OPIE support patch

Mon Jun 4 02:50:02 EST 2001

I just cobbled up a little patch to add support for OPIE to
OpenSSH. Currently untested, but feedback is welcome.

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert at cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
-------------- next part --------------
diff -wur org/openssh-2.5.2p2/ChangeLog openssh-2.5.2p2/ChangeLog

--- org/openssh-2.5.2p2/ChangeLog	Thu Mar 22 06:04:12 2001
+++ openssh-2.5.2p2/ChangeLog	Sun Jun  3 18:37:17 2001
@@ -1,3 +1,6 @@
+20010603
+ - (wta) Add OPIE support
+
 20010322
  - (djm) Better AIX no tty fix, spotted by Gert Doering <gert at greenie.muc.de>
  - (djm) Released 2.5.2p2
diff -wur org/openssh-2.5.2p2/acconfig.h openssh-2.5.2p2/acconfig.h
--- org/openssh-2.5.2p2/acconfig.h	Sat Mar 17 02:15:38 2001
+++ openssh-2.5.2p2/acconfig.h	Sun Jun  3 18:36:47 2001
@@ -184,6 +184,9 @@
 /* Define if you want AFS support */
 #undef AFS
 
+/* Define if you want OPIE support */
+#undef OPIE
+
 /* Define if you want S/Key support */
 #undef SKEY
 
diff -wur org/openssh-2.5.2p2/auth-chall.c openssh-2.5.2p2/auth-chall.c
--- org/openssh-2.5.2p2/auth-chall.c	Mon Mar  5 07:59:27 2001
+++ openssh-2.5.2p2/auth-chall.c	Sun Jun  3 18:34:43 2001
@@ -67,7 +67,7 @@
 	debug("verify_response: <%s> = <%d>", response, authok);
 	return authok != 0;
 }
-#else
+#else /* BSD_AUTH */
 #ifdef SKEY
 #include <skey.h>
 
@@ -88,6 +88,25 @@
 	    skey_haskey(authctxt->pw->pw_name) == 0 &&
 	    skey_passcheck(authctxt->pw->pw_name, response) != -1);
 }
+#else /* SKEY */
+#ifdef OPIE
+#include <opie.h>
+
+char *
+get_challenge(Authctxt *authctxt, char *devs)
+{
+	static char challenge[OPIE_CHALLENGE_MAX+64];
+	if (opiechallenge(&authctxt->opie_data, authxtxt->user, challenge) != 0)
+		return NULL;
+	strlcat(challenge, "\nOPIE Password: ", sizeof challenge);
+	return challenge;
+}
+int
+verify_response(Authctxt *authctxt, char *response)
+{
+	return authctxt->valid && opieverify(&authctxt->opie_data, response);
+}
+
 #else
 /* not available */
 char *
@@ -100,5 +119,5 @@
 {
 	return 0;
 }
-#endif
-#endif
+#endif /* !SKEY */
+#endif /* !BSD_AUTH */
diff -wur org/openssh-2.5.2p2/auth.h openssh-2.5.2p2/auth.h
--- org/openssh-2.5.2p2/auth.h	Mon Mar  5 06:56:41 2001
+++ openssh-2.5.2p2/auth.h	Sun Jun  3 18:27:18 2001
@@ -35,6 +35,10 @@
 #include <bsd_auth.h>
 #endif
 
+#ifdef OPIE
+#include <opie.h>
+#endif
+
 typedef struct Authctxt Authctxt;
 struct Authctxt {
 	int success;
@@ -48,6 +52,9 @@
 	char *style;
 #ifdef BSD_AUTH
 	auth_session_t *as;
+#endif
+#ifdef OPIE
+	struct opie opiedata;
 #endif
 };
 
diff -wur org/openssh-2.5.2p2/configure.in openssh-2.5.2p2/configure.in
--- org/openssh-2.5.2p2/configure.in	Mon Mar 19 00:09:28 2001
+++ openssh-2.5.2p2/configure.in	Sun Jun  3 18:36:22 2001
@@ -473,6 +473,31 @@
 )
 LIBS="$LIBS $KLIBS"
 
+# Check whether user wants OPIE support
+OPIE_MSG="no" 
+AC_ARG_WITH(opie,
+	[  --with-opie=PATH         Enable OPIE support],
+	[
+		if test "x$withval" != "xno" ; then
+
+			if test "x$withval" != "xyes" ; then
+				CPPFLAGS="$CPPFLAGS -I${withval}/include"
+				LDFLAGS="$LDFLAGS -L${withval}/lib"
+			fi
+
+			AC_DEFINE(OPIE)
+			LIBS="-lopie $LIBS"
+			OPIE_MSG="yes" 
+	
+			AC_CHECK_FUNC(opiechallenge,
+				[],
+				[
+					AC_MSG_ERROR([** Incomplete or missing OPIE libraries.])
+				])
+		fi
+	]
+)
+
 # Check whether user wants S/Key support
 SKEY_MSG="no" 
 AC_ARG_WITH(skey,
