search for: auth_sia_password

...sia.c Wed Dec 31 18:00:00 1969 +++ openssh-2.2.0p1/auth-sia.c Sat Oct 14 21:24:19 2000 @@ -0,0 +1,34 @@ +#include "includes.h" + +#ifdef HAVE_OSF_SIA +#include "ssh.h" + +#include <sia.h> +#include <siad.h> + +extern int saved_argc; +extern char **saved_argv; + +int +auth_sia_password (user, pass) + char *user; + char *pass; +{ + SIAENTITY *ent = NULL; + int ret; + + if (sia_ses_init (&ent, saved_argc, saved_argv, + get_canonical_hostname(), user, NULL, 0, NULL) != SIASUCCESS) + return 0; + if ((ret = sia_ses_authent (NULL, pass, ent)) != SIASUCCESS) { + if (ret &...

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

...rd); + if (*password == '\0' && options.permit_empty_passwd == 0) { + retval=0 ; goto out; + } + retval=auth_pam_password(authctxt, password); + goto out; #elif defined(HAVE_OSF_SIA) - if (*password == '\0' && options.permit_empty_passwd == 0) - return 0; - return auth_sia_password(authctxt, password); + if (*password == '\0' && options.permit_empty_passwd == 0) { + retval=0 ; goto out; + } + retval=auth_sia_password(authctxt, password); + goto out; #else struct passwd * pw = authctxt->pw; char *encrypted_password; @@ -118,19 +123,23 @@ #endif /...

...d afs tokens. diff -c openssh-3.0.2p1/auth-sia.c openssh-3.0.2p1-tschroed/auth-sia.c *** openssh-3.0.2p1/auth-sia.c Mon Apr 16 04:37:05 2001 --- openssh-3.0.2p1-tschroed/auth-sia.c Thu Dec 6 13:02:26 2001 *************** *** 21,32 **** extern char **saved_argv; extern int errno; int auth_sia_password(char *user, char *pass) { int ret; - SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname(options.reverse_mapping_check); --- 21,32 ---- extern char **saved_argv; extern int errno; + SIAENTITY *__sia_ent = NULL; int auth_sia_password(char *user, char *...

...openssh/auth-sia.c > --- openssh-SNAP-20020826/auth-sia.c Fri Apr 12 10:36:08 2002 > +++ openssh/auth-sia.c Tue Sep 3 22:03:16 2002 > @@ -45,27 +45,25 @@ > extern int saved_argc; > extern char **saved_argv; > > -extern int errno; > - > int > auth_sia_password(Authctxt *authctxt, char *pass) > { > int ret; > SIAENTITY *ent = NULL; > const char *host; > - char *user = authctxt->user; > > host = get_canonical_hostname(options.verify_reverse_mapping); > > - if (!user || !pass || pass[0] == '\0...

...rocess per login session. diff -urN openssh-SNAP-20030226/auth-sia.c openssh/auth-sia.c --- openssh-SNAP-20030226/auth-sia.c Tue Jan 21 22:42:27 2003 +++ openssh/auth-sia.c Wed Feb 26 19:46:17 2003 @@ -45,27 +45,25 @@ extern int saved_argc; extern char **saved_argv; -extern int errno; - int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; SIAENTITY *ent = NULL; const char *host; - char *user = authctxt->user; host = get_canonical_hostname(options.verify_reverse_mapping); - if (pass[0] == '\0') + if (!authctxt->user || !pass || pass[0] == '\0') return(0)...

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...lse @@ -252,7 +252,8 @@ #ifdef USE_PAM /* Do PAM auth with password */ - authenticated = auth_pam_password(pw, password); + authenticated = auth_pam_password(pw, password, + PAM_PROMPT_ECHO_OFF); #elif defined(HAVE_OSF_SIA) /* Do SIA auth with password */ authenticated = auth_sia_password(authctxt->user, @@ -269,6 +270,15 @@ case SSH_CMSG_AUTH_TIS: debug("rcvd SSH_CMSG_AUTH_TIS"); if (options.challenge_response_authentication == 1) { +#ifdef USE_PAM + if (options.tis_via_pam == 1) { + authenticated = auth_pam_password(pw, "", + PAM...

http://bugzilla.mindrot.org/show_bug.cgi?id=933 Summary: compile problem on tru64 5.1A code outside of a #ifdef that should not be included on tru64 Product: Portable OpenSSH Version: 3.8p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build

http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From djm at mindrot.org 2002-02-15 10:10 ------- > OpenSSH traditionally would not even start PAM, and > now starts it specifying 'NOUSER' as the login name. We have always used NOUSER, the recent patch just makes it consistent between protocols 1 and 2. > The second is to prevent username guessing

...uth-sia.h =================================================================== RCS file: /var/cvs/openssh/auth-sia.h,v retrieving revision 1.3 diff -u -r1.3 auth-sia.h --- auth-sia.h 12 Apr 2002 15:36:08 -0000 1.3 +++ auth-sia.h 29 Jun 2002 03:19:18 -0000 @@ -27,6 +27,6 @@ #ifdef HAVE_OSF_SIA int auth_sia_password(Authctxt *authctxt, char *pass); -void session_setup_sia(char *user, char *tty); +void setup_sia(char *user, char *tty); #endif /* HAVE_OSF_SIA */ Index: monitor.c =================================================================== RCS file: /var/cvs/openssh/monitor.c,v retrieving revision 1.22 d...

...uth-sia.h =================================================================== RCS file: /var/cvs/openssh/auth-sia.h,v retrieving revision 1.3 diff -u -r1.3 auth-sia.h --- auth-sia.h 12 Apr 2002 15:36:08 -0000 1.3 +++ auth-sia.h 28 Jun 2002 20:29:00 -0000 @@ -27,6 +27,6 @@ #ifdef HAVE_OSF_SIA int auth_sia_password(Authctxt *authctxt, char *pass); -void session_setup_sia(char *user, char *tty); +void setup_sia(char *user, char *tty); #endif /* HAVE_OSF_SIA */ Index: monitor.c =================================================================== RCS file: /var/cvs/openssh/monitor.c,v retrieving revision 1.22 d...

...fatal("setreuid: %s", strerror(errno)); } } - #endif /* HAVE_OSF_SIA */ diff -ur openssh-3.4p1/auth-sia.h openssh-3.4p1+/auth-sia.h --- openssh-3.4p1/auth-sia.h Fri Apr 12 11:36:08 2002 +++ openssh-3.4p1+/auth-sia.h Sun Jul 21 22:53:14 2002 @@ -27,6 +27,6 @@ #ifdef HAVE_OSF_SIA int auth_sia_password(Authctxt *authctxt, char *pass); -void session_setup_sia(char *user, char *tty); +void setup_sia(char *user, char *tty); #endif /* HAVE_OSF_SIA */ diff -ur openssh-3.4p1/monitor.c openssh-3.4p1+/monitor.c --- openssh-3.4p1/monitor.c Wed Jun 26 09:27:11 2002 +++ openssh-3.4p1+/monitor.c Sun Jul 21...

...6 +31,7 @@ #include "log.h" #include "servconf.h" #include "canohost.h" +#include "xmalloc.h" #include <sia.h> #include <siad.h> @@ -45,11 +46,12 @@ extern int saved_argc; extern char **saved_argv; +static SIAENTITY *ent = NULL; + int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; - SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname(options.use_dns); @@ -57,6 +59,12 @@ if (!authctxt->user || pass == NULL || pass[0] == '\0') return (0); + if (ent) { + debug("Releasing old SIAENTITY...

...fatal("setreuid: %s", strerror(errno)); } } - #endif /* HAVE_OSF_SIA */ diff -ur openssh-3.4p1/auth-sia.h openssh-3.4p1+/auth-sia.h --- openssh-3.4p1/auth-sia.h Fri Apr 12 11:36:08 2002 +++ openssh-3.4p1+/auth-sia.h Sun Jul 21 22:53:14 2002 @@ -27,6 +27,6 @@ #ifdef HAVE_OSF_SIA int auth_sia_password(Authctxt *authctxt, char *pass); -void session_setup_sia(char *user, char *tty); +void setup_sia(char *user, char *tty); #endif /* HAVE_OSF_SIA */ diff -ur openssh-3.4p1/monitor.c openssh-3.4p1+/monitor.c --- openssh-3.4p1/monitor.c Wed Jun 26 09:27:11 2002 +++ openssh-3.4p1+/monitor.c Sun Jul 21...

Hello, I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1 concerning the AFS token forwarding. That means that the new versions are not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this problem already existed in Openssh 2.9.9p1, but I have never used this version (I only looked at the

...< size-1) + dest[i++] = ch; + + dest[size-1] = '\0'; /* Guarantee for trailing '\0' */ +} +#endif /*system(bs2000)*/ + /* * Tries to authenticate the user using password. Returns true if * authentication succeeds. @@ -72,6 +84,55 @@ #if defined(HAVE_OSF_SIA) return auth_sia_password(authctxt, password) && ok; +#elif defined(__MVS__) + { + int rc; + rc = __passwd(pw->pw_name, password, NULL); + if(rc) + debug("__passwd: %.100s", strerror(errno)); + return ok && rc...