diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | includes.h | 4 | ||||
-rw-r--r-- | packet.h | 5 | ||||
-rw-r--r-- | pty.c | 3 | ||||
-rw-r--r-- | sshd.c | 39 |
6 files changed, 33 insertions, 21 deletions
@@ -22,6 +22,7 @@ | |||
22 | [ssh.c] print _all_ bad config-options in ssh(1), too | 22 | [ssh.c] print _all_ bad config-options in ssh(1), too |
23 | [sshconnect.c] disconnect if getpeername() fails | 23 | [sshconnect.c] disconnect if getpeername() fails |
24 | - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it. | 24 | - OpenBSD's changes to sshd.c broke the PAM stuff, re-merged it. |
25 | - Various small cleanups to bring diff (against OpenBSD) size down. | ||
25 | 26 | ||
26 | 19991114 | 27 | 19991114 |
27 | - Solaris compilation fixes (still imcomplete) | 28 | - Solaris compilation fixes (still imcomplete) |
diff --git a/configure.in b/configure.in index d1dad1e48..fd6aea36b 100644 --- a/configure.in +++ b/configure.in | |||
@@ -55,7 +55,7 @@ AC_CHECK_LIB(dl, dlopen, , ) | |||
55 | AC_CHECK_LIB(pam, pam_authenticate, , ) | 55 | AC_CHECK_LIB(pam, pam_authenticate, , ) |
56 | 56 | ||
57 | dnl Checks for header files. | 57 | dnl Checks for header files. |
58 | AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h shadow.h) | 58 | AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h shadow.h netgroup.h) |
59 | 59 | ||
60 | dnl Check for ut_host field in utmp | 60 | dnl Check for ut_host field in utmp |
61 | AC_MSG_CHECKING([whether utmp.h has ut_host field]) | 61 | AC_MSG_CHECKING([whether utmp.h has ut_host field]) |
diff --git a/includes.h b/includes.h index 198e72979..e2a0ea3b6 100644 --- a/includes.h +++ b/includes.h | |||
@@ -41,7 +41,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
41 | #include <ctype.h> | 41 | #include <ctype.h> |
42 | #include <errno.h> | 42 | #include <errno.h> |
43 | #include <fcntl.h> | 43 | #include <fcntl.h> |
44 | #include <assert.h> | ||
45 | #include <signal.h> | 44 | #include <signal.h> |
46 | #include <termios.h> | 45 | #include <termios.h> |
47 | #include <stdlib.h> | 46 | #include <stdlib.h> |
@@ -55,6 +54,9 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
55 | 54 | ||
56 | #include "config.h" | 55 | #include "config.h" |
57 | 56 | ||
57 | #ifdef HAVE_NETGROUP_H | ||
58 | # include <netgroup.h> | ||
59 | #endif | ||
58 | #ifdef HAVE_PATHS_H | 60 | #ifdef HAVE_PATHS_H |
59 | # include <paths.h> | 61 | # include <paths.h> |
60 | #endif | 62 | #endif |
@@ -13,12 +13,13 @@ Interface for the packet protocol functions. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: packet.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */ | 16 | /* RCSID("$Id: packet.h,v 1.3 1999/11/15 04:40:55 damien Exp $"); */ |
17 | 17 | ||
18 | #include "config.h" | ||
19 | #ifndef PACKET_H | 18 | #ifndef PACKET_H |
20 | #define PACKET_H | 19 | #define PACKET_H |
21 | 20 | ||
21 | #include "config.h" | ||
22 | |||
22 | #ifdef HAVE_OPENSSL | 23 | #ifdef HAVE_OPENSSL |
23 | #include <openssl/bn.h> | 24 | #include <openssl/bn.h> |
24 | #endif | 25 | #endif |
@@ -14,10 +14,9 @@ Allocating a pseudo-terminal, and making it the controlling tty. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: pty.c,v 1.2 1999/11/08 04:30:59 damien Exp $"); | 17 | RCSID("$Id: pty.c,v 1.3 1999/11/15 04:40:55 damien Exp $"); |
18 | 18 | ||
19 | #ifdef HAVE_PTY_H | 19 | #ifdef HAVE_PTY_H |
20 | /* Unfortunate namespace collision */ | ||
21 | #include <pty.h> | 20 | #include <pty.h> |
22 | #endif /* HAVE_PTY_H */ | 21 | #endif /* HAVE_PTY_H */ |
23 | 22 | ||
@@ -18,7 +18,7 @@ agent connections. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: sshd.c,v 1.18 1999/11/15 04:25:10 damien Exp $"); | 21 | RCSID("$Id: sshd.c,v 1.19 1999/11/15 04:40:55 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "rsa.h" | 24 | #include "rsa.h" |
@@ -133,8 +133,8 @@ void do_child(const char *command, struct passwd *pw, const char *term, | |||
133 | #ifdef HAVE_LIBPAM | 133 | #ifdef HAVE_LIBPAM |
134 | static int pamconv(int num_msg, const struct pam_message **msg, | 134 | static int pamconv(int num_msg, const struct pam_message **msg, |
135 | struct pam_response **resp, void *appdata_ptr); | 135 | struct pam_response **resp, void *appdata_ptr); |
136 | void do_pam_account_and_session(const char *username, | 136 | void do_pam_account_and_session(char *username, char *remote_user, |
137 | const char *remote_user, const char *remote_host); | 137 | const char *remote_host); |
138 | void pam_cleanup_proc(void *context); | 138 | void pam_cleanup_proc(void *context); |
139 | 139 | ||
140 | static struct pam_conv conv = { | 140 | static struct pam_conv conv = { |
@@ -230,7 +230,8 @@ void pam_cleanup_proc(void *context) | |||
230 | } | 230 | } |
231 | } | 231 | } |
232 | 232 | ||
233 | void do_pam_account_and_session(const char *username, const char *remote_user, const char *remote_host) | 233 | void do_pam_account_and_session(char *username, char *remote_user, |
234 | const char *remote_host) | ||
234 | { | 235 | { |
235 | int pam_retval; | 236 | int pam_retval; |
236 | 237 | ||
@@ -1201,12 +1202,17 @@ do_authentication(char *user) | |||
1201 | pw = &pwcopy; | 1202 | pw = &pwcopy; |
1202 | 1203 | ||
1203 | #ifdef HAVE_LIBPAM | 1204 | #ifdef HAVE_LIBPAM |
1204 | debug("Starting up PAM with username \"%.200s\"", pw->pw_name); | 1205 | { |
1206 | int pam_retval; | ||
1207 | |||
1208 | debug("Starting up PAM with username \"%.200s\"", pw->pw_name); | ||
1205 | 1209 | ||
1206 | if (pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh) != PAM_SUCCESS) | 1210 | pam_retval = pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh); |
1207 | fatal("PAM initialisation failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval)); | 1211 | if (pam_retval != PAM_SUCCESS) |
1212 | fatal("PAM initialisation failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval)); | ||
1208 | 1213 | ||
1209 | fatal_add_cleanup(&pam_cleanup_proc, NULL); | 1214 | fatal_add_cleanup(&pam_cleanup_proc, NULL); |
1215 | } | ||
1210 | #endif | 1216 | #endif |
1211 | 1217 | ||
1212 | /* If we are not running as root, the user must have the same uid as the | 1218 | /* If we are not running as root, the user must have the same uid as the |
@@ -1263,8 +1269,11 @@ do_authloop(struct passwd *pw) | |||
1263 | unsigned int client_host_key_bits; | 1269 | unsigned int client_host_key_bits; |
1264 | BIGNUM *client_host_key_e, *client_host_key_n; | 1270 | BIGNUM *client_host_key_e, *client_host_key_n; |
1265 | BIGNUM *n; | 1271 | BIGNUM *n; |
1266 | char *client_user, *password; | 1272 | char *client_user = NULL, *password = NULL; |
1267 | int plen, dlen, nlen, ulen, elen; | 1273 | int plen, dlen, nlen, ulen, elen; |
1274 | #ifdef HAVE_LIBPAM | ||
1275 | int pam_retval; | ||
1276 | #endif /* HAVE_LIBPAM */ | ||
1268 | 1277 | ||
1269 | /* Indicate that authentication is needed. */ | 1278 | /* Indicate that authentication is needed. */ |
1270 | packet_start(SSH_SMSG_FAILURE); | 1279 | packet_start(SSH_SMSG_FAILURE); |
@@ -1435,18 +1444,18 @@ do_authloop(struct passwd *pw) | |||
1435 | packet_integrity_check(plen, 4 + dlen, type); | 1444 | packet_integrity_check(plen, 4 + dlen, type); |
1436 | 1445 | ||
1437 | #ifdef HAVE_LIBPAM | 1446 | #ifdef HAVE_LIBPAM |
1438 | /* Do PAM auth with password */ | 1447 | /* Do PAM auth with password */ |
1439 | pampasswd = password; | 1448 | pampasswd = password; |
1440 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); | 1449 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); |
1441 | if (pam_retval == PAM_SUCCESS) | 1450 | if (pam_retval == PAM_SUCCESS) |
1442 | { | 1451 | { |
1443 | log("PAM Password authentication accepted for user \"%.100s\"", user); | 1452 | log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); |
1444 | authenticated = 1; | 1453 | authenticated = 1; |
1445 | break; | 1454 | break; |
1446 | } | 1455 | } |
1447 | 1456 | ||
1448 | log("PAM Password authentication for \"%.100s\" failed: %s", | 1457 | log("PAM Password authentication for \"%.100s\" failed: %s", |
1449 | user, pam_strerror((pam_handle_t *)pamh, pam_retval)); | 1458 | pw->pw_name, pam_strerror((pam_handle_t *)pamh, pam_retval)); |
1450 | break; | 1459 | break; |
1451 | #else /* HAVE_LIBPAM */ | 1460 | #else /* HAVE_LIBPAM */ |
1452 | /* Try authentication with the password. */ | 1461 | /* Try authentication with the password. */ |