183d2307dSDag-Erling Smørgrav /* 283d2307dSDag-Erling Smørgrav * Copyright (c) 2002 Chris Adams. All rights reserved. 383d2307dSDag-Erling Smørgrav * 483d2307dSDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 583d2307dSDag-Erling Smørgrav * modification, are permitted provided that the following conditions 683d2307dSDag-Erling Smørgrav * are met: 783d2307dSDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright 883d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer. 983d2307dSDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright 1083d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the 1183d2307dSDag-Erling Smørgrav * documentation and/or other materials provided with the distribution. 1283d2307dSDag-Erling Smørgrav * 1383d2307dSDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1483d2307dSDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1583d2307dSDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1683d2307dSDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1783d2307dSDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1883d2307dSDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1983d2307dSDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2083d2307dSDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2183d2307dSDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2283d2307dSDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2383d2307dSDag-Erling Smørgrav */ 2483d2307dSDag-Erling Smørgrav 2583d2307dSDag-Erling Smørgrav #include "includes.h" 2683d2307dSDag-Erling Smørgrav 2783d2307dSDag-Erling Smørgrav #ifdef HAVE_OSF_SIA 2883d2307dSDag-Erling Smørgrav #include <sia.h> 2983d2307dSDag-Erling Smørgrav #include <siad.h> 3083d2307dSDag-Erling Smørgrav #include <pwd.h> 3183d2307dSDag-Erling Smørgrav #include <signal.h> 3283d2307dSDag-Erling Smørgrav #include <setjmp.h> 3383d2307dSDag-Erling Smørgrav #include <sys/resource.h> 3483d2307dSDag-Erling Smørgrav #include <unistd.h> 35761efaa7SDag-Erling Smørgrav #include <stdarg.h> 3683d2307dSDag-Erling Smørgrav #include <string.h> 3783d2307dSDag-Erling Smørgrav 38761efaa7SDag-Erling Smørgrav #include "ssh.h" 39761efaa7SDag-Erling Smørgrav #include "key.h" 40761efaa7SDag-Erling Smørgrav #include "hostfile.h" 41761efaa7SDag-Erling Smørgrav #include "auth.h" 42761efaa7SDag-Erling Smørgrav #include "auth-sia.h" 43761efaa7SDag-Erling Smørgrav #include "log.h" 44761efaa7SDag-Erling Smørgrav #include "servconf.h" 45761efaa7SDag-Erling Smørgrav #include "canohost.h" 46761efaa7SDag-Erling Smørgrav #include "uidswap.h" 47761efaa7SDag-Erling Smørgrav 4883d2307dSDag-Erling Smørgrav extern ServerOptions options; 4983d2307dSDag-Erling Smørgrav extern int saved_argc; 5083d2307dSDag-Erling Smørgrav extern char **saved_argv; 5183d2307dSDag-Erling Smørgrav 5283d2307dSDag-Erling Smørgrav int 534518870cSDag-Erling Smørgrav sys_auth_passwd(Authctxt *authctxt, const char *pass) 5483d2307dSDag-Erling Smørgrav { 5583d2307dSDag-Erling Smørgrav int ret; 5683d2307dSDag-Erling Smørgrav SIAENTITY *ent = NULL; 5783d2307dSDag-Erling Smørgrav const char *host; 5883d2307dSDag-Erling Smørgrav 59d95e11bfSDag-Erling Smørgrav host = get_canonical_hostname(options.use_dns); 6083d2307dSDag-Erling Smørgrav 61d95e11bfSDag-Erling Smørgrav if (!authctxt->user || pass == NULL || pass[0] == '\0') 6283d2307dSDag-Erling Smørgrav return (0); 6383d2307dSDag-Erling Smørgrav 64d0c8c0bcSDag-Erling Smørgrav if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, 65d0c8c0bcSDag-Erling Smørgrav NULL, 0, NULL) != SIASUCCESS) 6683d2307dSDag-Erling Smørgrav return (0); 6783d2307dSDag-Erling Smørgrav 6883d2307dSDag-Erling Smørgrav if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { 69d95e11bfSDag-Erling Smørgrav error("Couldn't authenticate %s from %s", 70d95e11bfSDag-Erling Smørgrav authctxt->user, host); 7183d2307dSDag-Erling Smørgrav if (ret & SIASTOP) 7283d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 73d95e11bfSDag-Erling Smørgrav 7483d2307dSDag-Erling Smørgrav return (0); 7583d2307dSDag-Erling Smørgrav } 7683d2307dSDag-Erling Smørgrav 7783d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 7883d2307dSDag-Erling Smørgrav 7983d2307dSDag-Erling Smørgrav return (1); 8083d2307dSDag-Erling Smørgrav } 8183d2307dSDag-Erling Smørgrav 8283d2307dSDag-Erling Smørgrav void 83d0c8c0bcSDag-Erling Smørgrav session_setup_sia(struct passwd *pw, char *tty) 8483d2307dSDag-Erling Smørgrav { 8583d2307dSDag-Erling Smørgrav SIAENTITY *ent = NULL; 8683d2307dSDag-Erling Smørgrav const char *host; 8783d2307dSDag-Erling Smørgrav 88d95e11bfSDag-Erling Smørgrav host = get_canonical_hostname(options.use_dns); 8983d2307dSDag-Erling Smørgrav 90d95e11bfSDag-Erling Smørgrav if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, 91d95e11bfSDag-Erling Smørgrav tty, 0, NULL) != SIASUCCESS) 9283d2307dSDag-Erling Smørgrav fatal("sia_ses_init failed"); 9383d2307dSDag-Erling Smørgrav 9483d2307dSDag-Erling Smørgrav if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { 9583d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 9683d2307dSDag-Erling Smørgrav fatal("sia_make_entity_pwd failed"); 9783d2307dSDag-Erling Smørgrav } 9883d2307dSDag-Erling Smørgrav 9983d2307dSDag-Erling Smørgrav ent->authtype = SIA_A_NONE; 100d0c8c0bcSDag-Erling Smørgrav if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) 101d0c8c0bcSDag-Erling Smørgrav fatal("Couldn't establish session for %s from %s", 102d0c8c0bcSDag-Erling Smørgrav pw->pw_name, host); 103d0c8c0bcSDag-Erling Smørgrav 104d0c8c0bcSDag-Erling Smørgrav if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) 105d95e11bfSDag-Erling Smørgrav fatal("Couldn't launch session for %s from %s", 106d95e11bfSDag-Erling Smørgrav pw->pw_name, host); 10783d2307dSDag-Erling Smørgrav 10883d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 10983d2307dSDag-Erling Smørgrav 110efcad6b7SDag-Erling Smørgrav setuid(0); 111efcad6b7SDag-Erling Smørgrav permanently_set_uid(pw); 11283d2307dSDag-Erling Smørgrav } 11383d2307dSDag-Erling Smørgrav 11483d2307dSDag-Erling Smørgrav #endif /* HAVE_OSF_SIA */ 115