search for: siaentity

Hello. The following is a patch against OpenSSH 3.0.2p1 to fix OpenSSH's handling of Tru64 SIA authentication. The main changes are to make the SIAENTITY a global variable (so that it remains persistent across function calls), initialization only happens once, the session is only released once. This makes SIA modules that require authentication in order to perform certain actions during the session launch call work properly. For example, we have a...

...ed Sep 24 00:05:39 2003 @@ -31,6 +31,7 @@ #include "log.h" #include "servconf.h" #include "canohost.h" +#include "xmalloc.h" #include <sia.h> #include <siad.h> @@ -45,11 +46,12 @@ extern int saved_argc; extern char **saved_argv; +static SIAENTITY *ent = NULL; + int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; - SIAENTITY *ent = NULL; const char *host; host = get_canonical_hostname(options.use_dns); @@ -57,6 +59,12 @@ if (!authctxt->user || pass == NULL || pass[0] == '\0') return (0); + if (ent) {...

...t Oct 14 21:24:19 2000 @@ -0,0 +1,34 @@ +#include "includes.h" + +#ifdef HAVE_OSF_SIA +#include "ssh.h" + +#include <sia.h> +#include <siad.h> + +extern int saved_argc; +extern char **saved_argv; + +int +auth_sia_password (user, pass) + char *user; + char *pass; +{ + SIAENTITY *ent = NULL; + int ret; + + if (sia_ses_init (&ent, saved_argc, saved_argv, + get_canonical_hostname(), user, NULL, 0, NULL) != SIASUCCESS) + return 0; + if ((ret = sia_ses_authent (NULL, pass, ent)) != SIASUCCESS) { + if (ret & SIASTOP) + sia_ses_release (&ent); + return 0; +...

...2 > +++ openssh/auth-sia.c Tue Sep 3 22:03:16 2002 > @@ -45,27 +45,25 @@ > extern int saved_argc; > extern char **saved_argv; > > -extern int errno; > - > int > auth_sia_password(Authctxt *authctxt, char *pass) > { > int ret; > SIAENTITY *ent = NULL; > const char *host; > - char *user = authctxt->user; > > host = get_canonical_hostname(options.verify_reverse_mapping); > > - if (!user || !pass || pass[0] == '\0') > + if (!authctxt->user || !pass || pass[0] == '\0') &...

...ia.c openssh/auth-sia.c --- openssh-SNAP-20030226/auth-sia.c Tue Jan 21 22:42:27 2003 +++ openssh/auth-sia.c Wed Feb 26 19:46:17 2003 @@ -45,27 +45,25 @@ extern int saved_argc; extern char **saved_argv; -extern int errno; - int auth_sia_password(Authctxt *authctxt, char *pass) { int ret; SIAENTITY *ent = NULL; const char *host; - char *user = authctxt->user; host = get_canonical_hostname(options.verify_reverse_mapping); - if (pass[0] == '\0') + if (!authctxt->user || !pass || pass[0] == '\0') return(0); - if (sia_ses_init(&ent, saved_argc, saved_argv, h...

...x: auth-sia.c =================================================================== RCS file: /openssh/openssh_cvs/auth-sia.c,v retrieving revision 1.18 diff -u -r1.18 auth-sia.c --- auth-sia.c 7 Sep 2006 23:54:41 -0000 1.18 +++ auth-sia.c 14 Sep 2006 10:54:12 -0000 @@ -55,12 +55,14 @@ int ret; SIAENTITY *ent = NULL; const char *host; + struct passwd * pw = authctxt->pw; - host = get_canonical_hostname(options.use_dns); - + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + return (0); if (!authctxt->user || pass == NULL || pass[0] == '\0') return...

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

...asswd() to check the permit_root_login option and fail without calling the SIA functions? Here's a patch that does that: diff -urN openssh-dist/auth-sia.c openssh/auth-sia.c --- openssh-dist/auth-sia.c Thu Mar 4 05:59:37 2004 +++ openssh/auth-sia.c Thu Apr 7 07:52:13 2005 @@ -53,6 +53,9 @@ SIAENTITY *ent = NULL; const char *host; + if (! auth_root_allowed ("password")) + return (0); + host = get_canonical_hostname(options.use_dns); if (!authctxt->user || pass == NULL || pass[0] == '\0') -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administr...

...- HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. diff -urN openssh-3.7p1-dist/auth-sia.c openssh-3.7p1/auth-sia.c --- openssh-3.7p1-dist/auth-sia.c Mon Jun 2 19:25:48 2003 +++ openssh-3.7p1/auth-sia.c Tue Sep 16 14:02:56 2003 @@ -80,6 +80,7 @@ { SIAENTITY *ent = NULL; const char *host; + uid_t uid; host = get_canonical_hostname(options.use_dns); @@ -103,8 +104,11 @@ sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) - fatal("setreuid: %s", strerror(errno)); + uid = geteuid(); + if (setuid(0) < 0) +...

...e: /var/cvs/openssh/auth-sia.c,v retrieving revision 1.7 diff -u -r1.7 auth-sia.c --- auth-sia.c 12 Apr 2002 15:36:08 -0000 1.7 +++ auth-sia.c 29 Jun 2002 03:19:18 -0000 @@ -77,7 +77,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +86,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(use...

...e: /var/cvs/openssh/auth-sia.c,v retrieving revision 1.7 diff -u -r1.7 auth-sia.c --- auth-sia.c 12 Apr 2002 15:36:08 -0000 1.7 +++ auth-sia.c 28 Jun 2002 20:29:00 -0000 @@ -77,7 +77,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +86,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(use...

...#include <string.h> +/* import */ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; +extern int use_privsep; extern int errno; @@ -77,7 +79,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +88,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(use...

...#include <string.h> +/* import */ extern ServerOptions options; extern int saved_argc; extern char **saved_argv; +extern int use_privsep; extern int errno; @@ -77,7 +79,7 @@ } void -session_setup_sia(char *user, char *tty) +setup_sia(char *user, char *tty) { struct passwd *pw; SIAENTITY *ent = NULL; @@ -86,9 +88,8 @@ host = get_canonical_hostname (options.verify_reverse_mapping); if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0, - NULL) != SIASUCCESS) { + NULL) != SIASUCCESS) fatal("sia_ses_init failed"); - } if ((pw = getpwnam(use...

Hi All. OpenSSH 4.1 will be released in the next couple of weeks and we invite interested parties to test a snapshot. The changes since 4.0 are mostly bugfixes, for a detailed list see http://bugzilla.mindrot.org/show_bug.cgi?id=994 Running the regression tests supplied with Portable does not require installation and is a simply: $ ./configure && make tests Testing on suitable