OpenSSH 2.3.0p1 port to BSDI BSD/OS

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Sat Feb 17 08:21:47 EST 2001 

this patch adds support for BSD_AUTH to openssh

it's against OpenBSD' current cvs and will be probably
integrated if BSD_AUTH is in the openbsd tree.

this should work on BSD/OS, too, but i did not yet test.

Index: auth-chall.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth-chall.c,v
retrieving revision 1.4
diff -u -r1.4 auth-chall.c
--- auth-chall.c	2001/02/04 15:32:22	1.4
+++ auth-chall.c	2001/02/05 18:12:48
@@ -26,7 +26,47 @@
 RCSID("$OpenBSD: auth-chall.c,v 1.4 2001/02/04 15:32:22 stevesk Exp $");
 
 #include "auth.h"
+#include "log.h"
 
+#ifdef BSD_AUTH
+char *
+get_challenge(Authctxt *authctxt, char *devs)
+{
+	char *challenge;
+
+	if (authctxt->as != NULL) {
+		debug("try reuse session");
+		challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+		if (challenge != NULL) {
+			debug2("reuse bsd auth session");
+			return challenge;
+		}
+		auth_close(authctxt->as);
+		authctxt->as = NULL;
+	}
+	debug2("new bsd auth session");
+	if (devs && strlen(devs) == 0)
+		devs = NULL;
+	authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh",
+	    &challenge);
+        if (authctxt->as == NULL)
+                return NULL;
+	debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY");
+	return challenge;
+}
+int
+verify_response(Authctxt *authctxt, char *response)
+{
+	int authok;
+
+	if (authctxt->as == 0)
+		error("verify_response: no bsd auth session");
+	authok = auth_userresponse(authctxt->as, response, 0);
+	authctxt->as = NULL;
+	debug("verify_response: <%s> = <%d>", response, authok);
+	return authok != 0;
+}
+#else
 #ifdef SKEY
 #include <skey.h>
 
@@ -59,4 +99,5 @@
 {
 	return 0;
 }
+#endif
 #endif
Index: auth-passwd.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth-passwd.c,v
retrieving revision 1.21
diff -u -r1.21 auth-passwd.c
--- auth-passwd.c	2001/02/12 16:16:23	1.21
+++ auth-passwd.c	2001/02/16 21:15:50
@@ -61,6 +61,12 @@
 		return 0;
 	if (*password == '\0' && options.permit_empty_passwd == 0)
 		return 0;
+#ifdef BSD_AUTH
+	if (auth_userokay(pw->pw_name, NULL, "auth-ssh", (char *)password) == 0)
+		return 0;
+	else
+		return 1;
+#endif
 
 #ifdef KRB4
 	if (options.kerberos_authentication == 1) {
Index: auth.h
===================================================================
RCS file: /home/markus/cvs/ssh/auth.h,v
retrieving revision 1.11
diff -u -r1.11 auth.h
--- auth.h	2001/02/12 16:16:23	1.11
+++ auth.h	2001/02/16 21:15:50
@@ -28,6 +28,13 @@
 
 #include <openssl/rsa.h>
 
+#ifdef HAVE_LOGIN_CAP
+#include <login_cap.h>
+#endif
+#ifdef BSD_AUTH
+#include <bsd_auth.h>
+#endif
+
 typedef struct Authctxt Authctxt;
 struct Authctxt {
 	int success;
@@ -39,6 +46,9 @@
 	char *service;
 	struct passwd *pw;
 	char *style;
+#ifdef BSD_AUTH
+	auth_session_t *as;
+#endif
 };
 
 /*
Index: auth1.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth1.c,v
retrieving revision 1.17
diff -u -r1.17 auth1.c
--- auth1.c	2001/02/13 22:49:40	1.17
+++ auth1.c	2001/02/16 21:15:50
@@ -284,6 +284,12 @@
 			log("Unknown message during authentication: type %d", type);
 			break;
 		}
+#ifdef BSD_AUTH
+		if (authctxt->as) {
+			auth_close(authctxt->as);
+			authctxt->as = NULL;
+		}
+#endif
 		if (!authctxt->valid && authenticated)
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);
Index: auth2.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth2.c,v
retrieving revision 1.42
diff -u -r1.42 auth2.c
--- auth2.c	2001/02/13 22:49:40	1.42
+++ auth2.c	2001/02/16 21:15:51
@@ -208,6 +208,12 @@
 	/* reset state */
 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
 	authctxt->postponed = 0;
+#ifdef BSD_AUTH
+	if (authctxt->as) {
+		auth_close(authctxt->as);
+		authctxt->as = NULL;
+	}
+#endif
 
 	/* try to authenticate user */
 	m = authmethod_lookup(method);
Index: session.c
===================================================================
RCS file: /home/markus/cvs/ssh/session.c,v
retrieving revision 1.56
diff -u -r1.56 session.c
--- session.c	2001/02/16 14:03:43	1.56
+++ session.c	2001/02/16 21:15:54
@@ -58,10 +58,6 @@
 #include "canohost.h"
 #include "session.h"
 
-#ifdef HAVE_LOGIN_CAP
-#include <login_cap.h>
-#endif
-
 /* types */
 
 #define TTYSZ 64
@@ -837,8 +833,13 @@
 			    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
 				perror("unable to set user context");
 				exit(1);
-
 			}
+#ifdef BSD_AUTH
+			if (auth_approval(NULL, lc, pw->pw_name, "auth-ssh") <= 0) {
+				perror("Approval failure");
+				exit(1);
+			}
+#endif
 #else
 			if (setlogin(pw->pw_name) < 0)
 				error("setlogin failed: %s", strerror(errno));
Index: sshd/Makefile
===================================================================
RCS file: /home/markus/cvs/ssh/sshd/Makefile,v
retrieving revision 1.35
diff -u -r1.35 Makefile
--- sshd/Makefile	2001/01/29 01:58:23	1.35
+++ sshd/Makefile	2001/01/31 17:32:43
@@ -7,7 +7,7 @@
 BINMODE=555
 BINDIR=	/usr/sbin
 MAN=	sshd.8
-CFLAGS+=-DHAVE_LOGIN_CAP
+CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
 
 SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
 	pty.c log-server.c login.c servconf.c serverloop.c \

More information about the openssh-unix-dev mailing list