aboutsummaryrefslogblamecommitdiff
path: root/auth-sia.c
blob: debf30201b73fe182419c63ae6f08735516ad9df (plain) (tree) 
83d2307d00b1



























83d2307d00b1







761efaa70c2e

83d2307d00b1

5521539314d8




83d2307d00b1

761efaa70c2e










83d2307d00b1




5521539314d8














































83d2307d00b1

4518870c7202

83d2307d00b1




83d2307d00b1

d95e11bf7e5a

83d2307d00b1

d95e11bf7e5a


83d2307d00b1

d0c8c0bcc279


d95e11bf7e5a

83d2307d00b1


d95e11bf7e5a


83d2307d00b1


d95e11bf7e5a


83d2307d00b1




5521539314d8



d95e11bf7e5a

83d2307d00b1



d0c8c0bcc279

83d2307d00b1

83d2307d00b1



d95e11bf7e5a

83d2307d00b1

efcad6b72fe9

d95e11bf7e5a

83d2307d00b1

83d2307d00b1

83d2307d00b1






d0c8c0bcc279



83d2307d00b1

d0c8c0bcc279

d95e11bf7e5a


efcad6b72fe9

83d2307d00b1


efcad6b72fe9


83d2307d00b1



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

28
29
30
31
32
33
34

35

36

37
38
39
40

41

42
43
44
45
46
47
48
49
50
51

52
53
54
55

56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

102

103

104
105
106
107

108

109

110

111
112

113

114
115

116

117
118

119
120

121
122

123
124

125
126
127
128

129
130
131

132

133
134
135

136

137

138
139
140

141

142

143

144

145

146

147
148
149
150
151
152

153
154
155

156

157

158
159

160

161
162

163
164

165
166
167



























                                                                            






                         
                   
                   



                         
 









                     



                             













































                                                                               
   
                                                     



                              
 
                                                       
 

                                                               
 

                                                                            
                           

                                                                     

                                                         

                                              

                           



                              


                                                                
                   


    
                                               
 


                              
                                                       
 
                                                                         
                                        
                                             
 





                                                         


                                                                  
 
                                                               

                                                               
 

                              

                                


                         
/*
 * Copyright (c) 2002 Chris Adams.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"

#ifdef HAVE_OSF_SIA
#include <sia.h>
#include <siad.h>
#include <pwd.h>
#include <signal.h>
#include <setjmp.h>
#include <sys/resource.h>
#include <unistd.h>
#include <stdarg.h>
#include <string.h>
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
#include <time.h>

#include "ssh.h"
#include "key.h"
#include "hostfile.h"
#include "auth.h"
#include "auth-sia.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "uidswap.h"

extern ServerOptions options;
extern int saved_argc;
extern char **saved_argv;

static int
sia_password_change_required(const char *user)
{
	struct es_passwd *acct;
	time_t pw_life;
	time_t pw_date;

	set_auth_parameters(saved_argc, saved_argv);

	if ((acct = getespwnam(user)) == NULL) {
		error("Couldn't access protected database entry for %s", user);
		endprpwent();
		return (0);
	}

	/* If forced password change flag is set, honor it */
	if (acct->uflg->fg_psw_chg_reqd && acct->ufld->fd_psw_chg_reqd) {
		endprpwent();
		return (1);
	}

	/* Obtain password lifetime; if none, it can't have expired */
	if (acct->uflg->fg_expire)
		pw_life = acct->ufld->fd_expire;
	else if (acct->sflg->fg_expire)
		pw_life = acct->sfld->fd_expire;
	else {
		endprpwent();
		return (0);
	}

	/* Offset from last change; if none, it must be expired */
	if (acct->uflg->fg_schange)
		pw_date = acct->ufld->fd_schange + pw_life;
	else {
		endprpwent();
		return (1);
	}

	endprpwent();

	/* If expiration date is prior to now, change password */
	
	return (pw_date <= time((time_t *) NULL));
}

int
sys_auth_passwd(Authctxt *authctxt, const char *pass)
{
	int ret;
	SIAENTITY *ent = NULL;
	const char *host;

	host = get_canonical_hostname(options.use_dns);

	if (!authctxt->user || pass == NULL || pass[0] == '\0')
		return (0);

	if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
	    NULL, 0, NULL) != SIASUCCESS)
		return (0);

	if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
		error("Couldn't authenticate %s from %s",
		    authctxt->user, host);
		if (ret & SIASTOP)
			sia_ses_release(&ent);

		return (0);
	}

	sia_ses_release(&ent);

	authctxt->force_pwchange = sia_password_change_required(
		authctxt->user);

	return (1);
}

void
session_setup_sia(struct passwd *pw, char *tty)
{
	SIAENTITY *ent = NULL;
	const char *host;

	host = get_canonical_hostname(options.use_dns);

	if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name,
	    tty, 0, NULL) != SIASUCCESS)
		fatal("sia_ses_init failed");

	if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
		sia_ses_release(&ent);
		fatal("sia_make_entity_pwd failed");
	}

	ent->authtype = SIA_A_NONE;
	if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
		fatal("Couldn't establish session for %s from %s",
		    pw->pw_name, host);

	if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
		fatal("Couldn't launch session for %s from %s",
		    pw->pw_name, host);

	sia_ses_release(&ent);

	setuid(0);
	permanently_set_uid(pw);
}

#endif /* HAVE_OSF_SIA */
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-12 04:22:15 +0000