183d2307dSDag-Erling Smørgrav /* 283d2307dSDag-Erling Smørgrav * Copyright (c) 2002 Chris Adams. All rights reserved. 383d2307dSDag-Erling Smørgrav * 483d2307dSDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 583d2307dSDag-Erling Smørgrav * modification, are permitted provided that the following conditions 683d2307dSDag-Erling Smørgrav * are met: 783d2307dSDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright 883d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer. 983d2307dSDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright 1083d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the 1183d2307dSDag-Erling Smørgrav * documentation and/or other materials provided with the distribution. 1283d2307dSDag-Erling Smørgrav * 1383d2307dSDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1483d2307dSDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1583d2307dSDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1683d2307dSDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1783d2307dSDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1883d2307dSDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1983d2307dSDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2083d2307dSDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2183d2307dSDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2283d2307dSDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2383d2307dSDag-Erling Smørgrav */ 2483d2307dSDag-Erling Smørgrav 2583d2307dSDag-Erling Smørgrav #include "includes.h" 2683d2307dSDag-Erling Smørgrav 2783d2307dSDag-Erling Smørgrav #ifdef HAVE_OSF_SIA 2883d2307dSDag-Erling Smørgrav #include <sia.h> 2983d2307dSDag-Erling Smørgrav #include <siad.h> 3083d2307dSDag-Erling Smørgrav #include <pwd.h> 3183d2307dSDag-Erling Smørgrav #include <signal.h> 3283d2307dSDag-Erling Smørgrav #include <setjmp.h> 3383d2307dSDag-Erling Smørgrav #include <sys/resource.h> 3483d2307dSDag-Erling Smørgrav #include <unistd.h> 35761efaa7SDag-Erling Smørgrav #include <stdarg.h> 3683d2307dSDag-Erling Smørgrav #include <string.h> 3783d2307dSDag-Erling Smørgrav 38761efaa7SDag-Erling Smørgrav #include "ssh.h" 39*47dd1d1bSDag-Erling Smørgrav #include "ssh_api.h" 40761efaa7SDag-Erling Smørgrav #include "key.h" 41761efaa7SDag-Erling Smørgrav #include "hostfile.h" 42761efaa7SDag-Erling Smørgrav #include "auth.h" 43761efaa7SDag-Erling Smørgrav #include "auth-sia.h" 44761efaa7SDag-Erling Smørgrav #include "log.h" 45761efaa7SDag-Erling Smørgrav #include "servconf.h" 46761efaa7SDag-Erling Smørgrav #include "canohost.h" 47761efaa7SDag-Erling Smørgrav #include "uidswap.h" 48761efaa7SDag-Erling Smørgrav 4983d2307dSDag-Erling Smørgrav extern ServerOptions options; 5083d2307dSDag-Erling Smørgrav extern int saved_argc; 5183d2307dSDag-Erling Smørgrav extern char **saved_argv; 5283d2307dSDag-Erling Smørgrav 5383d2307dSDag-Erling Smørgrav int 54*47dd1d1bSDag-Erling Smørgrav sys_auth_passwd(struct ssh *ssh, const char *pass) 5583d2307dSDag-Erling Smørgrav { 5683d2307dSDag-Erling Smørgrav int ret; 5783d2307dSDag-Erling Smørgrav SIAENTITY *ent = NULL; 5883d2307dSDag-Erling Smørgrav const char *host; 59*47dd1d1bSDag-Erling Smørgrav Authctxt *authctxt = ssh->authctxt; 6083d2307dSDag-Erling Smørgrav 61d95e11bfSDag-Erling Smørgrav host = get_canonical_hostname(options.use_dns); 6283d2307dSDag-Erling Smørgrav 63d95e11bfSDag-Erling Smørgrav if (!authctxt->user || pass == NULL || pass[0] == '\0') 6483d2307dSDag-Erling Smørgrav return (0); 6583d2307dSDag-Erling Smørgrav 66d0c8c0bcSDag-Erling Smørgrav if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, 67d0c8c0bcSDag-Erling Smørgrav NULL, 0, NULL) != SIASUCCESS) 6883d2307dSDag-Erling Smørgrav return (0); 6983d2307dSDag-Erling Smørgrav 7083d2307dSDag-Erling Smørgrav if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { 71d95e11bfSDag-Erling Smørgrav error("Couldn't authenticate %s from %s", 72d95e11bfSDag-Erling Smørgrav authctxt->user, host); 7383d2307dSDag-Erling Smørgrav if (ret & SIASTOP) 7483d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 75d95e11bfSDag-Erling Smørgrav 7683d2307dSDag-Erling Smørgrav return (0); 7783d2307dSDag-Erling Smørgrav } 7883d2307dSDag-Erling Smørgrav 7983d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 8083d2307dSDag-Erling Smørgrav 8183d2307dSDag-Erling Smørgrav return (1); 8283d2307dSDag-Erling Smørgrav } 8383d2307dSDag-Erling Smørgrav 8483d2307dSDag-Erling Smørgrav void 85d0c8c0bcSDag-Erling Smørgrav session_setup_sia(struct passwd *pw, char *tty) 8683d2307dSDag-Erling Smørgrav { 8783d2307dSDag-Erling Smørgrav SIAENTITY *ent = NULL; 8883d2307dSDag-Erling Smørgrav const char *host; 8983d2307dSDag-Erling Smørgrav 90d95e11bfSDag-Erling Smørgrav host = get_canonical_hostname(options.use_dns); 9183d2307dSDag-Erling Smørgrav 92d95e11bfSDag-Erling Smørgrav if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, 93d95e11bfSDag-Erling Smørgrav tty, 0, NULL) != SIASUCCESS) 9483d2307dSDag-Erling Smørgrav fatal("sia_ses_init failed"); 9583d2307dSDag-Erling Smørgrav 9683d2307dSDag-Erling Smørgrav if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { 9783d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 9883d2307dSDag-Erling Smørgrav fatal("sia_make_entity_pwd failed"); 9983d2307dSDag-Erling Smørgrav } 10083d2307dSDag-Erling Smørgrav 10183d2307dSDag-Erling Smørgrav ent->authtype = SIA_A_NONE; 102d0c8c0bcSDag-Erling Smørgrav if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) 103d0c8c0bcSDag-Erling Smørgrav fatal("Couldn't establish session for %s from %s", 104d0c8c0bcSDag-Erling Smørgrav pw->pw_name, host); 105d0c8c0bcSDag-Erling Smørgrav 106d0c8c0bcSDag-Erling Smørgrav if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) 107d95e11bfSDag-Erling Smørgrav fatal("Couldn't launch session for %s from %s", 108d95e11bfSDag-Erling Smørgrav pw->pw_name, host); 10983d2307dSDag-Erling Smørgrav 11083d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 11183d2307dSDag-Erling Smørgrav 112efcad6b7SDag-Erling Smørgrav setuid(0); 113efcad6b7SDag-Erling Smørgrav permanently_set_uid(pw); 11483d2307dSDag-Erling Smørgrav } 11583d2307dSDag-Erling Smørgrav 11683d2307dSDag-Erling Smørgrav #endif /* HAVE_OSF_SIA */ 117