Patch for Digital Unix SIA authentication

Chris Adams cmadams at hiwaay.net
Mon Oct 16 08:30:04 EST 2000 

A while back, I sent in a patch that added Digital Unix SIA
authentication to OpenSSH.  Well, I just figured out that it didn't
handle everything correctly (locked accounts could still log in).  I
thought I had checked that, but I guess I missed it.

Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-------------- next part --------------
diff -urN openssh-2.2.0p1-dist/Makefile.in openssh-2.2.0p1/Makefile.in
--- openssh-2.2.0p1-dist/Makefile.in	Tue Aug 22 19:46:23 2000
+++ openssh-2.2.0p1/Makefile.in	Sat Oct 14 19:34:08 2000
@@ -40,7 +40,7 @@
 
 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
 
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o
+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o
 
 TROFFMAN	= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8
 CATMAN		= scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh.0 sshd.0
diff -urN openssh-2.2.0p1-dist/auth-sia.c openssh-2.2.0p1/auth-sia.c
--- openssh-2.2.0p1-dist/auth-sia.c	Wed Dec 31 18:00:00 1969
+++ openssh-2.2.0p1/auth-sia.c	Sat Oct 14 21:24:19 2000
@@ -0,0 +1,34 @@
+#include "includes.h"
+
+#ifdef HAVE_OSF_SIA
+#include "ssh.h"
+
+#include <sia.h>
+#include <siad.h>
+
+extern int saved_argc;
+extern char **saved_argv;
+
+int
+auth_sia_password (user, pass)
+	char *user;
+	char *pass;
+{
+	SIAENTITY *ent = NULL;
+	int ret;
+
+	if (sia_ses_init (&ent, saved_argc, saved_argv,
+	    get_canonical_hostname(), user, NULL, 0, NULL) != SIASUCCESS)
+		return 0;
+	if ((ret = sia_ses_authent (NULL, pass, ent)) != SIASUCCESS) {
+		if (ret & SIASTOP)
+			sia_ses_release (&ent);
+		return 0;
+	}
+	if (sia_ses_estab (NULL, ent) != SIASUCCESS)
+		return 0;
+	sia_ses_release (&ent);
+	return 1;
+}
+
+#endif /* HAVE_OSF_SIA */
diff -urN openssh-2.2.0p1-dist/auth1.c openssh-2.2.0p1/auth1.c
--- openssh-2.2.0p1-dist/auth1.c	Tue Aug 22 19:46:23 2000
+++ openssh-2.2.0p1/auth1.c	Sat Oct 14 19:31:56 2000
@@ -18,18 +18,9 @@
 #include "auth.h"
 #include "session.h"
 
-#ifdef HAVE_OSF_SIA
-# include <sia.h>
-# include <siad.h>
-#endif
-
 /* import */
 extern ServerOptions options;
 extern char *forced_command;
-#ifdef HAVE_OSF_SIA
-extern int saved_argc;
-extern char **saved_argv;
-#endif /* HAVE_OSF_SIA */
 
 /*
  * convert ssh auth msg type into description
@@ -310,11 +301,7 @@
 			authenticated = auth_pam_password(pw, password);
 #elif defined(HAVE_OSF_SIA)
 			/* Do SIA auth with password */
-			if (sia_validate_user(NULL, saved_argc, saved_argv, 
-				get_canonical_hostname(), pw->pw_name, NULL, 0, 
-				NULL, password) == SIASUCCESS) {
-				authenticated = 1;
-			}
+			authenticated = auth_sia_password(pw->pw_name, password);
 #else /* !USE_PAM && !HAVE_OSF_SIA */
 			/* Try authentication with the password. */
 			authenticated = auth_password(pw, password);
@@ -508,9 +495,7 @@
 #ifdef USE_PAM
 	    auth_pam_password(pw, "")) {
 #elif defined(HAVE_OSF_SIA)
-	    (sia_validate_user(NULL, saved_argc, saved_argv, 
-	    get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, 
-	    "") == SIASUCCESS)) {
+	    auth_sia_password(pw->pw_name, "")) {
 #else /* !HAVE_OSF_SIA && !USE_PAM */
 	    auth_password(pw, "")) {
 #endif /* USE_PAM */
diff -urN openssh-2.2.0p1-dist/auth2.c openssh-2.2.0p1/auth2.c
--- openssh-2.2.0p1-dist/auth2.c	Tue Aug 22 19:46:24 2000
+++ openssh-2.2.0p1/auth2.c	Sat Oct 14 19:32:47 2000
@@ -56,11 +56,6 @@
 #include "uidswap.h"
 #include "auth-options.h"
 
-#ifdef HAVE_OSF_SIA
-# include <sia.h>
-# include <siad.h>
-#endif
-
 /* import */
 extern ServerOptions options;
 extern unsigned char *session_id2;
@@ -249,19 +244,12 @@
 int
 ssh2_auth_none(struct passwd *pw)
 {
-#ifdef HAVE_OSF_SIA
-	extern int saved_argc;
-	extern char **saved_argv;
-#endif
-
 	packet_done();
 
 #ifdef USE_PAM
 	return auth_pam_password(pw, "");
 #elif defined(HAVE_OSF_SIA)
-	return(sia_validate_user(NULL, saved_argc, saved_argv, 
-		get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, 
-		"") == SIASUCCESS);
+	return auth_sia_password(pw->pw_name, "");
 #else /* !HAVE_OSF_SIA && !USE_PAM */
 	return auth_password(pw, "");
 #endif /* USE_PAM */
@@ -273,10 +261,6 @@
 	int authenticated = 0;
 	int change;
 	unsigned int len;
-#ifdef HAVE_OSF_SIA
-	extern int saved_argc;
-	extern char **saved_argv;
-#endif
 	change = packet_get_char();
 	if (change)
 		log("password change not supported");
@@ -286,9 +270,7 @@
 #ifdef USE_PAM
 	    auth_pam_password(pw, password) == 1)
 #elif defined(HAVE_OSF_SIA)
-	    sia_validate_user(NULL, saved_argc, saved_argv, 
-		 	get_canonical_hostname(), pw->pw_name, NULL, 0, 
-			NULL, password) == SIASUCCESS)
+	    auth_sia_password(pw->pw_name, password) == 1)
 #else /* !USE_PAM && !HAVE_OSF_SIA */
 	    auth_password(pw, password) == 1)
 #endif /* USE_PAM */
diff -urN openssh-2.2.0p1-dist/ssh.h openssh-2.2.0p1/ssh.h
--- openssh-2.2.0p1-dist/ssh.h	Tue Aug 22 19:46:25 2000
+++ openssh-2.2.0p1/ssh.h	Sat Oct 14 19:31:56 2000
@@ -561,4 +561,8 @@
 #include "auth-pam.h"
 #endif /* USE_PAM */
 
+#ifdef HAVE_OSF_SIA
+int	auth_sia_password(char *user, char *pass);
+#endif
+
 #endif				/* SSH_H */

More information about the openssh-unix-dev mailing list