OpenSSH 2.3.0p1 port to BSDI BSD/OS
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Sun Feb 18 07:03:43 EST 2001
hi,
could you please try this, does kerberos+password work?
does skey work? does user:style work with challenge-
reposnse in ssh1 and ssh2?
thanks,
-m
Index: auth-chall.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth-chall.c,v
retrieving revision 1.4
diff -u -r1.4 auth-chall.c
--- auth-chall.c 2001/02/04 15:32:22 1.4
+++ auth-chall.c 2001/02/17 19:15:46
@@ -26,7 +26,48 @@
RCSID("$OpenBSD: auth-chall.c,v 1.4 2001/02/04 15:32:22 stevesk Exp $");
#include "auth.h"
+#include "log.h"
+#ifdef BSD_AUTH
+char *
+get_challenge(Authctxt *authctxt, char *devs)
+{
+ char *challenge;
+
+ if (authctxt->as != NULL) {
+ debug2("try reuse session");
+ challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+ if (challenge != NULL) {
+ debug2("reuse bsd auth session");
+ return challenge;
+ }
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+ debug2("new bsd auth session");
+ if (devs == NULL || strlen(devs) == 0)
+ devs = authctxt->style;
+ debug3("bsd auth: devs %s", devs ? devs : "<default>");
+ authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh",
+ &challenge);
+ if (authctxt->as == NULL)
+ return NULL;
+ debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY");
+ return challenge;
+}
+int
+verify_response(Authctxt *authctxt, char *response)
+{
+ int authok;
+
+ if (authctxt->as == 0)
+ error("verify_response: no bsd auth session");
+ authok = auth_userresponse(authctxt->as, response, 0);
+ authctxt->as = NULL;
+ debug("verify_response: <%s> = <%d>", response, authok);
+ return authok != 0;
+}
+#else
#ifdef SKEY
#include <skey.h>
@@ -59,4 +100,5 @@
{
return 0;
}
+#endif
#endif
Index: auth-passwd.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth-passwd.c,v
retrieving revision 1.21
diff -u -r1.21 auth-passwd.c
--- auth-passwd.c 2001/02/12 16:16:23 1.21
+++ auth-passwd.c 2001/02/16 22:41:12
@@ -44,14 +44,17 @@
#include "servconf.h"
#include "auth.h"
+
+extern ServerOptions options;
+
/*
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
int
-auth_password(struct passwd * pw, const char *password)
+auth_password(Authctxt *authctxt, const char *password)
{
- extern ServerOptions options;
+ struct passwd * pw = authctxt->pw;
char *encrypted_password;
/* deny if no user. */
@@ -61,6 +64,13 @@
return 0;
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
+#ifdef BSD_AUTH
+ if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
+ (char *)password) == 0)
+ return 0;
+ else
+ return 1;
+#endif
#ifdef KRB4
if (options.kerberos_authentication == 1) {
Index: auth.h
===================================================================
RCS file: /home/markus/cvs/ssh/auth.h,v
retrieving revision 1.11
diff -u -r1.11 auth.h
--- auth.h 2001/02/12 16:16:23 1.11
+++ auth.h 2001/02/16 22:41:25
@@ -28,6 +28,13 @@
#include <openssl/rsa.h>
+#ifdef HAVE_LOGIN_CAP
+#include <login_cap.h>
+#endif
+#ifdef BSD_AUTH
+#include <bsd_auth.h>
+#endif
+
typedef struct Authctxt Authctxt;
struct Authctxt {
int success;
@@ -39,6 +46,9 @@
char *service;
struct passwd *pw;
char *style;
+#ifdef BSD_AUTH
+ auth_session_t *as;
+#endif
};
/*
@@ -59,7 +69,7 @@
* Tries to authenticate the user using password. Returns true if
* authentication succeeds.
*/
-int auth_password(struct passwd * pw, const char *password);
+int auth_password(Authctxt *authctxt, const char *password);
/*
* Performs the RSA authentication dialog with the client. This returns 0 if
Index: auth1.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth1.c,v
retrieving revision 1.17
diff -u -r1.17 auth1.c
--- auth1.c 2001/02/13 22:49:40 1.17
+++ auth1.c 2001/02/16 22:55:47
@@ -83,7 +83,7 @@
#ifdef KRB4
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
- auth_password(pw, "")) {
+ auth_password(authctxt, "")) {
auth_log(authctxt, 1, "without authentication", "");
return;
}
@@ -244,7 +244,7 @@
packet_integrity_check(plen, 4 + dlen, type);
/* Try authentication with the password. */
- authenticated = auth_password(pw, password);
+ authenticated = auth_password(authctxt, password);
memset(password, 0, strlen(password));
xfree(password);
@@ -284,6 +284,12 @@
log("Unknown message during authentication: type %d", type);
break;
}
+#ifdef BSD_AUTH
+ if (authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+#endif
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
Index: auth2.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth2.c,v
retrieving revision 1.42
diff -u -r1.42 auth2.c
--- auth2.c 2001/02/13 22:49:40 1.42
+++ auth2.c 2001/02/16 22:41:52
@@ -208,6 +208,12 @@
/* reset state */
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
authctxt->postponed = 0;
+#ifdef BSD_AUTH
+ if (authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+#endif
/* try to authenticate user */
m = authmethod_lookup(method);
@@ -305,7 +311,7 @@
m->enabled = NULL;
packet_done();
userauth_banner();
- return authctxt->valid ? auth_password(authctxt->pw, "") : 0;
+ return authctxt->valid ? auth_password(authctxt, "") : 0;
}
int
@@ -321,7 +327,7 @@
password = packet_get_string(&len);
packet_done();
if (authctxt->valid &&
- auth_password(authctxt->pw, password) == 1)
+ auth_password(authctxt, password) == 1)
authenticated = 1;
memset(password, 0, len);
xfree(password);
Index: session.c
===================================================================
RCS file: /home/markus/cvs/ssh/session.c,v
retrieving revision 1.56
diff -u -r1.56 session.c
--- session.c 2001/02/16 14:03:43 1.56
+++ session.c 2001/02/16 21:15:54
@@ -58,10 +58,6 @@
#include "canohost.h"
#include "session.h"
-#ifdef HAVE_LOGIN_CAP
-#include <login_cap.h>
-#endif
-
/* types */
#define TTYSZ 64
@@ -837,8 +833,13 @@
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
perror("unable to set user context");
exit(1);
-
}
+#ifdef BSD_AUTH
+ if (auth_approval(NULL, lc, pw->pw_name, "auth-ssh") <= 0) {
+ perror("Approval failure");
+ exit(1);
+ }
+#endif
#else
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
Index: sshd/Makefile
===================================================================
RCS file: /home/markus/cvs/ssh/sshd/Makefile,v
retrieving revision 1.35
diff -u -r1.35 Makefile
--- sshd/Makefile 2001/01/29 01:58:23 1.35
+++ sshd/Makefile 2001/01/31 17:32:43
@@ -7,7 +7,7 @@
BINMODE=555
BINDIR= /usr/sbin
MAN= sshd.8
-CFLAGS+=-DHAVE_LOGIN_CAP
+CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
pty.c log-server.c login.c servconf.c serverloop.c \
More information about the openssh-unix-dev
mailing list