pass[0] == '\0') |
61 | return(0); | 58 | return(0); |
62 | 59 | ||
63 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, | 60 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, |
64 | NULL) != SIASUCCESS) | 61 | NULL, 0, NULL) != SIASUCCESS) |
65 | return(0); | 62 | return(0); |
66 | 63 | ||
67 | if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { | 64 | if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { |
68 | error("Couldn't authenticate %s from %s", user, host); | 65 | error("Couldn't authenticate %s from %s", authctxt->user, |
66 | host); | ||
69 | if (ret & SIASTOP) | 67 | if (ret & SIASTOP) |
70 | sia_ses_release(&ent); | 68 | sia_ses_release(&ent); |
71 | return(0); | 69 | return(0); |
@@ -77,48 +75,35 @@ auth_sia_password(Authctxt *authctxt, char *pass) | |||
77 | } | 75 | } |
78 | 76 | ||
79 | void | 77 | void |
80 | session_setup_sia(char *user, char *tty) | 78 | session_setup_sia(struct passwd *pw, char *tty) |
81 | { | 79 | { |
82 | struct passwd *pw; | ||
83 | SIAENTITY *ent = NULL; | 80 | SIAENTITY *ent = NULL; |
84 | const char *host; | 81 | const char *host; |
85 | 82 | ||
86 | host = get_canonical_hostname (options.verify_reverse_mapping); | 83 | host = get_canonical_hostname(options.verify_reverse_mapping); |
87 | 84 | ||
88 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, | 85 | if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty, |
89 | NULL) != SIASUCCESS) { | 86 | 0, NULL) != SIASUCCESS) |
90 | fatal("sia_ses_init failed"); | 87 | fatal("sia_ses_init failed"); |
91 | } | ||
92 | 88 | ||
93 | if ((pw = getpwnam(user)) == NULL) { | ||
94 | sia_ses_release(&ent); | ||
95 | fatal("getpwnam: no user: %s", user); | ||
96 | } | ||
97 | if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { | 89 | if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { |
98 | sia_ses_release(&ent); | 90 | sia_ses_release(&ent); |
99 | fatal("sia_make_entity_pwd failed"); | 91 | fatal("sia_make_entity_pwd failed"); |
100 | } | 92 | } |
101 | 93 | ||
102 | ent->authtype = SIA_A_NONE; | 94 | ent->authtype = SIA_A_NONE; |
103 | if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { | 95 | if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) |
104 | fatal("Couldn't establish session for %s from %s", user, | 96 | fatal("Couldn't establish session for %s from %s", |
105 | host); | 97 | pw->pw_name, host); |
106 | } | ||
107 | |||
108 | if (setpriority(PRIO_PROCESS, 0, 0) == -1) { | ||
109 | sia_ses_release(&ent); | ||
110 | fatal("setpriority: %s", strerror (errno)); | ||
111 | } | ||
112 | 98 | ||
113 | if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { | 99 | if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) |
114 | fatal("Couldn't launch session for %s from %s", user, host); | 100 | fatal("Couldn't launch session for %s from %s", pw->pw_name, |
115 | } | 101 | host); |
116 | 102 | ||
117 | sia_ses_release(&ent); | 103 | sia_ses_release(&ent); |
118 | 104 | ||
119 | if (setreuid(geteuid(), geteuid()) < 0) { | 105 | if (setreuid(geteuid(), geteuid()) < 0) |
120 | fatal("setreuid: %s", strerror(errno)); | 106 | fatal("setreuid: %s", strerror(errno)); |
121 | } | ||
122 | } | 107 | } |
123 | 108 | ||
124 | #endif /* HAVE_OSF_SIA */ | 109 | #endif /* HAVE_OSF_SIA */ |