OpenSSH 2.3.0p1 port to BSDI BSD/OS

David J. MacKenzie djm at web.us.uu.net
Sat Feb 17 08:38:03 EST 2001


> this should work on BSD/OS, too, but i did not yet test.

It compiles on BSD/OS 4.0.1 when applied to the CVS version.
However I see a few shortcomings:

> --- auth-passwd.c	2001/02/12 16:16:23	1.21
> +++ auth-passwd.c	2001/02/16 21:15:50
> @@ -61,6 +61,12 @@
>  		return 0;
>  	if (*password == '\0' && options.permit_empty_passwd == 0)
>  		return 0;
> +#ifdef BSD_AUTH
> +	if (auth_userokay(pw->pw_name, NULL, "auth-ssh", (char *)password) == 0)
> +		return 0;
> +	else
> +		return 1;
> +#endif
>  
>  #ifdef KRB4
>  	if (options.kerberos_authentication == 1) {

That ignores any style specified by the user.
As in, "ssh -l djm:skey host" or "-l djm:passwd".
The NULL should be authctxt->style, except that the auth context
isn't passed to that function.

> Index: session.c
> @@ -837,8 +833,13 @@
>  			    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
>  				perror("unable to set user context");
>  				exit(1);
> -
>  			}
> +#ifdef BSD_AUTH
> +			if (auth_approval(NULL, lc, pw->pw_name, "auth-ssh") <= 0) {
> +				perror("Approval failure");
> +				exit(1);
> +			}
> +#endif
>  #else
>  			if (setlogin(pw->pw_name) < 0)
>  				error("setlogin failed: %s", strerror(errno));

The arg to auth_approval shouldn't start with "auth-" on BSD/OS.
It should be either just "ssh" or "approve-ssh", because auth_approval()
does this:

       if (!type)
                type = LOGIN_DEFSERVICE;
        else {
                if (strncmp(type, "approve-", 8) == 0)
                        type += 8;
 
                snprintf(path, sizeof(path), "approve-%s", type);
        }





More information about the openssh-unix-dev mailing list