Ben Taylor <bent@clark.net> - Solaris debugging and fixes
Bratislav ILICH <bilic@zepter.ru> - Configure fix
Chip Salzenberg <chip@valinux.com> - Assorted patches
+Chris Adams <cmadams@hiwaay.net> - OSF SIA support
Chris Saia <csaia@wtower.com> - SuSE packaging
Chris, the Young One <cky@pobox.com> - Password auth fixes
Christos Zoulas <christos@zoulas.com> - Autoconf fixes
- (djm) Patch from Michael Stone <mstone@cs.loyola.edu> to add support for
Irix 6.x array sessions, project id's, and system audit trail id.
- (djm) Added 'distprep' make target to simplify packaging
-
+ - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA
+ support. Enable using "USE_SIA=1 ./configure [options]"
+
20000627
- (djm) Fixes to login code - not setting li->uid, cleanups
- (djm) Formatting
/* Define if you want have trusted HPUX */
#undef HAVE_HPUX_TRUSTED_SYSTEM_PW
+/* Define if you have Digital Unix Security Integration Architecture */
+#undef HAVE_OSF_SIA
+
/* Define if you have getpwanam(3) [SunOS 4.x] */
#undef HAVE_GETPWANAM
#include "includes.h"
-#ifndef USE_PAM
-
RCSID("$OpenBSD: auth-passwd.c,v 1.16 2000/06/20 01:39:38 markus Exp $");
+#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
+
#include "packet.h"
#include "ssh.h"
#include "servconf.h"
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
}
-#endif /* !USE_PAM */
+#endif /* !USE_PAM && !HAVE_OSF_SIA */
#include "auth.h"
#include "session.h"
+#ifdef HAVE_OSF_SIA
+# include <sia.h>
+# include <siad.h>
+#endif
+
/* import */
extern ServerOptions options;
extern char *forced_command;
unsigned int ulen;
int type = 0;
void (*authlog) (const char *fmt,...) = verbose;
+#ifdef HAVE_OSF_SIA
+ extern int saved_argc;
+ extern char **saved_argv;
+#endif /* HAVE_OSF_SIA */
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);
#ifdef USE_PAM
/* Do PAM auth with password */
authenticated = auth_pam_password(pw, password);
-#else /* USE_PAM */
+#elif defined(HAVE_OSF_SIA)
+ /* Do SIA auth with password */
+ host = get_canonical_hostname();
+ if (sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(), pw->pw_name, NULL, 0,
+ NULL, password) == SIASUCCESS) {
+ authenticated = 1;
+ }
+#else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
#endif /* USE_PAM */
#include "uidswap.h"
#include "auth-options.h"
+#ifdef HAVE_OSF_SIA
+# include <sia.h>
+# include <siad.h>
+#endif
+
/* import */
extern ServerOptions options;
extern unsigned char *session_id2;
int
ssh2_auth_none(struct passwd *pw)
{
+#ifdef HAVE_OSF_SIA
+ extern int saved_argc;
+ extern char **saved_argv;
+#endif
+
packet_done();
+
#ifdef USE_PAM
return auth_pam_password(pw, "");
-#else /* USE_PAM */
+#elif defined(HAVE_OSF_SIA)
+ return(sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(), pw->pw_name, NULL, 0, NULL,
+ "") == SIASUCCESS);
+#else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(pw, "");
#endif /* USE_PAM */
}
int authenticated = 0;
int change;
unsigned int len;
+#ifdef HAVE_OSF_SIA
+ extern int saved_argc;
+ extern char **saved_argv;
+#endif
change = packet_get_char();
if (change)
log("password change not supported");
if (options.password_authentication &&
#ifdef USE_PAM
auth_pam_password(pw, password) == 1)
-#else /* USE_PAM */
+#elif defined(HAVE_OSF_SIA)
+ sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(), pw->pw_name, NULL, 0,
+ NULL, password) == SIASUCCESS)
+#else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(pw, password) == 1)
#endif /* USE_PAM */
authenticated = 1;
char *str;
size_t n;
char *fmt;
- va_list *ap;
+ va_list ap;
{
struct sigaction osa, nsa;
char *p;
#endif /* !HAVE_SNPRINTF */
#ifndef HAVE_VSNPRINTF
-int vsnprintf(char *str, size_t n, char *fmt, va_list *ap);
+int vsnprintf(char *str, size_t n, char *fmt, va_list ap);
#endif /* !HAVE_SNPRINTF */
LIBS="$LIBS -lgen -lsocket"
no_dev_ptmx=1
;;
+*-dec-osf*)
+# This is untested
+ if test ! -z "USE_SIA" ; then
+ AC_MSG_CHECKING(for Digital Unix Security Integration Architecture)
+ if test -f /etc/sia/matrix.conf; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_OSF_SIA)
+ AC_DEFINE(DISABLE_LOGIN)
+ LIBS="$LIBS -lsecurity -ldb -lm -laud"
+ else
+ AC_MSG_RESULT(no)
+ fi
+ fi
+ ;;
esac
# Allow user to specify flags
#include <proj.h>
#endif /* WITH_IRIX_PROJECT */
+#ifdef HAVE_OSF_SIA
+# include <sia.h>
+# include <siad.h>
+#endif
+
/* types */
#define TTYSZ 64
}
#endif /* USE_PAM */
+#ifndef HAVE_OSF_SIA
/* Set login name in the kernel. */
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
+#endif
/* Set uid, gid, and groups. */
/* Login(1) does this as well, and it needs uid 0 for the "-h"
switch, so we let login(1) to this for us. */
if (!options.use_login) {
+#ifdef HAVE_OSF_SIA
+ extern char **saved_argv;
+ extern int saved_argc;
+ char *host = get_canonical_hostname ();
+
+ if (sia_become_user(NULL, saved_argc, saved_argv, host,
+ pw->pw_name, ttyname, 0, NULL, NULL, SIA_BEU_SETLUID) !=
+ SIASUCCESS) {
+ perror("sia_become_user");
+ exit(1);
+ }
+ if (setreuid(geteuid(), geteuid()) < 0) {
+ perror("setreuid");
+ exit(1);
+ }
+#else /* HAVE_OSF_SIA */
if (getuid() == 0 || geteuid() == 0) {
if (setgid(pw->pw_gid) < 0) {
perror("setgid");
}
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %d.", (int) pw->pw_uid);
+#endif /* HAVE_OSF_SIA */
}
/*
* Get the shell from the password data. An empty shell field is
/* Saved arguments to main(). */
char **saved_argv;
+int saved_argc;
/*
* The sockets that the server is listening; this is used in the SIGHUP
int listen_sock, maxfd;
/* Save argv[0]. */
+ saved_argc = ac;
saved_argv = av;
if (strchr(av[0], '/'))
av0 = strrchr(av[0], '/') + 1;
andersk / openssh.git / commitdiff
