183d2307dSDag-Erling Smørgrav /* 283d2307dSDag-Erling Smørgrav * Copyright (c) 2002 Chris Adams. All rights reserved. 383d2307dSDag-Erling Smørgrav * 483d2307dSDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 583d2307dSDag-Erling Smørgrav * modification, are permitted provided that the following conditions 683d2307dSDag-Erling Smørgrav * are met: 783d2307dSDag-Erling Smørgrav * 1. Redistributions of source code must retain the above copyright 883d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer. 983d2307dSDag-Erling Smørgrav * 2. Redistributions in binary form must reproduce the above copyright 1083d2307dSDag-Erling Smørgrav * notice, this list of conditions and the following disclaimer in the 1183d2307dSDag-Erling Smørgrav * documentation and/or other materials provided with the distribution. 1283d2307dSDag-Erling Smørgrav * 1383d2307dSDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1483d2307dSDag-Erling Smørgrav * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1583d2307dSDag-Erling Smørgrav * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1683d2307dSDag-Erling Smørgrav * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1783d2307dSDag-Erling Smørgrav * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1883d2307dSDag-Erling Smørgrav * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1983d2307dSDag-Erling Smørgrav * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2083d2307dSDag-Erling Smørgrav * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2183d2307dSDag-Erling Smørgrav * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2283d2307dSDag-Erling Smørgrav * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2383d2307dSDag-Erling Smørgrav */ 2483d2307dSDag-Erling Smørgrav 2583d2307dSDag-Erling Smørgrav #include "includes.h" 2683d2307dSDag-Erling Smørgrav 2783d2307dSDag-Erling Smørgrav #ifdef HAVE_OSF_SIA 2883d2307dSDag-Erling Smørgrav #include "ssh.h" 2983d2307dSDag-Erling Smørgrav #include "auth.h" 3083d2307dSDag-Erling Smørgrav #include "auth-sia.h" 3183d2307dSDag-Erling Smørgrav #include "log.h" 3283d2307dSDag-Erling Smørgrav #include "servconf.h" 3383d2307dSDag-Erling Smørgrav #include "canohost.h" 3483d2307dSDag-Erling Smørgrav 3583d2307dSDag-Erling Smørgrav #include <sia.h> 3683d2307dSDag-Erling Smørgrav #include <siad.h> 3783d2307dSDag-Erling Smørgrav #include <pwd.h> 3883d2307dSDag-Erling Smørgrav #include <signal.h> 3983d2307dSDag-Erling Smørgrav #include <setjmp.h> 4083d2307dSDag-Erling Smørgrav #include <sys/resource.h> 4183d2307dSDag-Erling Smørgrav #include <unistd.h> 4283d2307dSDag-Erling Smørgrav #include <string.h> 4383d2307dSDag-Erling Smørgrav 4483d2307dSDag-Erling Smørgrav extern ServerOptions options; 4583d2307dSDag-Erling Smørgrav extern int saved_argc; 4683d2307dSDag-Erling Smørgrav extern char **saved_argv; 4783d2307dSDag-Erling Smørgrav 4883d2307dSDag-Erling Smørgrav int 4983d2307dSDag-Erling Smørgrav auth_sia_password(Authctxt *authctxt, char *pass) 5083d2307dSDag-Erling Smørgrav { 5183d2307dSDag-Erling Smørgrav int ret; 5283d2307dSDag-Erling Smørgrav SIAENTITY *ent = NULL; 5383d2307dSDag-Erling Smørgrav const char *host; 5483d2307dSDag-Erling Smørgrav 5583d2307dSDag-Erling Smørgrav host = get_canonical_hostname(options.verify_reverse_mapping); 5683d2307dSDag-Erling Smørgrav 57d0c8c0bcSDag-Erling Smørgrav if (!authctxt->user || !pass || pass[0] == '\0') 5883d2307dSDag-Erling Smørgrav return(0); 5983d2307dSDag-Erling Smørgrav 60d0c8c0bcSDag-Erling Smørgrav if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, 61d0c8c0bcSDag-Erling Smørgrav NULL, 0, NULL) != SIASUCCESS) 6283d2307dSDag-Erling Smørgrav return(0); 6383d2307dSDag-Erling Smørgrav 6483d2307dSDag-Erling Smørgrav if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { 65d0c8c0bcSDag-Erling Smørgrav error("Couldn't authenticate %s from %s", authctxt->user, 66d0c8c0bcSDag-Erling Smørgrav host); 6783d2307dSDag-Erling Smørgrav if (ret & SIASTOP) 6883d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 6983d2307dSDag-Erling Smørgrav return(0); 7083d2307dSDag-Erling Smørgrav } 7183d2307dSDag-Erling Smørgrav 7283d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 7383d2307dSDag-Erling Smørgrav 7483d2307dSDag-Erling Smørgrav return(1); 7583d2307dSDag-Erling Smørgrav } 7683d2307dSDag-Erling Smørgrav 7783d2307dSDag-Erling Smørgrav void 78d0c8c0bcSDag-Erling Smørgrav session_setup_sia(struct passwd *pw, char *tty) 7983d2307dSDag-Erling Smørgrav { 8083d2307dSDag-Erling Smørgrav SIAENTITY *ent = NULL; 8183d2307dSDag-Erling Smørgrav const char *host; 8283d2307dSDag-Erling Smørgrav 8383d2307dSDag-Erling Smørgrav host = get_canonical_hostname(options.verify_reverse_mapping); 8483d2307dSDag-Erling Smørgrav 85d0c8c0bcSDag-Erling Smørgrav if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty, 86d0c8c0bcSDag-Erling Smørgrav 0, NULL) != SIASUCCESS) 8783d2307dSDag-Erling Smørgrav fatal("sia_ses_init failed"); 8883d2307dSDag-Erling Smørgrav 8983d2307dSDag-Erling Smørgrav if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { 9083d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 9183d2307dSDag-Erling Smørgrav fatal("sia_make_entity_pwd failed"); 9283d2307dSDag-Erling Smørgrav } 9383d2307dSDag-Erling Smørgrav 9483d2307dSDag-Erling Smørgrav ent->authtype = SIA_A_NONE; 95d0c8c0bcSDag-Erling Smørgrav if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) 96d0c8c0bcSDag-Erling Smørgrav fatal("Couldn't establish session for %s from %s", 97d0c8c0bcSDag-Erling Smørgrav pw->pw_name, host); 98d0c8c0bcSDag-Erling Smørgrav 99d0c8c0bcSDag-Erling Smørgrav if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) 100d0c8c0bcSDag-Erling Smørgrav fatal("Couldn't launch session for %s from %s", pw->pw_name, 10183d2307dSDag-Erling Smørgrav host); 10283d2307dSDag-Erling Smørgrav 10383d2307dSDag-Erling Smørgrav sia_ses_release(&ent); 10483d2307dSDag-Erling Smørgrav 105d0c8c0bcSDag-Erling Smørgrav if (setreuid(geteuid(), geteuid()) < 0) 10683d2307dSDag-Erling Smørgrav fatal("setreuid: %s", strerror(errno)); 10783d2307dSDag-Erling Smørgrav } 10883d2307dSDag-Erling Smørgrav 10983d2307dSDag-Erling Smørgrav #endif /* HAVE_OSF_SIA */ 110