search for: authok

nuqneH, I've tried using TIS authsrv authentication via bsd auth and found it quite limited. The most important restriction it does not log ip and fqdn of the remote peer, nor the application name, to the authentication server. It does not matter much for TIS authsrv, but since other applications do provide such information, our authsrv version uses it for extra authentication restrictions.

...challenge res: %d", __func__, res); + mm_request_send(socket, MONITOR_ANS_PAMQUERY, m); + + if (res != -1) { + xfree(name); + xfree(infotxt); + xfree(prompts); + xfree(echo_on); + } + + return (0); +} + +int +mm_answer_sshpamrespond(int socket, Buffer *m) +{ + char *response, *rs[1]; + int authok; + + if (sshpam_auth_ctxt == NULL) + fatal("%s: No PAM kbd-int auth context", __func__); + + response = buffer_get_string(m, NULL); + rs[0] = response; + + authok = sshpam_respond(sshpam_auth_ctxt, 1, rs); + debug3("%s: <%s> = <%d>", __func__, response, authok); +...

...*/ #undef SKEY diff -wur org/openssh-2.5.2p2/auth-chall.c openssh-2.5.2p2/auth-chall.c --- org/openssh-2.5.2p2/auth-chall.c Mon Mar 5 07:59:27 2001 +++ openssh-2.5.2p2/auth-chall.c Sun Jun 3 18:34:43 2001 @@ -67,7 +67,7 @@ debug("verify_response: <%s> = <%d>", response, authok); return authok != 0; } -#else +#else /* BSD_AUTH */ #ifdef SKEY #include <skey.h> @@ -88,6 +88,25 @@ skey_haskey(authctxt->pw->pw_name) == 0 && skey_passcheck(authctxt->pw->pw_name, response) != -1); } +#else /* SKEY */ +#ifdef OPIE +#include <opie....

...lenge res: %d", __FUNCTION__, res); + mm_request_send(socket, MONITOR_ANS_PAMQUERY, m); + + if (res != -1) { + xfree(name); + xfree(infotxt); + xfree(prompts); + xfree(echo_on); + } + + return (0); +} + +int +mm_answer_sshpamrespond(int socket, Buffer *m) +{ + char *response, *rs[1]; + int authok; + + if (sshpam_auth_ctxt == NULL) + fatal("%s: No PAM kbd-int auth context", __FUNCTION__); + + response = buffer_get_string(m, NULL); + rs[0] = response; + + authok = sshpam_respond(sshpam_auth_ctxt, 1, rs); + debug3("%s: <%s> = <%d>", __FUNCTION__, response, aut...

https://bugzilla.mindrot.org/show_bug.cgi?id=2502 Bug ID: 2502 Summary: using AuthenticationMethods to require s/key and pam doesn't work Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

...wrap.c =================================================================== RCS file: /var/cvs/openssh/monitor_wrap.c,v retrieving revision 1.6 diff -u -r1.6 monitor_wrap.c --- monitor_wrap.c 23 Apr 2002 10:28:49 -0000 1.6 +++ monitor_wrap.c 24 Apr 2002 01:03:18 -0000 @@ -804,6 +804,77 @@ return ((authok == 0) ? -1 : 0); } +void * +mm_pam_init_ctx(struct Authctxt *authctxt) +{ + fatal("Not implemented"); + return (NULL); +} + +int +mm_pam_query(void *ctx, char **name, char **infotxt, + u_int *numprompts, char ***prompts, u_int **echo_on) +{ + Buffer m; + int res; + char *challenge; +...

..._postauth15; monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); +#ifdef HAVE_OSF_SIA + monitor_permit(mon_dispatch, MONITOR_REQ_SETUP_SIA, 1); +#endif } if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); @@ -716,6 +732,22 @@ auth_method = "skey"; return (authok != 0); +} +#endif + +#ifdef HAVE_OSF_SIA +int +mm_answer_setup_sia(int socket, Buffer *m) +{ + char *user, *tty; + + user = buffer_get_string(m, NULL); + tty = buffer_get_string(m, NULL); + + setup_sia(user, tty); + + xfree(user); + xfree(tty); } #endif Index: monitor.h =========================...

...REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond}, #endif +#ifdef HAVE_OSF_SIA + {MONITOR_REQ_SETUP_SIA, MON_ONCE, mm_answer_setup_sia}, +#endif #ifdef USE_PAM {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, #endif @@ -716,6 +726,22 @@ auth_method = "skey"; return (authok != 0); +} +#endif + +#ifdef HAVE_OSF_SIA +int +mm_answer_setup_sia(int socket, Buffer *m) +{ + char *user, *tty; + + user = buffer_get_string(m, NULL); + tty = buffer_get_string(m, NULL); + + setup_sia(user, tty); + + xfree(user); + xfree(tty); } #endif Index: monitor.h =========================...

...e { mon_dispatch = mon_dispatch_postauth15; monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); +#ifdef HAVE_OSF_SIA + monitor_permit(mon_dispatch, MONITOR_REQ_SETUP_SIA, 1); +#endif } if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); @@ -717,6 +733,22 @@ return (authok != 0); } +#endif + +#ifdef HAVE_OSF_SIA +int +mm_answer_setup_sia(int socket, Buffer *m) +{ + char *user, *tty; + + user = buffer_get_string(m, NULL); + tty = buffer_get_string(m, NULL); + + setup_sia(user, tty); + + xfree(user); + xfree(tty); +} #endif #ifdef USE_PAM diff -ur openssh-3.4p1/mon...

...****************** Shouldn't need to edit below this line ************** */ diff -urN openssh-2.5.1p2/auth-chall.c openssh-2.5.1p2-tis/auth-chall.c --- openssh-2.5.1p2/auth-chall.c Sun Feb 18 07:01:00 2001 +++ openssh-2.5.1p2-tis/auth-chall.c Fri Mar 9 11:07:39 2001 @@ -68,7 +68,61 @@ return authok != 0; } #else -#ifdef SKEY + +#if defined(SKEY) && defined(TIS_AUTH) +#error "S/Key and TIS authentication is not supported at the same time" +#endif + +#ifdef TIS_AUTH + +#include "tisauth.h" +#include "servconf.h" +#include "xmalloc.h" + +extern S...

...[Mar 26 14:36:57] DEBUG[12001]: chan_sip.c:11888 sip_dump_history: 007. CancelDestroy [Mar 26 14:36:57] DEBUG[12001]: chan_sip.c:11888 sip_dump_history: 008. Invite New call: 842ada2a-77b3dff at 192.168.xx.xx [Mar 26 14:36:57] DEBUG[12001]: chan_sip.c:11888 sip_dump_history: 009. AuthOK Auth challenge succesful for 293 [Mar 26 14:36:57] DEBUG[12001]: chan_sip.c:11888 sip_dump_history: 010. NewChan Channel SIP/293-00000002 - from 842ada2a-77b3dff at 192.168.xx.xx [Mar 26 14:36:57] DEBUG[12001]: chan_sip.c:11888 sip_dump_history: 011. TxResp SIP/2.0 / 1...

...e { mon_dispatch = mon_dispatch_postauth15; monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); +#ifdef HAVE_OSF_SIA + monitor_permit(mon_dispatch, MONITOR_REQ_SETUP_SIA, 1); +#endif } if (!no_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); @@ -717,6 +733,22 @@ return (authok != 0); } +#endif + +#ifdef HAVE_OSF_SIA +int +mm_answer_setup_sia(int socket, Buffer *m) +{ + char *user, *tty; + + user = buffer_get_string(m, NULL); + tty = buffer_get_string(m, NULL); + + setup_sia(user, tty); + + xfree(user); + xfree(tty); +} #endif #ifdef USE_PAM diff -ur openssh-3.4p1/mon...