I just cobbled up a little patch to add support for OPIE to
OpenSSH. Currently untested, but feedback is welcome.
Wichert.
--
_________________________________________________________________
/ Nothing is fool-proof to a sufficiently talented fool \
| wichert at cistron.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
-------------- next part --------------
diff -wur org/openssh-2.5.2p2/ChangeLog openssh-2.5.2p2/ChangeLog
--- org/openssh-2.5.2p2/ChangeLog Thu Mar 22 06:04:12 2001
+++ openssh-2.5.2p2/ChangeLog Sun Jun 3 18:37:17 2001
@@ -1,3 +1,6 @@
+20010603
+ - (wta) Add OPIE support
+
20010322
- (djm) Better AIX no tty fix, spotted by Gert Doering <gert at
greenie.muc.de>
- (djm) Released 2.5.2p2
diff -wur org/openssh-2.5.2p2/acconfig.h openssh-2.5.2p2/acconfig.h
--- org/openssh-2.5.2p2/acconfig.h Sat Mar 17 02:15:38 2001
+++ openssh-2.5.2p2/acconfig.h Sun Jun 3 18:36:47 2001
@@ -184,6 +184,9 @@
/* Define if you want AFS support */
#undef AFS
+/* Define if you want OPIE support */
+#undef OPIE
+
/* Define if you want S/Key support */
#undef SKEY
diff -wur org/openssh-2.5.2p2/auth-chall.c openssh-2.5.2p2/auth-chall.c
--- org/openssh-2.5.2p2/auth-chall.c Mon Mar 5 07:59:27 2001
+++ openssh-2.5.2p2/auth-chall.c Sun Jun 3 18:34:43 2001
@@ -67,7 +67,7 @@
debug("verify_response: <%s> = <%d>", response, authok);
return authok != 0;
}
-#else
+#else /* BSD_AUTH */
#ifdef SKEY
#include <skey.h>
@@ -88,6 +88,25 @@
skey_haskey(authctxt->pw->pw_name) == 0 &&
skey_passcheck(authctxt->pw->pw_name, response) != -1);
}
+#else /* SKEY */
+#ifdef OPIE
+#include <opie.h>
+
+char *
+get_challenge(Authctxt *authctxt, char *devs)
+{
+ static char challenge[OPIE_CHALLENGE_MAX+64];
+ if (opiechallenge(&authctxt->opie_data, authxtxt->user, challenge)
!= 0)
+ return NULL;
+ strlcat(challenge, "\nOPIE Password: ", sizeof challenge);
+ return challenge;
+}
+int
+verify_response(Authctxt *authctxt, char *response)
+{
+ return authctxt->valid && opieverify(&authctxt->opie_data,
response);
+}
+
#else
/* not available */
char *
@@ -100,5 +119,5 @@
{
return 0;
}
-#endif
-#endif
+#endif /* !SKEY */
+#endif /* !BSD_AUTH */
diff -wur org/openssh-2.5.2p2/auth.h openssh-2.5.2p2/auth.h
--- org/openssh-2.5.2p2/auth.h Mon Mar 5 06:56:41 2001
+++ openssh-2.5.2p2/auth.h Sun Jun 3 18:27:18 2001
@@ -35,6 +35,10 @@
#include <bsd_auth.h>
#endif
+#ifdef OPIE
+#include <opie.h>
+#endif
+
typedef struct Authctxt Authctxt;
struct Authctxt {
int success;
@@ -48,6 +52,9 @@
char *style;
#ifdef BSD_AUTH
auth_session_t *as;
+#endif
+#ifdef OPIE
+ struct opie opiedata;
#endif
};
diff -wur org/openssh-2.5.2p2/configure.in openssh-2.5.2p2/configure.in
--- org/openssh-2.5.2p2/configure.in Mon Mar 19 00:09:28 2001
+++ openssh-2.5.2p2/configure.in Sun Jun 3 18:36:22 2001
@@ -473,6 +473,31 @@
)
LIBS="$LIBS $KLIBS"
+# Check whether user wants OPIE support
+OPIE_MSG="no"
+AC_ARG_WITH(opie,
+ [ --with-opie=PATH Enable OPIE support],
+ [
+ if test "x$withval" != "xno" ; then
+
+ if test "x$withval" != "xyes" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ fi
+
+ AC_DEFINE(OPIE)
+ LIBS="-lopie $LIBS"
+ OPIE_MSG="yes"
+
+ AC_CHECK_FUNC(opiechallenge,
+ [],
+ [
+ AC_MSG_ERROR([** Incomplete or missing OPIE libraries.])
+ ])
+ fi
+ ]
+)
+
# Check whether user wants S/Key support
SKEY_MSG="no"
AC_ARG_WITH(skey,