summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2000-01-23 10:32:03 +1100
committerDamien Miller <djm@mindrot.org>2000-01-23 10:32:03 +1100
commit1fa154bb1e06bfb4f8d6b95f09a6352d38577c57 (patch)
tree62678a152fab75d8062dff6eb85e72db6fb27acc
parent6fe375dee4f0c5b81026d7eb9dc00cf75645b241 (diff)
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
-rw-r--r--CREDITS3
-rw-r--r--ChangeLog2
-rw-r--r--acconfig.h9
-rw-r--r--auth-passwd.c16
-rw-r--r--bsd-misc.c3
-rw-r--r--cipher.c3
-rw-r--r--configure.in44
-rw-r--r--ssh.c6
-rw-r--r--ssh.h54
-rw-r--r--sshd.c38
10 files changed, 167 insertions, 11 deletions
diff --git a/CREDITS b/CREDITS
index 03910b30..45775a3e 100644
--- a/CREDITS
+++ b/CREDITS
@@ -15,7 +15,7 @@ Chun-Chung Chen <cjj@u.washington.edu> - RPM fixes
Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
Darren Hall <dhall@virage.org> - AIX patches
David Agraz <dagraz@jahoopa.com> - Build fixes
-David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, NetBSD fixes
+David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
Gary E. Miller <gem@rellim.com> - SCO support
Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> - KRB4/AFS config patch
Jani Hakala <jahakala@cc.jyu.fi> - Patches
@@ -26,6 +26,7 @@ Juergen Keil <jk@tools.de> - scp bugfixing
Kees Cook <cook@cpoint.net> - scp fixes
Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches
+Matt Richards <v2matt@btv.ibm.com> - AIX patches
Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
Niels Kristian Bech Jensen <nkbj@image.dk> - Assorted patches
Peter Kocks <peter.kocks@baygate.com> - Makefile fixes
diff --git a/ChangeLog b/ChangeLog
index afc51024..74b20e8d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
+ <drankin@bohemians.lexington.ky.us>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
diff --git a/acconfig.h b/acconfig.h
index c5e6d3ee..e96b195d 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -12,6 +12,9 @@
/* Define if you want to disable PAM support */
#undef DISABLE_PAM
+/* Define if you want to disable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
/* Define if you want to disable lastlog support */
#undef DISABLE_LASTLOG
@@ -30,6 +33,12 @@
/* Define if using the Dante SOCKS library. */
#undef HAVE_DANTE
+/* Define if using the Socks4 SOCKS library. */
+#undef HAVE_SOCKS4
+
+/* Define if using the Socks5 SOCKS library. */
+#undef HAVE_SOCKS5
+
/* Define if you want to install preformatted manpages.*/
#undef MANTYPE
diff --git a/auth-passwd.c b/auth-passwd.c
index a8a52ce9..278212aa 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -11,13 +11,17 @@
#ifndef USE_PAM
-RCSID("$Id: auth-passwd.c,v 1.15 2000/01/06 01:03:13 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.16 2000/01/22 23:32:03 damien Exp $");
#include "packet.h"
#include "ssh.h"
#include "servconf.h"
#include "xmalloc.h"
+#ifdef WITH_AIXAUTHENTICATE
+#include <login.h>
+#endif
+
#ifdef HAVE_SHADOW_H
# include <shadow.h>
#endif
@@ -39,6 +43,11 @@ auth_password(struct passwd * pw, const char *password)
#ifdef HAVE_SHADOW_H
struct spwd *spw;
#endif
+#ifdef WITH_AIXAUTHENTICATE
+ char *authmsg;
+ char *loginmsg;
+ int reenter = 1;
+#endif
/* deny if no user. */
if (pw == NULL)
@@ -56,6 +65,11 @@ auth_password(struct passwd * pw, const char *password)
/* Fall back to ordinary passwd authentication. */
}
#endif
+
+#ifdef WITH_AIXAUTHENTICATE
+ return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
+#endif
+
#ifdef KRB4
if (options.kerberos_authentication == 1) {
int ret = auth_krb4_password(pw, password);
diff --git a/bsd-misc.c b/bsd-misc.c
index 2328e573..b2c70c68 100644
--- a/bsd-misc.c
+++ b/bsd-misc.c
@@ -47,6 +47,9 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <fcntl.h>
+#ifdef HAVE_STDDEF_H
+#include <stddef.h>
+#endif
#include "xmalloc.h"
#include "ssh.h"
diff --git a/cipher.c b/cipher.c
index 64c407e6..5589c24f 100644
--- a/cipher.c
+++ b/cipher.c
@@ -12,10 +12,11 @@
*/
#include "includes.h"
-RCSID("$Id: cipher.c,v 1.11 1999/12/14 22:34:31 damien Exp $");
+RCSID("$Id: cipher.c,v 1.12 2000/01/22 23:32:03 damien Exp $");
#include "ssh.h"
#include "cipher.h"
+#include "config.h"
#ifdef HAVE_OPENSSL
#include <openssl/md5.h>
diff --git a/configure.in b/configure.in
index 4d414573..6f5cdafc 100644
--- a/configure.in
+++ b/configure.in
@@ -518,13 +518,53 @@ dnl Compile with dante SOCKS library
AC_ARG_WITH(dante,
[ --with-dante=DIR Use Dante SOCKS lib (default is system library path)],
[
- AC_DEFINE(HAVE_DANTE)
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
if test "x$withval" != "xno" ; then
if test -n $withval ; then
LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
fi
- LIBS="$LIBS -lsocks"
+ AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_DANTE) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+ ]
+)
+
+dnl Compile with SOCKS4 SOCKS library
+AC_ARG_WITH(socks4,
+ [ --with-socks4=DIR Use Socks4 SOCKS lib (default is system library path)],
+ [
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_SOCKS4) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+ ]
+)
+
+dnl Compile with SOCKS5 SOCKS library
+AC_ARG_WITH(socks5,
+ [ --with-socks5=DIR Use Socks5 SOCKS lib (default is system library path)],
+ [
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ AC_CHECK_LIB(socks5, SOCKSconnect, AC_DEFINE(HAVE_SOCKS5) SOCKSLIBS="$SOCKSLIBPATH -lsocks5")
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
]
)
AC_ARG_WITH(catman,
diff --git a/ssh.c b/ssh.c
index 2a2fb2d3..bf0ac6bd 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.17 2000/01/19 03:36:49 damien Exp $");
+RCSID("$Id: ssh.c,v 1.18 2000/01/22 23:32:04 damien Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -217,6 +217,10 @@ main(int ac, char **av)
/* Save our own name. */
av0 = av[0];
+#ifdef SOCKS
+ SOCKSinit(av0);
+#endif /* SOCKS */
+
/* Initialize option structure to indicate that no values have been set. */
initialize_options(&options);
diff --git a/ssh.h b/ssh.h
index 0f3302a6..390f463e 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
*
*/
-/* RCSID("$Id: ssh.h,v 1.24 2000/01/14 04:45:52 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.25 2000/01/22 23:32:04 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
@@ -752,7 +752,7 @@ extern int IPv4or6;
#include "auth-pam.h"
#endif /* USE_PAM */
-#ifdef HAVE_DANTE
+#if defined(HAVE_DANTE) || defined(HAVE_SOCKS4)
/*
* The following defines map the normal socket operations to SOCKSified
* versions coming from the Dante SOCKS package.
@@ -795,6 +795,54 @@ ssize_t Rsendto (int, const void *,
size_t, int, const struct sockaddr *, socklen_t);
ssize_t Rwrite(int , const void *, size_t );
ssize_t Rwritev(int , const struct iovec *, int );
-#endif /* HAVE_DANTE */
+#endif /* HAVE_DANTE || HAVE_SOCKS4 */
+#if defined(HAVE_SOCKS5)
+/*
+ * The following defines map the normal socket operations to SOCKSified
+ * versions coming from the SOCKS package.
+ */
+#define accept SOCKSaccept
+#define bind SOCKSbind
+#define bindresvport SOCKSbindresvport
+#define connect SOCKSconnect
+#define gethostbyname SOCKSgethostbyname
+#define gethostbyname2 SOCKSgethostbyname2
+#define getpeername SOCKSgetpeername
+#define getsockname SOCKSgetsockname
+#define read SOCKSread
+#define readv SOCKSreadv
+#define recv SOCKSrecv
+#define recvmsg SOCKSrecvmsg
+#define recvfrom SOCKSrecvfrom
+#define rresvport SOCKSrresvport
+#define send SOCKSsend
+#define sendmsg SOCKSsendmsg
+#define sendto SOCKSsendto
+#define write SOCKSwrite
+#define writev SOCKSwritev
+int SOCKSaccept (int, struct sockaddr *, socklen_t *);
+int SOCKSbind (int, const struct sockaddr *, socklen_t);
+int SOCKSbindresvport(int , struct sockaddr_in *);
+int SOCKSconnect (int, const struct sockaddr *, socklen_t);
+struct hostent *SOCKSgethostbyname(const char *);
+struct hostent *SOCKSgethostbyname2(const char *, int);
+int SOCKSgetpeername (int, struct sockaddr *, socklen_t *);
+int SOCKSgetsockname (int, struct sockaddr *, socklen_t *);
+ssize_t SOCKSread(int , void *, size_t );
+ssize_t SOCKSreadv(int d, const struct iovec *iov, int iovcnt);
+ssize_t SOCKSrecv (int, void *, size_t, int);
+ssize_t SOCKSrecvfrom (int, void *, size_t, int, struct sockaddr *,
+ socklen_t *);
+ssize_t SOCKSsend (int, const void *, size_t, int);
+ssize_t SOCKSsendmsg (int, const struct msghdr *, int);
+ssize_t SOCKSsendto (int, const void *,
+ size_t, int, const struct sockaddr *, socklen_t);
+ssize_t SOCKSwrite(int , const void *, size_t );
+ssize_t SOCKSwritev(int , const struct iovec *, int );
+#endif /* SOCKS5 */
+
+#if defined(DANTE) || defined(SOCKS4) || defined(SOCKS5)
+#define SOCKS
+#endif /* defined(DANTE) || defined(SOCKS4) || defined(SOCKS5) */
#endif /* SSH_H */
diff --git a/sshd.c b/sshd.c
index 7f761bb1..a5cbbfc4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1099,6 +1099,9 @@ allowed_user(struct passwd * pw)
{
struct group *grp;
int i;
+#ifdef WITH_AIXAUTHENTICATE
+ char *loginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw)
@@ -1155,6 +1158,12 @@ allowed_user(struct passwd * pw)
return 0;
}
}
+
+#ifdef WITH_AIXAUTHENTICATE
+ if (loginrestrictions(pw->pw_name,S_LOGIN,NULL,&loginmsg) != 0)
+ return 0;
+#endif /* WITH_AIXAUTHENTICATE */
+
/* We found no reason not to let this user try to log on... */
return 1;
}
@@ -1179,6 +1188,10 @@ do_authentication()
setproctitle("%s", user);
+#ifdef WITH_AIXAUTHENTICATE
+ char *loginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+
#ifdef AFS
/* If machine has AFS, set process authentication group. */
if (k_hasafs()) {
@@ -1244,6 +1257,9 @@ do_authentication()
get_canonical_hostname());
}
/* The user has been authenticated and accepted. */
+#ifdef WITH_AIXAUTHENTICATE
+ loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg);
+#endif /* WITH_AIXAUTHENTICATE */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
@@ -1498,8 +1514,7 @@ do_authloop(struct passwd * pw)
if (authenticated) {
#ifdef USE_PAM
- if (!do_pam_account(pw->pw_name, client_user))
- {
+ if (!do_pam_account(pw->pw_name, client_user)) {
if (client_user != NULL)
xfree(client_user);
@@ -1582,6 +1597,11 @@ do_fake_authloop(char *user)
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
+#ifdef WITH_AIXAUTHENTICATE
+ if (strncmp(get_authname(type),"password",
+ strlen(get_authname(type))) == 0)
+ loginfailed(pw->pw_name,get_canonical_hostname(),"ssh");
+#endif /* WITH_AIXAUTHENTICATE */
}
/* NOTREACHED */
abort();
@@ -2423,6 +2443,18 @@ do_child(const char *command, struct passwd * pw, const char *term,
if (display)
child_set_env(&env, &envsize, "DISPLAY", display);
+#ifdef _AIX
+ {
+ char *authstate,*krb5cc;
+
+ if ((authstate = getenv("AUTHSTATE")) != NULL)
+ child_set_env(&env,&envsize,"AUTHSTATE",authstate);
+
+ if ((krb5cc = getenv("KRB5CCNAME")) != NULL)
+ child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc);
+ }
+#endif
+
#ifdef KRB4
{
extern char *ticket;
@@ -2444,6 +2476,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
+ read_environment_file(&env,&envsize,"/etc/environment");
+
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);