OPIE support patch

Tue Jun 5 07:46:52 EST 2001

Previously Wichert Akkerman wrote:
> I just cobbled up a little patch to add support for OPIE to
> OpenSSH. Currently untested, but feedback is welcome.

Figures that the first draft doesn't work, new patch is below.
Don't forget to run autoheader and autoconf before trying.

Wichert.

diff -wur org/openssh-2.5.2p2/acconfig.h openssh-2.5.2p2/acconfig.h

--- org/openssh-2.5.2p2/acconfig.h	Sat Mar 17 02:15:38 2001
+++ openssh-2.5.2p2/acconfig.h	Mon Jun  4 17:40:16 2001
@@ -184,6 +184,9 @@
 /* Define if you want AFS support */
 #undef AFS
 
+/* Define if you want OPIE support */
+#undef OPIE
+
 /* Define if you want S/Key support */
 #undef SKEY
 
diff -wur org/openssh-2.5.2p2/auth-chall.c openssh-2.5.2p2/auth-chall.c
--- org/openssh-2.5.2p2/auth-chall.c	Mon Mar  5 07:59:27 2001
+++ openssh-2.5.2p2/auth-chall.c	Mon Jun  4 23:40:55 2001
@@ -67,7 +67,7 @@
 	debug("verify_response: <%s> = <%d>", response, authok);
 	return authok != 0;
 }
-#else
+#else /* BSD_AUTH */
 #ifdef SKEY
 #include <skey.h>
 
@@ -88,6 +88,28 @@
 	    skey_haskey(authctxt->pw->pw_name) == 0 &&
 	    skey_passcheck(authctxt->pw->pw_name, response) != -1);
 }
+#else /* SKEY */
+#ifdef OPIE
+#include <opie.h>
+
+char *
+get_challenge(Authctxt *authctxt, char *devs)
+{
+	static char challenge[OPIE_CHALLENGE_MAX+64];
+	if (opiechallenge(&authctxt->opie_data, authctxt->user, challenge) != 0) {
+		debug2("opiechallenge failed");
+
+		return NULL;
+	}
+	strlcat(challenge, "\nOPIE Password: ", sizeof challenge);
+	return challenge;
+}
+int
+verify_response(Authctxt *authctxt, char *response)
+{
+	return authctxt->valid && !opieverify(&authctxt->opie_data, response);
+}
+
 #else
 /* not available */
 char *
@@ -101,4 +123,5 @@
 	return 0;
 }
 #endif
-#endif
+#endif /* !SKEY */
+#endif /* !BSD_AUTH */
diff -wur org/openssh-2.5.2p2/auth.h openssh-2.5.2p2/auth.h
--- org/openssh-2.5.2p2/auth.h	Mon Mar  5 06:56:41 2001
+++ openssh-2.5.2p2/auth.h	Mon Jun  4 17:40:16 2001
@@ -35,6 +35,10 @@
 #include <bsd_auth.h>
 #endif
 
+#ifdef OPIE
+#include <opie.h>
+#endif
+
 typedef struct Authctxt Authctxt;
 struct Authctxt {
 	int success;
@@ -48,6 +52,9 @@
 	char *style;
 #ifdef BSD_AUTH
 	auth_session_t *as;
+#endif
+#ifdef OPIE
+	struct opie opie_data;
 #endif
 };
 
diff -wur org/openssh-2.5.2p2/configure.in openssh-2.5.2p2/configure.in
--- org/openssh-2.5.2p2/configure.in	Mon Mar 19 00:09:28 2001
+++ openssh-2.5.2p2/configure.in	Mon Jun  4 17:40:16 2001
@@ -473,6 +473,31 @@
 )
 LIBS="$LIBS $KLIBS"
 
+# Check whether user wants OPIE support
+OPIE_MSG="no" 
+AC_ARG_WITH(opie,
+	[  --with-opie=PATH         Enable OPIE support],
+	[
+		if test "x$withval" != "xno" ; then
+
+			if test "x$withval" != "xyes" ; then
+				CPPFLAGS="$CPPFLAGS -I${withval}/include"
+				LDFLAGS="$LDFLAGS -L${withval}/lib"
+			fi
+
+			AC_DEFINE(OPIE)
+			LIBS="-lopie $LIBS"
+			OPIE_MSG="yes" 
+	
+			AC_CHECK_FUNC(opiechallenge,
+				[],
+				[
+					AC_MSG_ERROR([** Incomplete or missing OPIE libraries.])
+				])
+		fi
+	]
+)
+
 # Check whether user wants S/Key support
 SKEY_MSG="no" 
 AC_ARG_WITH(skey,

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert at cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

