diff options
-rw-r--r-- | CREDITS | 1 | ||||
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | acconfig.h | 3 | ||||
-rw-r--r-- | auth-passwd.c | 6 | ||||
-rw-r--r-- | auth1.c | 19 | ||||
-rw-r--r-- | auth2.c | 27 | ||||
-rw-r--r-- | bsd-snprintf.c | 2 | ||||
-rw-r--r-- | bsd-snprintf.h | 2 | ||||
-rw-r--r-- | configure.in | 14 | ||||
-rw-r--r-- | session.c | 24 | ||||
-rw-r--r-- | sshd.c | 2 |
11 files changed, 95 insertions, 9 deletions
@@ -13,6 +13,7 @@ Ben Lindstrom <mouring@pconline.com> - NeXT support | |||
13 | Ben Taylor <bent@clark.net> - Solaris debugging and fixes | 13 | Ben Taylor <bent@clark.net> - Solaris debugging and fixes |
14 | Bratislav ILICH <bilic@zepter.ru> - Configure fix | 14 | Bratislav ILICH <bilic@zepter.ru> - Configure fix |
15 | Chip Salzenberg <chip@valinux.com> - Assorted patches | 15 | Chip Salzenberg <chip@valinux.com> - Assorted patches |
16 | Chris Adams <cmadams@hiwaay.net> - OSF SIA support | ||
16 | Chris Saia <csaia@wtower.com> - SuSE packaging | 17 | Chris Saia <csaia@wtower.com> - SuSE packaging |
17 | Chris, the Young One <cky@pobox.com> - Password auth fixes | 18 | Chris, the Young One <cky@pobox.com> - Password auth fixes |
18 | Christos Zoulas <christos@zoulas.com> - Autoconf fixes | 19 | Christos Zoulas <christos@zoulas.com> - Autoconf fixes |
@@ -4,7 +4,9 @@ | |||
4 | - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for | 4 | - (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for |
5 | Irix 6.x array sessions, project id's, and system audit trail id. | 5 | Irix 6.x array sessions, project id's, and system audit trail id. |
6 | - (djm) Added 'distprep' make target to simplify packaging | 6 | - (djm) Added 'distprep' make target to simplify packaging |
7 | 7 | - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA | |
8 | support. Enable using "USE_SIA=1 ./configure [options]" | ||
9 | |||
8 | 20000627 | 10 | 20000627 |
9 | - (djm) Fixes to login code - not setting li->uid, cleanups | 11 | - (djm) Fixes to login code - not setting li->uid, cleanups |
10 | - (djm) Formatting | 12 | - (djm) Formatting |
diff --git a/acconfig.h b/acconfig.h index 0a042587f..6f375212c 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -148,6 +148,9 @@ | |||
148 | /* Define if you want have trusted HPUX */ | 148 | /* Define if you want have trusted HPUX */ |
149 | #undef HAVE_HPUX_TRUSTED_SYSTEM_PW | 149 | #undef HAVE_HPUX_TRUSTED_SYSTEM_PW |
150 | 150 | ||
151 | /* Define if you have Digital Unix Security Integration Architecture */ | ||
152 | #undef HAVE_OSF_SIA | ||
153 | |||
151 | /* Define if you have getpwanam(3) [SunOS 4.x] */ | 154 | /* Define if you have getpwanam(3) [SunOS 4.x] */ |
152 | #undef HAVE_GETPWANAM | 155 | #undef HAVE_GETPWANAM |
153 | 156 | ||
diff --git a/auth-passwd.c b/auth-passwd.c index d722122c7..93756e9e6 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -9,10 +9,10 @@ | |||
9 | 9 | ||
10 | #include "includes.h" | 10 | #include "includes.h" |
11 | 11 | ||
12 | #ifndef USE_PAM | ||
13 | |||
14 | RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $"); | 12 | RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $"); |
15 | 13 | ||
14 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) | ||
15 | |||
16 | #include "packet.h" | 16 | #include "packet.h" |
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "servconf.h" | 18 | #include "servconf.h" |
@@ -139,4 +139,4 @@ auth_password(struct passwd * pw, const char *password) | |||
139 | /* Authentication is accepted if the encrypted passwords are identical. */ | 139 | /* Authentication is accepted if the encrypted passwords are identical. */ |
140 | return (strcmp(encrypted_password, pw_password) == 0); | 140 | return (strcmp(encrypted_password, pw_password) == 0); |
141 | } | 141 | } |
142 | #endif /* !USE_PAM */ | 142 | #endif /* !USE_PAM && !HAVE_OSF_SIA */ |
@@ -18,6 +18,11 @@ RCSID("$OpenBSD: auth1.c,v 1.2 2000/04/29 18:11:52 markus Exp $"); | |||
18 | #include "auth.h" | 18 | #include "auth.h" |
19 | #include "session.h" | 19 | #include "session.h" |
20 | 20 | ||
21 | #ifdef HAVE_OSF_SIA | ||
22 | # include <sia.h> | ||
23 | # include <siad.h> | ||
24 | #endif | ||
25 | |||
21 | /* import */ | 26 | /* import */ |
22 | extern ServerOptions options; | 27 | extern ServerOptions options; |
23 | extern char *forced_command; | 28 | extern char *forced_command; |
@@ -141,6 +146,10 @@ do_authloop(struct passwd * pw) | |||
141 | unsigned int ulen; | 146 | unsigned int ulen; |
142 | int type = 0; | 147 | int type = 0; |
143 | void (*authlog) (const char *fmt,...) = verbose; | 148 | void (*authlog) (const char *fmt,...) = verbose; |
149 | #ifdef HAVE_OSF_SIA | ||
150 | extern int saved_argc; | ||
151 | extern char **saved_argv; | ||
152 | #endif /* HAVE_OSF_SIA */ | ||
144 | 153 | ||
145 | /* Indicate that authentication is needed. */ | 154 | /* Indicate that authentication is needed. */ |
146 | packet_start(SSH_SMSG_FAILURE); | 155 | packet_start(SSH_SMSG_FAILURE); |
@@ -299,7 +308,15 @@ do_authloop(struct passwd * pw) | |||
299 | #ifdef USE_PAM | 308 | #ifdef USE_PAM |
300 | /* Do PAM auth with password */ | 309 | /* Do PAM auth with password */ |
301 | authenticated = auth_pam_password(pw, password); | 310 | authenticated = auth_pam_password(pw, password); |
302 | #else /* USE_PAM */ | 311 | #elif defined(HAVE_OSF_SIA) |
312 | /* Do SIA auth with password */ | ||
313 | host = get_canonical_hostname(); | ||
314 | if (sia_validate_user(NULL, saved_argc, saved_argv, | ||
315 | get_canonical_hostname(), pw->pw_name, NULL, 0, | ||
316 | NULL, password) == SIASUCCESS) { | ||
317 | authenticated = 1; | ||
318 | } | ||
319 | #else /* !USE_PAM && !HAVE_OSF_SIA */ | ||
303 | /* Try authentication with the password. */ | 320 | /* Try authentication with the password. */ |
304 | authenticated = auth_password(pw, password); | 321 | authenticated = auth_password(pw, password); |
305 | #endif /* USE_PAM */ | 322 | #endif /* USE_PAM */ |
@@ -56,6 +56,11 @@ RCSID("$OpenBSD: auth2.c,v 1.11 2000/06/19 00:50:11 markus Exp $"); | |||
56 | #include "uidswap.h" | 56 | #include "uidswap.h" |
57 | #include "auth-options.h" | 57 | #include "auth-options.h" |
58 | 58 | ||
59 | #ifdef HAVE_OSF_SIA | ||
60 | # include <sia.h> | ||
61 | # include <siad.h> | ||
62 | #endif | ||
63 | |||
59 | /* import */ | 64 | /* import */ |
60 | extern ServerOptions options; | 65 | extern ServerOptions options; |
61 | extern unsigned char *session_id2; | 66 | extern unsigned char *session_id2; |
@@ -244,10 +249,20 @@ input_userauth_request(int type, int plen) | |||
244 | int | 249 | int |
245 | ssh2_auth_none(struct passwd *pw) | 250 | ssh2_auth_none(struct passwd *pw) |
246 | { | 251 | { |
252 | #ifdef HAVE_OSF_SIA | ||
253 | extern int saved_argc; | ||
254 | extern char **saved_argv; | ||
255 | #endif | ||
256 | |||
247 | packet_done(); | 257 | packet_done(); |
258 | |||
248 | #ifdef USE_PAM | 259 | #ifdef USE_PAM |
249 | return auth_pam_password(pw, ""); | 260 | return auth_pam_password(pw, ""); |
250 | #else /* USE_PAM */ | 261 | #elif defined(HAVE_OSF_SIA) |
262 | return(sia_validate_user(NULL, saved_argc, saved_argv, | ||
263 | get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, | ||
264 | "") == SIASUCCESS); | ||
265 | #else /* !HAVE_OSF_SIA && !USE_PAM */ | ||
251 | return auth_password(pw, ""); | 266 | return auth_password(pw, ""); |
252 | #endif /* USE_PAM */ | 267 | #endif /* USE_PAM */ |
253 | } | 268 | } |
@@ -258,6 +273,10 @@ ssh2_auth_password(struct passwd *pw) | |||
258 | int authenticated = 0; | 273 | int authenticated = 0; |
259 | int change; | 274 | int change; |
260 | unsigned int len; | 275 | unsigned int len; |
276 | #ifdef HAVE_OSF_SIA | ||
277 | extern int saved_argc; | ||
278 | extern char **saved_argv; | ||
279 | #endif | ||
261 | change = packet_get_char(); | 280 | change = packet_get_char(); |
262 | if (change) | 281 | if (change) |
263 | log("password change not supported"); | 282 | log("password change not supported"); |
@@ -266,7 +285,11 @@ ssh2_auth_password(struct passwd *pw) | |||
266 | if (options.password_authentication && | 285 | if (options.password_authentication && |
267 | #ifdef USE_PAM | 286 | #ifdef USE_PAM |
268 | auth_pam_password(pw, password) == 1) | 287 | auth_pam_password(pw, password) == 1) |
269 | #else /* USE_PAM */ | 288 | #elif defined(HAVE_OSF_SIA) |
289 | sia_validate_user(NULL, saved_argc, saved_argv, | ||
290 | get_canonical_hostname(), pw->pw_name, NULL, 0, | ||
291 | NULL, password) == SIASUCCESS) | ||
292 | #else /* !USE_PAM && !HAVE_OSF_SIA */ | ||
270 | auth_password(pw, password) == 1) | 293 | auth_password(pw, password) == 1) |
271 | #endif /* USE_PAM */ | 294 | #endif /* USE_PAM */ |
272 | authenticated = 1; | 295 | authenticated = 1; |
diff --git a/bsd-snprintf.c b/bsd-snprintf.c index 69534ecf1..c31fc38d6 100644 --- a/bsd-snprintf.c +++ b/bsd-snprintf.c | |||
@@ -126,7 +126,7 @@ vsnprintf(str, n, fmt, ap) | |||
126 | char *str; | 126 | char *str; |
127 | size_t n; | 127 | size_t n; |
128 | char *fmt; | 128 | char *fmt; |
129 | va_list *ap; | 129 | va_list ap; |
130 | { | 130 | { |
131 | struct sigaction osa, nsa; | 131 | struct sigaction osa, nsa; |
132 | char *p; | 132 | char *p; |
diff --git a/bsd-snprintf.h b/bsd-snprintf.h index 8f244604c..6be2047e1 100644 --- a/bsd-snprintf.h +++ b/bsd-snprintf.h | |||
@@ -10,7 +10,7 @@ int snprintf(char *str, size_t n, char const *fmt, ...); | |||
10 | #endif /* !HAVE_SNPRINTF */ | 10 | #endif /* !HAVE_SNPRINTF */ |
11 | 11 | ||
12 | #ifndef HAVE_VSNPRINTF | 12 | #ifndef HAVE_VSNPRINTF |
13 | int vsnprintf(char *str, size_t n, char *fmt, va_list *ap); | 13 | int vsnprintf(char *str, size_t n, char *fmt, va_list ap); |
14 | #endif /* !HAVE_SNPRINTF */ | 14 | #endif /* !HAVE_SNPRINTF */ |
15 | 15 | ||
16 | 16 | ||
diff --git a/configure.in b/configure.in index c1bcb3424..4dd08c71a 100644 --- a/configure.in +++ b/configure.in | |||
@@ -150,6 +150,20 @@ case "$host" in | |||
150 | LIBS="$LIBS -lgen -lsocket" | 150 | LIBS="$LIBS -lgen -lsocket" |
151 | no_dev_ptmx=1 | 151 | no_dev_ptmx=1 |
152 | ;; | 152 | ;; |
153 | *-dec-osf*) | ||
154 | # This is untested | ||
155 | if test ! -z "USE_SIA" ; then | ||
156 | AC_MSG_CHECKING(for Digital Unix Security Integration Architecture) | ||
157 | if test -f /etc/sia/matrix.conf; then | ||
158 | AC_MSG_RESULT(yes) | ||
159 | AC_DEFINE(HAVE_OSF_SIA) | ||
160 | AC_DEFINE(DISABLE_LOGIN) | ||
161 | LIBS="$LIBS -lsecurity -ldb -lm -laud" | ||
162 | else | ||
163 | AC_MSG_RESULT(no) | ||
164 | fi | ||
165 | fi | ||
166 | ;; | ||
153 | esac | 167 | esac |
154 | 168 | ||
155 | # Allow user to specify flags | 169 | # Allow user to specify flags |
@@ -32,6 +32,11 @@ RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $"); | |||
32 | #include <proj.h> | 32 | #include <proj.h> |
33 | #endif /* WITH_IRIX_PROJECT */ | 33 | #endif /* WITH_IRIX_PROJECT */ |
34 | 34 | ||
35 | #ifdef HAVE_OSF_SIA | ||
36 | # include <sia.h> | ||
37 | # include <siad.h> | ||
38 | #endif | ||
39 | |||
35 | /* types */ | 40 | /* types */ |
36 | 41 | ||
37 | #define TTYSZ 64 | 42 | #define TTYSZ 64 |
@@ -823,14 +828,32 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
823 | } | 828 | } |
824 | #endif /* USE_PAM */ | 829 | #endif /* USE_PAM */ |
825 | 830 | ||
831 | #ifndef HAVE_OSF_SIA | ||
826 | /* Set login name in the kernel. */ | 832 | /* Set login name in the kernel. */ |
827 | if (setlogin(pw->pw_name) < 0) | 833 | if (setlogin(pw->pw_name) < 0) |
828 | error("setlogin failed: %s", strerror(errno)); | 834 | error("setlogin failed: %s", strerror(errno)); |
835 | #endif | ||
829 | 836 | ||
830 | /* Set uid, gid, and groups. */ | 837 | /* Set uid, gid, and groups. */ |
831 | /* Login(1) does this as well, and it needs uid 0 for the "-h" | 838 | /* Login(1) does this as well, and it needs uid 0 for the "-h" |
832 | switch, so we let login(1) to this for us. */ | 839 | switch, so we let login(1) to this for us. */ |
833 | if (!options.use_login) { | 840 | if (!options.use_login) { |
841 | #ifdef HAVE_OSF_SIA | ||
842 | extern char **saved_argv; | ||
843 | extern int saved_argc; | ||
844 | char *host = get_canonical_hostname (); | ||
845 | |||
846 | if (sia_become_user(NULL, saved_argc, saved_argv, host, | ||
847 | pw->pw_name, ttyname, 0, NULL, NULL, SIA_BEU_SETLUID) != | ||
848 | SIASUCCESS) { | ||
849 | perror("sia_become_user"); | ||
850 | exit(1); | ||
851 | } | ||
852 | if (setreuid(geteuid(), geteuid()) < 0) { | ||
853 | perror("setreuid"); | ||
854 | exit(1); | ||
855 | } | ||
856 | #else /* HAVE_OSF_SIA */ | ||
834 | if (getuid() == 0 || geteuid() == 0) { | 857 | if (getuid() == 0 || geteuid() == 0) { |
835 | if (setgid(pw->pw_gid) < 0) { | 858 | if (setgid(pw->pw_gid) < 0) { |
836 | perror("setgid"); | 859 | perror("setgid"); |
@@ -867,6 +890,7 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
867 | } | 890 | } |
868 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 891 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
869 | fatal("Failed to set uids to %d.", (int) pw->pw_uid); | 892 | fatal("Failed to set uids to %d.", (int) pw->pw_uid); |
893 | #endif /* HAVE_OSF_SIA */ | ||
870 | } | 894 | } |
871 | /* | 895 | /* |
872 | * Get the shell from the password data. An empty shell field is | 896 | * Get the shell from the password data. An empty shell field is |
@@ -88,6 +88,7 @@ char *av0; | |||
88 | 88 | ||
89 | /* Saved arguments to main(). */ | 89 | /* Saved arguments to main(). */ |
90 | char **saved_argv; | 90 | char **saved_argv; |
91 | int saved_argc; | ||
91 | 92 | ||
92 | /* | 93 | /* |
93 | * The sockets that the server is listening; this is used in the SIGHUP | 94 | * The sockets that the server is listening; this is used in the SIGHUP |
@@ -422,6 +423,7 @@ main(int ac, char **av) | |||
422 | int listen_sock, maxfd; | 423 | int listen_sock, maxfd; |
423 | 424 | ||
424 | /* Save argv[0]. */ | 425 | /* Save argv[0]. */ |
426 | saved_argc = ac; | ||
425 | saved_argv = av; | 427 | saved_argv = av; |
426 | if (strchr(av[0], '/')) | 428 | if (strchr(av[0], '/')) |
427 | av0 = strrchr(av[0], '/') + 1; | 429 | av0 = strrchr(av[0], '/') + 1; |