OpenSSH 2.3.0p1 port to BSDI BSD/OS

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Sun Feb 18 07:03:43 EST 2001


hi,

could you please try this, does kerberos+password work?
does skey work? does user:style work with challenge-
reposnse in ssh1 and ssh2?

thanks,
-m

Index: auth-chall.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth-chall.c,v
retrieving revision 1.4
diff -u -r1.4 auth-chall.c
--- auth-chall.c	2001/02/04 15:32:22	1.4
+++ auth-chall.c	2001/02/17 19:15:46
@@ -26,7 +26,48 @@
 RCSID("$OpenBSD: auth-chall.c,v 1.4 2001/02/04 15:32:22 stevesk Exp $");
 
 #include "auth.h"
+#include "log.h"
 
+#ifdef BSD_AUTH
+char *
+get_challenge(Authctxt *authctxt, char *devs)
+{
+	char *challenge;
+
+	if (authctxt->as != NULL) {
+		debug2("try reuse session");
+		challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+		if (challenge != NULL) {
+			debug2("reuse bsd auth session");
+			return challenge;
+		}
+		auth_close(authctxt->as);
+		authctxt->as = NULL;
+	}
+	debug2("new bsd auth session");
+	if (devs == NULL || strlen(devs) == 0)
+		devs = authctxt->style;
+	debug3("bsd auth: devs %s", devs ? devs : "<default>");
+	authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh",
+	    &challenge);
+        if (authctxt->as == NULL)
+                return NULL;
+	debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY");
+	return challenge;
+}
+int
+verify_response(Authctxt *authctxt, char *response)
+{
+	int authok;
+
+	if (authctxt->as == 0)
+		error("verify_response: no bsd auth session");
+	authok = auth_userresponse(authctxt->as, response, 0);
+	authctxt->as = NULL;
+	debug("verify_response: <%s> = <%d>", response, authok);
+	return authok != 0;
+}
+#else
 #ifdef SKEY
 #include <skey.h>
 
@@ -59,4 +100,5 @@
 {
 	return 0;
 }
+#endif
 #endif
Index: auth-passwd.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth-passwd.c,v
retrieving revision 1.21
diff -u -r1.21 auth-passwd.c
--- auth-passwd.c	2001/02/12 16:16:23	1.21
+++ auth-passwd.c	2001/02/16 22:41:12
@@ -44,14 +44,17 @@
 #include "servconf.h"
 #include "auth.h"
 
+
+extern ServerOptions options;
+
 /*
  * Tries to authenticate the user using password.  Returns true if
  * authentication succeeds.
  */
 int
-auth_password(struct passwd * pw, const char *password)
+auth_password(Authctxt *authctxt, const char *password)
 {
-	extern ServerOptions options;
+	struct passwd * pw = authctxt->pw;
 	char *encrypted_password;
 
 	/* deny if no user. */
@@ -61,6 +64,13 @@
 		return 0;
 	if (*password == '\0' && options.permit_empty_passwd == 0)
 		return 0;
+#ifdef BSD_AUTH
+	if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
+	    (char *)password) == 0)
+		return 0;
+	else
+		return 1;
+#endif
 
 #ifdef KRB4
 	if (options.kerberos_authentication == 1) {
Index: auth.h
===================================================================
RCS file: /home/markus/cvs/ssh/auth.h,v
retrieving revision 1.11
diff -u -r1.11 auth.h
--- auth.h	2001/02/12 16:16:23	1.11
+++ auth.h	2001/02/16 22:41:25
@@ -28,6 +28,13 @@
 
 #include <openssl/rsa.h>
 
+#ifdef HAVE_LOGIN_CAP
+#include <login_cap.h>
+#endif
+#ifdef BSD_AUTH
+#include <bsd_auth.h>
+#endif
+
 typedef struct Authctxt Authctxt;
 struct Authctxt {
 	int success;
@@ -39,6 +46,9 @@
 	char *service;
 	struct passwd *pw;
 	char *style;
+#ifdef BSD_AUTH
+	auth_session_t *as;
+#endif
 };
 
 /*
@@ -59,7 +69,7 @@
  * Tries to authenticate the user using password.  Returns true if
  * authentication succeeds.
  */
-int     auth_password(struct passwd * pw, const char *password);
+int     auth_password(Authctxt *authctxt, const char *password);
 
 /*
  * Performs the RSA authentication dialog with the client.  This returns 0 if
Index: auth1.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth1.c,v
retrieving revision 1.17
diff -u -r1.17 auth1.c
--- auth1.c	2001/02/13 22:49:40	1.17
+++ auth1.c	2001/02/16 22:55:47
@@ -83,7 +83,7 @@
 #ifdef KRB4
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
-	    auth_password(pw, "")) {
+	    auth_password(authctxt, "")) {
 		auth_log(authctxt, 1, "without authentication", "");
 		return;
 	}
@@ -244,7 +244,7 @@
 			packet_integrity_check(plen, 4 + dlen, type);
 
 			/* Try authentication with the password. */
-			authenticated = auth_password(pw, password);
+			authenticated = auth_password(authctxt, password);
 
 			memset(password, 0, strlen(password));
 			xfree(password);
@@ -284,6 +284,12 @@
 			log("Unknown message during authentication: type %d", type);
 			break;
 		}
+#ifdef BSD_AUTH
+		if (authctxt->as) {
+			auth_close(authctxt->as);
+			authctxt->as = NULL;
+		}
+#endif
 		if (!authctxt->valid && authenticated)
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);
Index: auth2.c
===================================================================
RCS file: /home/markus/cvs/ssh/auth2.c,v
retrieving revision 1.42
diff -u -r1.42 auth2.c
--- auth2.c	2001/02/13 22:49:40	1.42
+++ auth2.c	2001/02/16 22:41:52
@@ -208,6 +208,12 @@
 	/* reset state */
 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &protocol_error);
 	authctxt->postponed = 0;
+#ifdef BSD_AUTH
+	if (authctxt->as) {
+		auth_close(authctxt->as);
+		authctxt->as = NULL;
+	}
+#endif
 
 	/* try to authenticate user */
 	m = authmethod_lookup(method);
@@ -305,7 +311,7 @@
 		m->enabled = NULL;
 	packet_done();
 	userauth_banner();
-	return authctxt->valid ? auth_password(authctxt->pw, "") : 0;
+	return authctxt->valid ? auth_password(authctxt, "") : 0;
 }
 
 int
@@ -321,7 +327,7 @@
 	password = packet_get_string(&len);
 	packet_done();
 	if (authctxt->valid &&
-	    auth_password(authctxt->pw, password) == 1)
+	    auth_password(authctxt, password) == 1)
 		authenticated = 1;
 	memset(password, 0, len);
 	xfree(password);
Index: session.c
===================================================================
RCS file: /home/markus/cvs/ssh/session.c,v
retrieving revision 1.56
diff -u -r1.56 session.c
--- session.c	2001/02/16 14:03:43	1.56
+++ session.c	2001/02/16 21:15:54
@@ -58,10 +58,6 @@
 #include "canohost.h"
 #include "session.h"
 
-#ifdef HAVE_LOGIN_CAP
-#include <login_cap.h>
-#endif
-
 /* types */
 
 #define TTYSZ 64
@@ -837,8 +833,13 @@
 			    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
 				perror("unable to set user context");
 				exit(1);
-
 			}
+#ifdef BSD_AUTH
+			if (auth_approval(NULL, lc, pw->pw_name, "auth-ssh") <= 0) {
+				perror("Approval failure");
+				exit(1);
+			}
+#endif
 #else
 			if (setlogin(pw->pw_name) < 0)
 				error("setlogin failed: %s", strerror(errno));
Index: sshd/Makefile
===================================================================
RCS file: /home/markus/cvs/ssh/sshd/Makefile,v
retrieving revision 1.35
diff -u -r1.35 Makefile
--- sshd/Makefile	2001/01/29 01:58:23	1.35
+++ sshd/Makefile	2001/01/31 17:32:43
@@ -7,7 +7,7 @@
 BINMODE=555
 BINDIR=	/usr/sbin
 MAN=	sshd.8
-CFLAGS+=-DHAVE_LOGIN_CAP
+CFLAGS+=-DHAVE_LOGIN_CAP -DBSD_AUTH
 
 SRCS=	sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
 	pty.c log-server.c login.c servconf.c serverloop.c \





More information about the openssh-unix-dev mailing list