118334Speter/* 290075Sobrien * Copyright (c) 2002 Chris Adams. All rights reserved. 3132718Skan * 418334Speter * Redistribution and use in source and binary forms, with or without 590075Sobrien * modification, are permitted provided that the following conditions 618334Speter * are met: 790075Sobrien * 1. Redistributions of source code must retain the above copyright 890075Sobrien * notice, this list of conditions and the following disclaimer. 990075Sobrien * 2. Redistributions in binary form must reproduce the above copyright 1090075Sobrien * notice, this list of conditions and the following disclaimer in the 1118334Speter * documentation and/or other materials provided with the distribution. 1290075Sobrien * 1390075Sobrien * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1490075Sobrien * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1590075Sobrien * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1618334Speter * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1718334Speter * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1890075Sobrien * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1990075Sobrien * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2090075Sobrien * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2118334Speter * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2218334Speter * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2318334Speter */ 2418334Speter 2518334Speter#include "includes.h" 2618334Speter 2718334Speter#ifdef HAVE_OSF_SIA 2818334Speter#include <sia.h> 2918334Speter#include <siad.h> 3018334Speter#include <pwd.h> 3118334Speter#include <signal.h> 3218334Speter#include <setjmp.h> 3318334Speter#include <sys/resource.h> 3450397Sobrien#include <unistd.h> 3550397Sobrien#include <stdarg.h> 3618334Speter#include <string.h> 3718334Speter 3818334Speter#include "ssh.h" 3918334Speter#include "key.h" 4018334Speter#include "hostfile.h" 4118334Speter#include "auth.h" 4218334Speter#include "auth-sia.h" 4318334Speter#include "log.h" 4418334Speter#include "servconf.h" 4518334Speter#include "canohost.h" 4618334Speter#include "uidswap.h" 47117395Skan 48117395Skanextern ServerOptions options; 49117395Skanextern int saved_argc; 5018334Speterextern char **saved_argv; 5118334Speter 5218334Speterint 5350397Sobriensys_auth_passwd(Authctxt *authctxt, const char *pass) 54117395Skan{ 55117395Skan int ret; 56117395Skan SIAENTITY *ent = NULL; 57117395Skan const char *host; 58117395Skan 59117395Skan host = get_canonical_hostname(options.use_dns); 6018334Speter 6152284Sobrien if (!authctxt->user || pass == NULL || pass[0] == '\0') 6252284Sobrien return (0); 6352284Sobrien 6452284Sobrien if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user, 6552284Sobrien NULL, 0, NULL) != SIASUCCESS) 6652284Sobrien return (0); 6752284Sobrien 6818334Speter if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) { 69132718Skan error("Couldn't authenticate %s from %s", 70132718Skan authctxt->user, host); 71132718Skan if (ret & SIASTOP) 72132718Skan sia_ses_release(&ent); 73132718Skan 74132718Skan return (0); 75132718Skan } 76132718Skan 77132718Skan sia_ses_release(&ent); 78132718Skan 79132718Skan return (1); 80132718Skan} 81132718Skan 82132718Skanvoid 83132718Skansession_setup_sia(struct passwd *pw, char *tty) 84132718Skan{ 85132718Skan SIAENTITY *ent = NULL; 86132718Skan const char *host; 87132718Skan 88132718Skan host = get_canonical_hostname(options.use_dns); 89132718Skan 90132718Skan if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, 91132718Skan tty, 0, NULL) != SIASUCCESS) 92132718Skan fatal("sia_ses_init failed"); 93132718Skan 94132718Skan if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) { 9518334Speter sia_ses_release(&ent); 9690075Sobrien fatal("sia_make_entity_pwd failed"); 9790075Sobrien } 9890075Sobrien 9918334Speter ent->authtype = SIA_A_NONE; 10018334Speter if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) 10118334Speter fatal("Couldn't establish session for %s from %s", 10250397Sobrien pw->pw_name, host); 10318334Speter 10418334Speter if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) 10518334Speter fatal("Couldn't launch session for %s from %s", 106132718Skan pw->pw_name, host); 107132718Skan 108132718Skan sia_ses_release(&ent); 109132718Skan 110132718Skan setuid(0); 111132718Skan permanently_set_uid(pw); 112132718Skan} 113132718Skan 114132718Skan#endif /* HAVE_OSF_SIA */ 115132718Skan