Hello. The following is a patch against OpenSSH 3.0.2p1 to fix OpenSSH's handling of Tru64 SIA authentication. The main changes are to make the SIAENTITY a global variable (so that it remains persistent across function calls), initialization only happens once, the session is only released once. This makes SIA modules that require authentication in order to perform certain actions during the session launch call work properly. For example, we have a Kerberos 5 / AFS SIA module here that requires that the user authenticate durring sia_ses_authent and then uses the information stored in the SIAENTITY during ses_launch to fetch krb tickets and afs tokens. diff -c openssh-3.0.2p1/auth-sia.c openssh-3.0.2p1-tschroed/auth-sia.c *** openssh-3.0.2p1/auth-sia.c Mon Apr 16 04:37:05 2001 --- openssh-3.0.2p1-tschroed/auth-sia.c Thu Dec 6 13:02:26 2001 *************** *** 21,32 **** extern char **saved_argv; extern int errno; int auth_sia_password(char *user, char *pass) { int ret; - SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname(options.reverse_mapping_check); --- 21,32 ---- extern char **saved_argv; extern int errno; + SIAENTITY *__sia_ent = NULL; int auth_sia_password(char *user, char *pass) { int ret; const char *host; host = get_canonical_hostname(options.reverse_mapping_check); *************** *** 34,51 **** if (!user || !pass) return(0); ! if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0, NULL) != SIASUCCESS) return(0); ! if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { error("couldn't authenticate %s from %s", user, host); if (ret & SIASTOP) ! sia_ses_release(&ent); return(0); } - sia_ses_release(&ent); return(1); } --- 34,50 ---- if (!user || !pass) return(0); ! if (sia_ses_init(&__sia_ent, saved_argc, saved_argv, host, user, NULL, 0, NULL) != SIASUCCESS) return(0); ! if ((ret = sia_ses_authent(NULL, pass, __sia_ent)) != SIASUCCESS) { error("couldn't authenticate %s from %s", user, host); if (ret & SIASTOP) ! sia_ses_release(&__sia_ent); return(0); } return(1); } *************** *** 55,84 **** { int ret; struct passwd *pw; ! SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname (options.reverse_mapping_check); - if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { - error("sia_ses_init failed"); - exit(1); - } - if ((pw = getpwnam(user)) == NULL) { ! sia_ses_release(&ent); error("getpwnam(%s) failed: %s", user, strerror(errno)); exit(1); } ! if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { ! sia_ses_release(&ent); error("sia_make_entity_pwd failed"); exit(1); } ! ent->authtype = SIA_A_NONE; ! if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) { error("couldn't establish session for %s from %s", user, host); exit(1); --- 54,77 ---- { int ret; struct passwd *pw; ! /* SIAENTITY *__sia_ent = NULL; */ const char *host; host = get_canonical_hostname (options.reverse_mapping_check); if ((pw = getpwnam(user)) == NULL) { ! sia_ses_release(&__sia_ent); error("getpwnam(%s) failed: %s", user, strerror(errno)); exit(1); } ! if (sia_make_entity_pwd(pw, __sia_ent) != SIASUCCESS) { ! sia_ses_release(&__sia_ent); error("sia_make_entity_pwd failed"); exit(1); } ! __sia_ent->authtype = SIA_A_NONE; ! if (sia_ses_estab(sia_collect_trm, __sia_ent) != SIASUCCESS) { error("couldn't establish session for %s from %s", user, host); exit(1); *************** *** 85,106 **** } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { ! sia_ses_release(&ent); error("setpriority failed: %s", strerror (errno)); exit(1); } ! if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { error("couldn't launch session for %s from %s", user, host); exit(1); } ! sia_ses_release(&ent); if (setreuid(geteuid(), geteuid()) < 0) { error("setreuid failed: %s", strerror (errno)); exit(1); } } #endif /* HAVE_OSF_SIA */ --- 78,100 ---- } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { ! sia_ses_release(&__sia_ent); error("setpriority failed: %s", strerror (errno)); exit(1); } ! if (sia_ses_launch(sia_collect_trm, __sia_ent) != SIASUCCESS) { error("couldn't launch session for %s from %s", user, host); exit(1); } ! sia_ses_release(&__sia_ent); if (setreuid(geteuid(), geteuid()) < 0) { error("setreuid failed: %s", strerror (errno)); exit(1); } + sia_ses_release(&__sia_ent); } #endif /* HAVE_OSF_SIA */