1bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman/* 2bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Copyright (c) 2002 Chris Adams. All rights reserved. 3bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 4bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * Redistribution and use in source and binary forms, with or without 5bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * modification, are permitted provided that the following conditions 6bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * are met: 7bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 1. Redistributions of source code must retain the above copyright 8bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * notice, this list of conditions and the following disclaimer. 9bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 2. Redistributions in binary form must reproduce the above copyright 10bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * notice, this list of conditions and the following disclaimer in the 11bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * documentation and/or other materials provided with the distribution. 12bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * 13bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman */ 24bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 25bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "includes.h" 26bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 27bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#ifdef HAVE_OSF_SIA 28bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sia.h> 29bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <siad.h> 30bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <pwd.h> 31bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <signal.h> 32bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <setjmp.h> 33bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <sys/resource.h> 34bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <unistd.h> 35bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <stdarg.h> 36bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include <string.h> 37bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 38bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "ssh.h" 39bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "key.h" 40bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "hostfile.h" 41bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "auth.h" 42bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "auth-sia.h" 43bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "log.h" 44bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "servconf.h" 45bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "canohost.h" 46bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#include "uidswap.h" 47bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 48bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanextern ServerOptions options; 49bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanextern int saved_argc; 50bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanextern char **saved_argv; 51bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 52bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanint 53bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmansys_auth_passwd(Authctxt *authctxt, const char *pass) 54bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 55bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman int ret; 56bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SIAENTITY *ent = NULL; 57bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman const char *host; 58bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 59bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman host = get_canonical_hostname(options.use_dns); 60bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 61bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (!authctxt->user || pass == NULL || pass[0] == '\0') 62bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 63bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 64bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, 65bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman NULL, 0, NULL) != SIASUCCESS) 66bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 67bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 68bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { 69bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman error("Couldn't authenticate %s from %s", 70bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman authctxt->user, host); 71bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (ret & SIASTOP) 72bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman sia_ses_release(&ent); 73bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 74bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (0); 75bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 76bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 77bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman sia_ses_release(&ent); 78bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 79bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman return (1); 80bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 81bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 82bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmanvoid 83bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartmansession_setup_sia(struct passwd *pw, char *tty) 84bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman{ 85bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman SIAENTITY *ent = NULL; 86bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman const char *host; 87bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 88bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman host = get_canonical_hostname(options.use_dns); 89bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 90bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, 91bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman tty, 0, NULL) != SIASUCCESS) 92bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("sia_ses_init failed"); 93bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 94bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { 95bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman sia_ses_release(&ent); 96bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("sia_make_entity_pwd failed"); 97bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman } 98bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 99bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman ent->authtype = SIA_A_NONE; 100bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) 101bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("Couldn't establish session for %s from %s", 102bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman pw->pw_name, host); 103bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 104bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) 105bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman fatal("Couldn't launch session for %s from %s", 106bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman pw->pw_name, host); 107bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 108bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman sia_ses_release(&ent); 109bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 110bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman setuid(0); 111bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman permanently_set_uid(pw); 112bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman} 113bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman 114bd77cf78387b72b7b3ea870459077672bf75c3b5Greg Hartman#endif /* HAVE_OSF_SIA */ 115