Attachment 120 Details for Bug 319 – Sounds like an SIA issue w/ privsep. Does this fix it?

[patch] Sounds like an SIA issue w/ privsep. Does this fix it?

sia-privsep (text/plain), 3.11 KB, created by Ben Lindstrom on 2002-06-29 02:59:33 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Ben Lindstrom

Created: 2002-06-29 02:59:33 AEST

Size: 3.11 KB

patch

obsolete

>Index: auth-sia.c
>===================================================================
>RCS file: /var/cvs/openssh/auth-sia.c,v
>retrieving revision 1.7
>diff -u -r1.7 auth-sia.c
>--- auth-sia.c	12 Apr 2002 15:36:08 -0000	1.7
>+++ auth-sia.c	28 Jun 2002 15:17:12 -0000
>@@ -77,7 +77,7 @@
> }
> 
> void
>-session_setup_sia(char *user, char *tty)
>+setup_sia(char *user, char *tty)
> {
> 	struct passwd *pw;
> 	SIAENTITY *ent = NULL;
>@@ -116,6 +116,7 @@
> 	
> 	sia_ses_release(&ent);
> 
>+	/* XXX: Should this be be around a if (!use_privsep) ? */
> 	if (setreuid(geteuid(), geteuid()) < 0) {
> 		fatal("setreuid: %s", strerror(errno));
> 	}
>Index: monitor.c
>===================================================================
>RCS file: /var/cvs/openssh/monitor.c,v
>retrieving revision 1.22
>diff -u -r1.22 monitor.c
>--- monitor.c	27 Jun 2002 00:12:58 -0000	1.22
>+++ monitor.c	28 Jun 2002 15:17:18 -0000
>@@ -120,6 +120,10 @@
> int mm_answer_pam_start(int, Buffer *);
> #endif
> 
>+#ifdef HAVE_OSF_SIA
>+int mm_answer_setup_sia(int, Buffer *);
>+#endif
>+
> static Authctxt *authctxt;
> static BIGNUM *ssh1_challenge = NULL;	/* used for ssh1 rsa auth */
> 
>@@ -154,6 +158,9 @@
>     {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
>     {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
>     {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
>+#ifdef HAVE_OSF_SIA
>+    (MONITOR_REQ_SETUP_SIA, MON_ONCE, mm_answer_setup_sia),
>+#endif
> #ifdef USE_PAM
>     {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
> #endif
>@@ -196,6 +203,9 @@
>     {MONITOR_REQ_SKEYQUERY, MON_ISAUTH, mm_answer_skeyquery},
>     {MONITOR_REQ_SKEYRESPOND, MON_AUTH, mm_answer_skeyrespond},
> #endif
>+#ifdef HAVE_OSF_SIA
>+    (MONITOR_REQ_SETUP_SIA, MON_ONCE, mm_answer_setup_sia),
>+#endif
> #ifdef USE_PAM
>     {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
> #endif
>@@ -716,6 +726,22 @@
> 	auth_method = "skey";
> 
> 	return (authok != 0);
>+}
>+#endif
>+
>+#ifdef HAVE_OSF_SIA
>+int
>+mm_answer_setup_sia(int socket, Buffer *m)
>+{
>+	char *user, *tty;
>+
>+	user = buffer_get_string(m, NULL);
>+	tty = buffer_get_string(m, NULL);
>+
>+	setup_sia(user, tty);
>+
>+	xfree(user);
>+	xfree(tty);
> }
> #endif
> 
>Index: monitor.h
>===================================================================
>RCS file: /var/cvs/openssh/monitor.h,v
>retrieving revision 1.8
>diff -u -r1.8 monitor.h
>--- monitor.h	11 Jun 2002 16:42:49 -0000	1.8
>+++ monitor.h	28 Jun 2002 15:17:21 -0000
>@@ -50,6 +50,7 @@
> 	MONITOR_REQ_RSACHALLENGE, MONITOR_ANS_RSACHALLENGE,
> 	MONITOR_REQ_RSARESPONSE, MONITOR_ANS_RSARESPONSE,
> 	MONITOR_REQ_PAM_START,
>+	MONITOR_REQ_SETUP_SIA,
> 	MONITOR_REQ_TERM
> };
> 
>Index: session.c
>===================================================================
>RCS file: /var/cvs/openssh/session.c,v
>retrieving revision 1.208
>diff -u -r1.208 session.c
>--- session.c	26 Jun 2002 13:51:06 -0000	1.208
>+++ session.c	28 Jun 2002 15:17:30 -0000
>@@ -1269,7 +1269,7 @@
> 	 */
> 	if (!options.use_login) {
> #ifdef HAVE_OSF_SIA
>-		session_setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty);
>+		PRIVSEP(setup_sia(pw->pw_name, s->ttyfd == -1 ? NULL : s->tty));
> 		if (!check_quietlogin(s, command))
> 			do_motd();
> #else /* HAVE_OSF_SIA */

Actions: View | Diff

Attachments on bug 319: 120