198937Sdes/* 298937Sdes * Copyright (c) 2002 Chris Adams. All rights reserved. 398937Sdes * 498937Sdes * Redistribution and use in source and binary forms, with or without 598937Sdes * modification, are permitted provided that the following conditions 698937Sdes * are met: 798937Sdes * 1. Redistributions of source code must retain the above copyright 898937Sdes * notice, this list of conditions and the following disclaimer. 998937Sdes * 2. Redistributions in binary form must reproduce the above copyright 1098937Sdes * notice, this list of conditions and the following disclaimer in the 1198937Sdes * documentation and/or other materials provided with the distribution. 1298937Sdes * 1398937Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1498937Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1598937Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1698937Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1798937Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1898937Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1998937Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2098937Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2198937Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2298937Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2398937Sdes */ 2498937Sdes 2598937Sdes#include "includes.h" 2698937Sdes 2798937Sdes#ifdef HAVE_OSF_SIA 2898937Sdes#include <sia.h> 2998937Sdes#include <siad.h> 3098937Sdes#include <pwd.h> 3198937Sdes#include <signal.h> 3298937Sdes#include <setjmp.h> 3398937Sdes#include <sys/resource.h> 3498937Sdes#include <unistd.h> 35162852Sdes#include <stdarg.h> 3698937Sdes#include <string.h> 3798937Sdes 38162852Sdes#include "ssh.h" 39162852Sdes#include "key.h" 40162852Sdes#include "hostfile.h" 41162852Sdes#include "auth.h" 42162852Sdes#include "auth-sia.h" 43162852Sdes#include "log.h" 44162852Sdes#include "servconf.h" 45162852Sdes#include "canohost.h" 46162852Sdes#include "uidswap.h" 47162852Sdes 4898937Sdesextern ServerOptions options; 4998937Sdesextern int saved_argc; 5098937Sdesextern char **saved_argv; 5198937Sdes 5298937Sdesint 53147001Sdessys_auth_passwd(Authctxt *authctxt, const char *pass) 5498937Sdes{ 5598937Sdes int ret; 5698937Sdes SIAENTITY *ent = NULL; 5798937Sdes const char *host; 5898937Sdes 59124208Sdes host = get_canonical_hostname(options.use_dns); 6098937Sdes 61124208Sdes if (!authctxt->user || pass == NULL || pass[0] == '\0') 62124208Sdes return (0); 6398937Sdes 64113908Sdes if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, 65113908Sdes NULL, 0, NULL) != SIASUCCESS) 66124208Sdes return (0); 6798937Sdes 6898937Sdes if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { 69124208Sdes error("Couldn't authenticate %s from %s", 70124208Sdes authctxt->user, host); 7198937Sdes if (ret & SIASTOP) 7298937Sdes sia_ses_release(&ent); 73124208Sdes 74124208Sdes return (0); 7598937Sdes } 7698937Sdes 7798937Sdes sia_ses_release(&ent); 7898937Sdes 79124208Sdes return (1); 8098937Sdes} 8198937Sdes 8298937Sdesvoid 83113908Sdessession_setup_sia(struct passwd *pw, char *tty) 8498937Sdes{ 8598937Sdes SIAENTITY *ent = NULL; 8698937Sdes const char *host; 8798937Sdes 88124208Sdes host = get_canonical_hostname(options.use_dns); 8998937Sdes 90126274Sdes if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, 91124208Sdes tty, 0, NULL) != SIASUCCESS) 9298937Sdes fatal("sia_ses_init failed"); 9398937Sdes 9498937Sdes if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { 9598937Sdes sia_ses_release(&ent); 9698937Sdes fatal("sia_make_entity_pwd failed"); 9798937Sdes } 9898937Sdes 9998937Sdes ent->authtype = SIA_A_NONE; 100113908Sdes if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) 101113908Sdes fatal("Couldn't establish session for %s from %s", 102113908Sdes pw->pw_name, host); 103113908Sdes 104113908Sdes if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) 105124208Sdes fatal("Couldn't launch session for %s from %s", 106124208Sdes pw->pw_name, host); 107126274Sdes 10898937Sdes sia_ses_release(&ent); 10998937Sdes 110126274Sdes setuid(0); 111126274Sdes permanently_set_uid(pw); 11298937Sdes} 11398937Sdes 11498937Sdes#endif /* HAVE_OSF_SIA */ 115