118334Speter/*
290075Sobrien * Copyright (c) 2002 Chris Adams.  All rights reserved.
3132718Skan *
418334Speter * Redistribution and use in source and binary forms, with or without
590075Sobrien * modification, are permitted provided that the following conditions
618334Speter * are met:
790075Sobrien * 1. Redistributions of source code must retain the above copyright
890075Sobrien *    notice, this list of conditions and the following disclaimer.
990075Sobrien * 2. Redistributions in binary form must reproduce the above copyright
1090075Sobrien *    notice, this list of conditions and the following disclaimer in the
1118334Speter *    documentation and/or other materials provided with the distribution.
1290075Sobrien *
1390075Sobrien * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
1490075Sobrien * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
1590075Sobrien * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1618334Speter * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
1718334Speter * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1890075Sobrien * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1990075Sobrien * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
2090075Sobrien * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
2118334Speter * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
2218334Speter * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2318334Speter */
2418334Speter
2518334Speter#include "includes.h"
2618334Speter
2718334Speter#ifdef HAVE_OSF_SIA
2818334Speter#include <sia.h>
2918334Speter#include <siad.h>
3018334Speter#include <pwd.h>
3118334Speter#include <signal.h>
3218334Speter#include <setjmp.h>
3318334Speter#include <sys/resource.h>
3450397Sobrien#include <unistd.h>
3550397Sobrien#include <stdarg.h>
3618334Speter#include <string.h>
3718334Speter
3818334Speter#include "ssh.h"
3918334Speter#include "key.h"
4018334Speter#include "hostfile.h"
4118334Speter#include "auth.h"
4218334Speter#include "auth-sia.h"
4318334Speter#include "log.h"
4418334Speter#include "servconf.h"
4518334Speter#include "canohost.h"
4618334Speter#include "uidswap.h"
47117395Skan
48117395Skanextern ServerOptions options;
49117395Skanextern int saved_argc;
5018334Speterextern char **saved_argv;
5118334Speter
5218334Speterint
5350397Sobriensys_auth_passwd(Authctxt *authctxt, const char *pass)
54117395Skan{
55117395Skan	int ret;
56117395Skan	SIAENTITY *ent = NULL;
57117395Skan	const char *host;
58117395Skan
59117395Skan	host = get_canonical_hostname(options.use_dns);
6018334Speter
6152284Sobrien	if (!authctxt->user || pass == NULL || pass[0] == '\0')
6252284Sobrien		return (0);
6352284Sobrien
6452284Sobrien	if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
6552284Sobrien	    NULL, 0, NULL) != SIASUCCESS)
6652284Sobrien		return (0);
6752284Sobrien
6818334Speter	if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
69132718Skan		error("Couldn't authenticate %s from %s",
70132718Skan		    authctxt->user, host);
71132718Skan		if (ret & SIASTOP)
72132718Skan			sia_ses_release(&ent);
73132718Skan
74132718Skan		return (0);
75132718Skan	}
76132718Skan
77132718Skan	sia_ses_release(&ent);
78132718Skan
79132718Skan	return (1);
80132718Skan}
81132718Skan
82132718Skanvoid
83132718Skansession_setup_sia(struct passwd *pw, char *tty)
84132718Skan{
85132718Skan	SIAENTITY *ent = NULL;
86132718Skan	const char *host;
87132718Skan
88132718Skan	host = get_canonical_hostname(options.use_dns);
89132718Skan
90132718Skan	if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
91132718Skan	    tty, 0, NULL) != SIASUCCESS)
92132718Skan		fatal("sia_ses_init failed");
93132718Skan
94132718Skan	if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
9518334Speter		sia_ses_release(&ent);
9690075Sobrien		fatal("sia_make_entity_pwd failed");
9790075Sobrien	}
9890075Sobrien
9918334Speter	ent->authtype = SIA_A_NONE;
10018334Speter	if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
10118334Speter		fatal("Couldn't establish session for %s from %s",
10250397Sobrien		    pw->pw_name, host);
10318334Speter
10418334Speter	if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
10518334Speter		fatal("Couldn't launch session for %s from %s",
106132718Skan		    pw->pw_name, host);
107132718Skan
108132718Skan	sia_ses_release(&ent);
109132718Skan
110132718Skan	setuid(0);
111132718Skan	permanently_set_uid(pw);
112132718Skan}
113132718Skan
114132718Skan#endif /* HAVE_OSF_SIA */
115132718Skan