tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 08:14:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) Merge BSD_AUTH support from Markus Friedl and David J. MacKenzie

Browse Source 
enable with --with-bsd-auth.
This commit is contained in:
Damien Miller 2001-02-18 17:01:00 +11:00
parent 75da9a9e72
commit 60396b060b
8 changed files with 109 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
acconfig.h
View File

@ -1,4 +1,4 @@
/* $Id: acconfig.h,v 1.101 2001/02/09 01:55:36 djm Exp $ */ /* $Id: acconfig.h,v 1.102 2001/02/18 06:01:00 djm Exp $ */
#ifndef _CONFIG_H #ifndef _CONFIG_H
#define _CONFIG_H #define _CONFIG_H
@ -290,6 +290,9 @@
/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ /* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
#undef IPV4_IN_IPV6 #undef IPV4_IN_IPV6
/* Define if you have BSD auth support */
#undef BSD_AUTH
@BOTTOM@ @BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */ /* ******************* Shouldn't need to edit below this line ************** */

42
auth-chall.c
View File

@ -26,7 +26,48 @@
RCSID("$OpenBSD: auth-chall.c,v 1.4 2001/02/04 15:32:22 stevesk Exp $"); RCSID("$OpenBSD: auth-chall.c,v 1.4 2001/02/04 15:32:22 stevesk Exp $");
#include "auth.h" #include "auth.h"
#include "log.h"
#ifdef BSD_AUTH
char *
get_challenge(Authctxt *authctxt, char *devs)
{
char *challenge;
if (authctxt->as != NULL) {
debug2("try reuse session");
challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
if (challenge != NULL) {
debug2("reuse bsd auth session");
return challenge;
}
auth_close(authctxt->as);
authctxt->as = NULL;
}
debug2("new bsd auth session");
if (devs == NULL || strlen(devs) == 0)
devs = authctxt->style;
debug3("bsd auth: devs %s", devs ? devs : "<default>");
authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh",
&challenge);
if (authctxt->as == NULL)
return NULL;
debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY");
return challenge;
}
int
verify_response(Authctxt *authctxt, char *response)
{
int authok;
if (authctxt->as == 0)
error("verify_response: no bsd auth session");
authok = auth_userresponse(authctxt->as, response, 0);
authctxt->as = NULL;
debug("verify_response: <%s> = <%d>", response, authok);
return authok != 0;
}
#else
#ifdef SKEY #ifdef SKEY
#include <skey.h> #include <skey.h>
@ -60,3 +101,4 @@ verify_response(Authctxt *authctxt, char *response)
return 0; return 0;
} }
#endif #endif
#endif

14
auth-passwd.c
View File

@ -77,14 +77,17 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.21 2001/02/12 16:16:23 markus Exp $");
#define is_winnt (GetVersion() < 0x80000000) #define is_winnt (GetVersion() < 0x80000000)
#endif #endif
extern ServerOptions options;
/* /*
* Tries to authenticate the user using password. Returns true if * Tries to authenticate the user using password. Returns true if
* authentication succeeds. * authentication succeeds.
*/ */
int int
auth_password(struct passwd * pw, const char *password) auth_password(Authctxt *authctxt, const char *password)
{ {
extern ServerOptions options; struct passwd * pw = authctxt->pw;
char *encrypted_password; char *encrypted_password;
char *pw_password; char *pw_password;
char *salt; char *salt;
@ -122,6 +125,13 @@ auth_password(struct passwd * pw, const char *password)
#endif #endif
if (*password == '\0' && options.permit_empty_passwd == 0) if (*password == '\0' && options.permit_empty_passwd == 0)
return 0; return 0;
#ifdef BSD_AUTH
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
(char *)password) == 0)
return 0;
else
return 1;
#endif
#ifdef HAVE_CYGWIN #ifdef HAVE_CYGWIN
if (is_winnt) { if (is_winnt) {

12
auth.h
View File

@ -28,6 +28,13 @@
#include <openssl/rsa.h> #include <openssl/rsa.h>
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
#ifdef BSD_AUTH
#include <bsd_auth.h>
#endif
typedef struct Authctxt Authctxt; typedef struct Authctxt Authctxt;
struct Authctxt { struct Authctxt {
int success; int success;
@ -39,6 +46,9 @@ struct Authctxt {
char *service; char *service;
struct passwd *pw; struct passwd *pw;
char *style; char *style;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
}; };
/* /*
@ -59,7 +69,7 @@ auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_ke
* Tries to authenticate the user using password. Returns true if * Tries to authenticate the user using password. Returns true if
* authentication succeeds. * authentication succeeds.
*/ */
int auth_password(struct passwd * pw, const char *password); int auth_password(Authctxt *authctxt, const char *password);
/* /*
* Performs the RSA authentication dialog with the client. This returns 0 if * Performs the RSA authentication dialog with the client. This returns 0 if

10
auth1.c
View File

@ -92,7 +92,7 @@ do_authloop(Authctxt *authctxt)
#elif defined(HAVE_OSF_SIA) #elif defined(HAVE_OSF_SIA)
0) { 0) {
#else #else
auth_password(pw, "")) { auth_password(authctxt, "")) {
#endif #endif
auth_log(authctxt, 1, "without authentication", ""); auth_log(authctxt, 1, "without authentication", "");
return; return;
@ -262,7 +262,7 @@ do_authloop(Authctxt *authctxt)
password); password);
#else /* !USE_PAM && !HAVE_OSF_SIA */ #else /* !USE_PAM && !HAVE_OSF_SIA */
/* Try authentication with the password. */ /* Try authentication with the password. */
authenticated = auth_password(pw, password); authenticated = auth_password(authctxt, password);
#endif /* USE_PAM */ #endif /* USE_PAM */
memset(password, 0, strlen(password)); memset(password, 0, strlen(password));
@ -303,6 +303,12 @@ do_authloop(Authctxt *authctxt)
log("Unknown message during authentication: type %d", type); log("Unknown message during authentication: type %d", type);
break; break;
} }
#ifdef BSD_AUTH
if (authctxt->as) {
auth_close(authctxt->as);
authctxt->as = NULL;
}
#endif
if (!authctxt->valid && authenticated) if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s", fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user); authctxt->user);

10
auth2.c
View File

@ -218,6 +218,12 @@ input_userauth_request(int type, int plen, void *ctxt)
/* reset state */ /* reset state */
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error); dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
authctxt->postponed = 0; authctxt->postponed = 0;
#ifdef BSD_AUTH
if (authctxt->as) {
auth_close(authctxt->as);
authctxt->as = NULL;
}
#endif
/* try to authenticate user */ /* try to authenticate user */
m = authmethod_lookup(method); m = authmethod_lookup(method);
@ -341,7 +347,7 @@ userauth_none(Authctxt *authctxt)
#elif defined(HAVE_OSF_SIA) #elif defined(HAVE_OSF_SIA)
return 0; return 0;
#else /* !HAVE_OSF_SIA && !USE_PAM */ #else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(authctxt->pw, ""); return auth_password(authctxt, "");
#endif /* USE_PAM */ #endif /* USE_PAM */
} }
@ -366,7 +372,7 @@ userauth_passwd(Authctxt *authctxt)
#elif defined(HAVE_OSF_SIA) #elif defined(HAVE_OSF_SIA)
auth_sia_password(authctxt->user, password) == 1) auth_sia_password(authctxt->user, password) == 1)
#else /* !USE_PAM && !HAVE_OSF_SIA */ #else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(authctxt->pw, password) == 1) auth_password(authctxt, password) == 1)
#endif /* USE_PAM */ #endif /* USE_PAM */
authenticated = 1; authenticated = 1;
memset(password, 0, len); memset(password, 0, len);

18
configure.in
View File

@ -1,4 +1,4 @@
# $Id: configure.in,v 1.246 2001/02/18 04:29:29 djm Exp $ # $Id: configure.in,v 1.247 2001/02/18 06:01:00 djm Exp $
AC_INIT(ssh.c) AC_INIT(ssh.c)
@ -1411,6 +1411,17 @@ AC_ARG_WITH(4in6,
] ]
) )
# Whether to enable BSD auth support
AC_ARG_WITH(bsd-auth,
[ --with-bsd-auth Enable BSD auth support],
[
if test "x$withval" != "xno" ; then
AC_DEFINE(BSD_AUTH)
bsd_auth=yes
fi
]
)
AC_MSG_CHECKING(whether to install ssh as suid root) AC_MSG_CHECKING(whether to install ssh as suid root)
AC_ARG_ENABLE(suid-ssh, AC_ARG_ENABLE(suid-ssh,
[ --enable-suid-ssh Install ssh as suid root (default) [ --enable-suid-ssh Install ssh as suid root (default)
@ -1739,6 +1750,10 @@ echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Use IPv4 by default hack: $IPV4_HACK_MSG" echo " Use IPv4 by default hack: $IPV4_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
if test ! -z "$bsd_auth"; then
echo " BSD Auth support: yes"
fi
echo "" echo ""
echo " Host: ${host}" echo " Host: ${host}"
@ -1769,3 +1784,4 @@ if test ! -z "$NO_SFTP"; then
echo "64bit integers." echo "64bit integers."
echo "" echo ""
fi fi

11
session.c
View File

@ -89,10 +89,6 @@ RCSID("$OpenBSD: session.c,v 1.56 2001/02/16 14:03:43 markus Exp $");
# define S_UNOFILE_HARD S_UNOFILE "_hard" # define S_UNOFILE_HARD S_UNOFILE "_hard"
#endif #endif
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
/* types */ /* types */
#define TTYSZ 64 #define TTYSZ 64
@ -1071,6 +1067,13 @@ do_child(const char *command, struct passwd * pw, const char *term,
perror("unable to set user context"); perror("unable to set user context");
exit(1); exit(1);
} }
#ifdef BSD_AUTH
if (auth_approval(NULL, lc, pw->pw_name, "ssh") <= 0) {
error("approval failure for %s", pw->pw_name);
fprintf(stderr, "Approval failure");
exit(1);
}
#endif
# else /* HAVE_LOGIN_CAP */ # else /* HAVE_LOGIN_CAP */
if (setlogin(pw->pw_name) < 0) if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno)); error("setlogin failed: %s", strerror(errno));