openssh unix dev - Feb 2001 - OpenSSH 2.3.0p1 port to BSDI BSD/OS

BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library.  However, BSDI's patches have several
problems:

1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
distribution.
3. They change the path to krb.h unconditionally, making it unportable.

Here is a patch derived from BSDI's, updated for OpenSSH 2.3.0p1,
which fixes those problems, and also fixes a misplaced #ifdef in the
OpenSSH distribution in bsd-vis.c.

After applying this patch, run "autoreconf".

Index: auth1.c
--- auth1.c	2001/02/13 07:43:16	1.1
+++ auth1.c	2001/02/13 22:00:06
@@ -28,6 +28,12 @@
 #include "auth.h"
 #include "session.h"
 
+#ifdef HAVE_BSD_AUTH_H
+# include <login_cap.h>
+# include <bsd_auth.h>
+static char *bsduser=NULL;	/* XXX -- ugly, but we need the original */
+#endif
+
 /* import */
 extern ServerOptions options;
 extern char *forced_command;
@@ -258,7 +264,10 @@
 				NULL, password) == SIASUCCESS) {
 				authenticated = 1;
 			}
-#else /* !USE_PAM && !HAVE_OSF_SIA */
+#elif defined(HAVE_BSD_AUTH_H)
+			authenticated = auth_userokay(bsduser, NULL, 
+						"auth-ssh", password);
+#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
  			/* Try authentication with the password. */
 			authenticated = auth_password(pw, password);
 #endif /* USE_PAM */
@@ -362,6 +371,10 @@
 		if (authenticated && !do_pam_account(pw->pw_name, client_user))
 			authenticated = 0;
 #endif
+#ifdef HAVE_BSD_AUTH_H
+		if (authenticated && !auth_approval(NULL, NULL, pw->pw_name,
"ssh"))
+		    authenticated = 0;
+#endif /* HAVE_BSD_AUTH_H */
 
 		if (client_user != NULL) {
 			xfree(client_user);
@@ -415,6 +428,15 @@
 #endif /* AFS */
 
 	/* Verify that the user is a valid user. */
+#ifdef HAVE_BSD_AUTH_H
+	/* we may have an auth type in the user name we need to strip */
+	{
+		char *p;
+		bsduser = xstrdup(user);
+		if ((p = strchr(user, ':')) != NULL)
+			*p = '\0';
+	}
+#endif
 	pw = getpwnam(user);
 	if (pw && allowed_user(pw)) {
 		/* Take a copy of the returned structure. */
@@ -460,7 +482,9 @@
 	    (sia_validate_user(NULL, saved_argc, saved_argv, 
 	    get_canonical_hostname(), pw->pw_name, NULL, 0, 
 		 NULL, "") == SIASUCCESS)) {
-#else /* !HAVE_OSF_SIA && !USE_PAM */
+#elif defined(HAVE_BSD_AUTH_H)
+	    auth_userokay(bsduser, NULL, "auth-ssh", "" )) {
+#else /* !HAVE_OSF_SIA && !USE_PAM && !HAVE_BSD_AUTH_H */
  	    auth_password(pw, "")) {
 #endif /* USE_PAM */
 		/* Authentication with empty password succeeded. */
@@ -474,6 +498,13 @@
 	}
 	if (pw == NULL)
 		fatal("internal error, authentication successfull for user
'%.100s'", user);
+
+#ifdef HAVE_BSD_AUTH_H
+	if (bsduser != NULL) {
+		xfree(bsduser);
+		bsduser = NULL;
+	}
+#endif
 
 	/* The user has been authenticated and accepted. */
 	packet_start(SSH_SMSG_SUCCESS);
Index: auth2.c
--- auth2.c	2001/02/13 07:43:16	1.1
+++ auth2.c	2001/02/13 22:00:06
@@ -56,6 +56,11 @@
 #include "uidswap.h"
 #include "auth-options.h"
 
+#ifdef HAVE_BSD_AUTH_H
+# include <login_cap.h>
+# include <bsd_auth.h>
+#endif
+
 /* import */
 extern ServerOptions options;
 extern unsigned char *session_id2;
@@ -209,7 +214,19 @@
 		/* setup auth context */
 		struct passwd *pw = NULL;
 		setproctitle("%s", user);
+#ifdef HAVE_BSD_AUTH_H
+		{
+			/* user may contain requested auth type */
+			char *p;
+			if ((p = strchr(user, ':')) != NULL)
+				*p = '\0';
+			pw = getpwnam(user);
+			if (p != NULL)
+				*p = ':';
+		}
+#else
 		pw = getpwnam(user);
+#endif
 		if (pw && allowed_user(pw) && strcmp(service,
"ssh-connection")==0) {
 			authctxt->pw = pwcopy(pw);
 			authctxt->valid = 1;
@@ -254,6 +271,10 @@
 	if (authenticated && authctxt->user &&
!do_pam_account(authctxt->user, NULL))
 		authenticated = 0;
 #endif /* USE_PAM */
+#ifdef HAVE_BSD_AUTH_H
+	if (authenticated && authctxt->user && !auth_approval(NULL,
NULL, authctxt->user, "ssh"))
+	    authenticated = 0;
+#endif /* HAVE_BSD_AUTH_H */
 
 	/* Log before sending the reply */
 	userauth_log(authctxt, authenticated, method);
@@ -353,7 +374,9 @@
 	return (sia_validate_user(NULL, saved_argc, saved_argv, 
 		get_canonical_hostname(),
authctxt->user?authctxt->user:"NOUSER",
 			NULL, 0, NULL, "") == SIASUCCESS);
-#else /* !HAVE_OSF_SIA && !USE_PAM */
+#elif defined(HAVE_BSD_AUTH_H)
+	return auth_userokay(authctxt->user?authctxt->user:"NOUSER",
NULL, "auth-ssh", "");
+#else /* !HAVE_OSF_SIA && !USE_PAM && !HAVE_BSD_AUTH_H */
 	return auth_password(authctxt->pw, "");
 #endif /* USE_PAM */
 }
@@ -380,7 +403,9 @@
 	    sia_validate_user(NULL, saved_argc, saved_argv, 
 		 	get_canonical_hostname(),
authctxt->user?authctxt->user:"NOUSER",
 			NULL, 0, NULL, password) == SIASUCCESS)
-#else /* !USE_PAM && !HAVE_OSF_SIA */
+#elif defined(HAVE_BSD_AUTH_H)
+	    auth_userokay(authctxt->user?authctxt->user:"NOUSER",
NULL, "auth-ssh", password) != 0)
+#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
 	    auth_password(authctxt->pw, password) == 1)
 #endif /* USE_PAM */
 		authenticated = 1;
Index: bsd-vis.c
--- bsd-vis.c	2001/02/13 07:43:16	1.1
+++ bsd-vis.c	2001/02/13 07:45:46	1.2
@@ -35,9 +35,9 @@
 static char rcsid[] = "$OpenBSD: vis.c,v 1.5 2000/07/19 15:25:13 deraadt
Exp $";
 #endif /* LIBC_SCCS and not lint */
 
-#ifndef HAVE_VIS
-
 #include "includes.h"
+
+#ifndef HAVE_VIS
 
 #define	isoctal(c)	(((u_char)(c)) >= '0' && ((u_char)(c))
<= '7')
 
Index: session.c
--- session.c	2001/02/13 07:43:17	1.1
+++ session.c	2001/02/13 07:45:46	1.2
@@ -1155,7 +1155,9 @@
 		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
 #ifdef HAVE_LOGIN_CAP
 		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
-		child_set_env(&env, &envsize, "PATH",
getenv("PATH"));
+		/* update the path to the one setusercontext set for us */
+		if (getenv("PATH"))
+			child_set_env(&env, &envsize, "PATH",
getenv("PATH"));
 #else /* HAVE_LOGIN_CAP */
 # ifndef HAVE_CYGWIN
 		/*
Index: ssh.h
--- ssh.h	2001/02/13 07:43:17	1.1
+++ ssh.h	2001/02/13 22:00:07
@@ -520,7 +520,12 @@
 ssize_t	atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
 
 #ifdef KRB4
+#ifdef HAVE_BSD_AUTH_H
+#define DES_DEFS /* prevent BSD/OS krb.h from including kerberosIV/des.h */
+#include <kerberosIV/krb.h>
+#else /* !HAVE_BSD_AUTH_H */
 #include <krb.h>
+#endif /* HAVE_BSD_AUTH_H */
 /*
  * Performs Kerberos v4 mutual authentication with the client. This returns 0
  * if the client could not be authenticated, and 1 if authentication was
Index: configure.in
--- configure.in	2001/02/13 07:43:16	1.1
+++ configure.in	2001/02/13 22:00:07
@@ -284,7 +284,7 @@
 fi
 
 # Checks for header files.
-AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h
login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h
poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h
sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h
sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h
vis.h)
+AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h
login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h
poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h
sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h
sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h
vis.h bsd_auth.h)
 
 dnl    Checks for library functions.
 AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod
freeaddrinfo futimes gai_strerror getcwd getaddrinfo getnameinfo getrusage
getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp
on_exit openpty realpath rresvport_af setenv seteuid setlogin setproctitle
setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy
strsep strtok_r vsnprintf vhangup vis waitpid _getpty __b64_ntop)

Could you please port up the latest snapshot
at: http://bass.directhit.com/openssh_snap?

We are coming close to a 2.5.0p1 release so timing
is pretty critical.


Thanks,

- Ben


On Fri, 16 Feb 2001, David J. MacKenzie wrote:
> BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
> authentication library.  However, BSDI's patches have several
> problems:
> 
> 1. They don't run the approval phase, so they can allow users to login
> who aren't supposed to be able to.
> 2. They don't patch configure to automatically detect the BSDI auth
> system, so they're not ready to use in a general portable
> distribution.
> 3. They change the path to krb.h unconditionally, making it unportable.
> 
> Here is a patch derived from BSDI's, updated for OpenSSH 2.3.0p1,
> which fixes those problems, and also fixes a misplaced #ifdef in the
> OpenSSH distribution in bsd-vis.c.
> 
> After applying this patch, run "autoreconf".
> 
> Index: auth1.c
> --- auth1.c	2001/02/13 07:43:16	1.1
> +++ auth1.c	2001/02/13 22:00:06
> @@ -28,6 +28,12 @@
>  #include "auth.h"
>  #include "session.h"
>  
> +#ifdef HAVE_BSD_AUTH_H
> +# include <login_cap.h>
> +# include <bsd_auth.h>
> +static char *bsduser=NULL;	/* XXX -- ugly, but we need the original */
> +#endif
> +
>  /* import */
>  extern ServerOptions options;
>  extern char *forced_command;
> @@ -258,7 +264,10 @@
>  				NULL, password) == SIASUCCESS) {
>  				authenticated = 1;
>  			}
> -#else /* !USE_PAM && !HAVE_OSF_SIA */
> +#elif defined(HAVE_BSD_AUTH_H)
> +			authenticated = auth_userokay(bsduser, NULL, 
> +						"auth-ssh", password);
> +#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
>   			/* Try authentication with the password. */
>  			authenticated = auth_password(pw, password);
>  #endif /* USE_PAM */
> @@ -362,6 +371,10 @@
>  		if (authenticated && !do_pam_account(pw->pw_name,
client_user))
>  			authenticated = 0;
>  #endif
> +#ifdef HAVE_BSD_AUTH_H
> +		if (authenticated && !auth_approval(NULL, NULL, pw->pw_name,
"ssh"))
> +		    authenticated = 0;
> +#endif /* HAVE_BSD_AUTH_H */
>  
>  		if (client_user != NULL) {
>  			xfree(client_user);
> @@ -415,6 +428,15 @@
>  #endif /* AFS */
>  
>  	/* Verify that the user is a valid user. */
> +#ifdef HAVE_BSD_AUTH_H
> +	/* we may have an auth type in the user name we need to strip */
> +	{
> +		char *p;
> +		bsduser = xstrdup(user);
> +		if ((p = strchr(user, ':')) != NULL)
> +			*p = '\0';
> +	}
> +#endif
>  	pw = getpwnam(user);
>  	if (pw && allowed_user(pw)) {
>  		/* Take a copy of the returned structure. */
> @@ -460,7 +482,9 @@
>  	    (sia_validate_user(NULL, saved_argc, saved_argv, 
>  	    get_canonical_hostname(), pw->pw_name, NULL, 0, 
>  		 NULL, "") == SIASUCCESS)) {
> -#else /* !HAVE_OSF_SIA && !USE_PAM */
> +#elif defined(HAVE_BSD_AUTH_H)
> +	    auth_userokay(bsduser, NULL, "auth-ssh", "" )) {
> +#else /* !HAVE_OSF_SIA && !USE_PAM && !HAVE_BSD_AUTH_H */
>   	    auth_password(pw, "")) {
>  #endif /* USE_PAM */
>  		/* Authentication with empty password succeeded. */
> @@ -474,6 +498,13 @@
>  	}
>  	if (pw == NULL)
>  		fatal("internal error, authentication successfull for user
'%.100s'", user);
> +
> +#ifdef HAVE_BSD_AUTH_H
> +	if (bsduser != NULL) {
> +		xfree(bsduser);
> +		bsduser = NULL;
> +	}
> +#endif
>  
>  	/* The user has been authenticated and accepted. */
>  	packet_start(SSH_SMSG_SUCCESS);
> Index: auth2.c
> --- auth2.c	2001/02/13 07:43:16	1.1
> +++ auth2.c	2001/02/13 22:00:06
> @@ -56,6 +56,11 @@
>  #include "uidswap.h"
>  #include "auth-options.h"
>  
> +#ifdef HAVE_BSD_AUTH_H
> +# include <login_cap.h>
> +# include <bsd_auth.h>
> +#endif
> +
>  /* import */
>  extern ServerOptions options;
>  extern unsigned char *session_id2;
> @@ -209,7 +214,19 @@
>  		/* setup auth context */
>  		struct passwd *pw = NULL;
>  		setproctitle("%s", user);
> +#ifdef HAVE_BSD_AUTH_H
> +		{
> +			/* user may contain requested auth type */
> +			char *p;
> +			if ((p = strchr(user, ':')) != NULL)
> +				*p = '\0';
> +			pw = getpwnam(user);
> +			if (p != NULL)
> +				*p = ':';
> +		}
> +#else
>  		pw = getpwnam(user);
> +#endif
>  		if (pw && allowed_user(pw) && strcmp(service,
"ssh-connection")==0) {
>  			authctxt->pw = pwcopy(pw);
>  			authctxt->valid = 1;
> @@ -254,6 +271,10 @@
>  	if (authenticated && authctxt->user &&
!do_pam_account(authctxt->user, NULL))
>  		authenticated = 0;
>  #endif /* USE_PAM */
> +#ifdef HAVE_BSD_AUTH_H
> +	if (authenticated && authctxt->user &&
!auth_approval(NULL, NULL, authctxt->user, "ssh"))
> +	    authenticated = 0;
> +#endif /* HAVE_BSD_AUTH_H */
>  
>  	/* Log before sending the reply */
>  	userauth_log(authctxt, authenticated, method);
> @@ -353,7 +374,9 @@
>  	return (sia_validate_user(NULL, saved_argc, saved_argv, 
>  		get_canonical_hostname(),
authctxt->user?authctxt->user:"NOUSER",
>  			NULL, 0, NULL, "") == SIASUCCESS);
> -#else /* !HAVE_OSF_SIA && !USE_PAM */
> +#elif defined(HAVE_BSD_AUTH_H)
> +	return
auth_userokay(authctxt->user?authctxt->user:"NOUSER", NULL,
"auth-ssh", "");
> +#else /* !HAVE_OSF_SIA && !USE_PAM && !HAVE_BSD_AUTH_H */
>  	return auth_password(authctxt->pw, "");
>  #endif /* USE_PAM */
>  }
> @@ -380,7 +403,9 @@
>  	    sia_validate_user(NULL, saved_argc, saved_argv, 
>  		 	get_canonical_hostname(),
authctxt->user?authctxt->user:"NOUSER",
>  			NULL, 0, NULL, password) == SIASUCCESS)
> -#else /* !USE_PAM && !HAVE_OSF_SIA */
> +#elif defined(HAVE_BSD_AUTH_H)
> +	    auth_userokay(authctxt->user?authctxt->user:"NOUSER",
NULL, "auth-ssh", password) != 0)
> +#else /* !USE_PAM && !HAVE_OSF_SIA && !HAVE_BSD_AUTH_H */
>  	    auth_password(authctxt->pw, password) == 1)
>  #endif /* USE_PAM */
>  		authenticated = 1;
> Index: bsd-vis.c
> --- bsd-vis.c	2001/02/13 07:43:16	1.1
> +++ bsd-vis.c	2001/02/13 07:45:46	1.2
> @@ -35,9 +35,9 @@
>  static char rcsid[] = "$OpenBSD: vis.c,v 1.5 2000/07/19 15:25:13
deraadt Exp $";
>  #endif /* LIBC_SCCS and not lint */
>  
> -#ifndef HAVE_VIS
> -
>  #include "includes.h"
> +
> +#ifndef HAVE_VIS
>  
>  #define	isoctal(c)	(((u_char)(c)) >= '0' &&
((u_char)(c)) <= '7')
>  
> Index: session.c
> --- session.c	2001/02/13 07:43:17	1.1
> +++ session.c	2001/02/13 07:45:46	1.2
> @@ -1155,7 +1155,9 @@
>  		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
>  #ifdef HAVE_LOGIN_CAP
>  		(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
> -		child_set_env(&env, &envsize, "PATH",
getenv("PATH"));
> +		/* update the path to the one setusercontext set for us */
> +		if (getenv("PATH"))
> +			child_set_env(&env, &envsize, "PATH",
getenv("PATH"));
>  #else /* HAVE_LOGIN_CAP */
>  # ifndef HAVE_CYGWIN
>  		/*
> Index: ssh.h
> --- ssh.h	2001/02/13 07:43:17	1.1
> +++ ssh.h	2001/02/13 22:00:07
> @@ -520,7 +520,12 @@
>  ssize_t	atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
>  
>  #ifdef KRB4
> +#ifdef HAVE_BSD_AUTH_H
> +#define DES_DEFS /* prevent BSD/OS krb.h from including kerberosIV/des.h
*/
> +#include <kerberosIV/krb.h>
> +#else /* !HAVE_BSD_AUTH_H */
>  #include <krb.h>
> +#endif /* HAVE_BSD_AUTH_H */
>  /*
>   * Performs Kerberos v4 mutual authentication with the client. This
returns 0
>   * if the client could not be authenticated, and 1 if authentication was
> Index: configure.in
> --- configure.in	2001/02/13 07:43:16	1.1
> +++ configure.in	2001/02/13 22:00:07
> @@ -284,7 +284,7 @@
>  fi
>  
>  # Checks for header files.
> -AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h
limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h
paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h
sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h
sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h
utmp.h utmpx.h vis.h)
> +AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h
limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h
paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h
sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h
sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h
utmp.h utmpx.h vis.h bsd_auth.h)
>  
>  dnl    Checks for library functions.
>  AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock
fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getnameinfo
getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt
memmove mkdtemp on_exit openpty realpath rresvport_af setenv seteuid setlogin
setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror
strlcat strlcpy strsep strtok_r vsnprintf vhangup vis waitpid _getpty
__b64_ntop)
>