Attachment #1658 for bug #1228

Lines 87-92 SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ Link Here

(-)a/Makefile.in (+1 lines)
87	auth-krb5.o \	87	auth-krb5.o \
88	auth2-gss.o gss-serv.o gss-serv-krb5.o \	88	auth2-gss.o gss-serv.o gss-serv-krb5.o \
89	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \	89	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
		90	auth-lam.o \
90	audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \	91	audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
91	roaming_common.o	92	roaming_common.o
92		93




/*-
 * Copyright (c) 2009 Quest Software, Inc. All rights reserved.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include "includes.h"
#ifdef WITH_AIXAUTHENTICATE
#include <sys/audit.h>
#include <usersec.h>
#include <pwd.h>
#include "auth.h"
#include "buffer.h"
#include "bufaux.h"
#include "canohost.h"
#include "log.h"
#include "monitor_wrap.h"
#include "msg.h"
#include "packet.h"
#include "misc.h"
#include "servconf.h"
#include "ssh2.h"
#include "uidswap.h"
#include "xmalloc.h"
#include "auth-options.h"
#include "openbsd-compat/port-aix.h"

extern ServerOptions options;
extern Buffer loginmsg;

struct lam_ctxt {
	char *		 user;
	char *		 message;
        int              reenter;
        int              faking_noent;
};
struct Authctxt *sshlam_authctxt;

static void * sshlam_init_ctx(Authctxt *authctxt);
static int sshlam_query(void *ctx, char **name, char **info,
    u_int *num, char ***prompts, u_int **echo_on);
static int sshlam_respond(void *ctx, u_int num, char **resp);
static void sshlam_free_ctx(void *ctxtp);
static void sshlam_force_pwchange(int reqd);

KbdintDevice sshlam_device = {
	"lam",
	sshlam_init_ctx,
	sshlam_query,
	sshlam_respond,
	sshlam_free_ctx
};

KbdintDevice mm_sshlam_device = {
	"lam",
	mm_sshlam_init_ctx,
	mm_sshlam_query,
	mm_sshlam_respond,
	mm_sshlam_free_ctx
};

/*
 * Allocates and initialises storage for LAM authentication state.
 * Returns NULL if LAM authentication is not available.
 */
static void *
sshlam_init_ctx(Authctxt *authctxt)
{
	struct lam_ctxt *ctxt;

	debug3("LAM: sshlam_init_ctx entering");

	ctxt = xmalloc(sizeof *ctxt);
	memset(ctxt, 0, sizeof *ctxt);

	ctxt->user = xstrdup(authctxt->user);
	ctxt->message = NULL;
	ctxt->faking_noent = 0;
        ctxt->reenter = 0;
	sshlam_authctxt = authctxt;

        debug3("LAM: AUTHSTATE=%s", getenv("AUTHSTATE") ?
                    getenv("AUTHSTATE") : "NULL");

        /* aix_setauthdb(ctxt->user); */
	if (authenticate(ctxt->user, NULL, &ctxt->reenter, &ctxt->message))
	{
            error("LAM: authenticate(%.100s) failed: %.100s", ctxt->user,
                    strerror(errno));
            if (errno == ENOENT) {
                char buf[200];
                /*
                 * When a user is known not to exist, we pretend
                 * that they do, and fake a password prompt
                 */
	        logit("LAM: pretending that user '%.100s' exists", ctxt->user);
                ctxt->faking_noent = 1;
                snprintf(buf, sizeof buf, "%.100s's Password:", ctxt->user);
                ctxt->message = xstrdup(buf);
                ctxt->reenter = 1;
            } else {
                goto fail;
            }
	}

	/* Instant authentication should never happen here;
         * 'none' authentication should have permitted it */
	if (!ctxt->reenter) {
	    error("LAM: %.100s authenticated immediately; ignoring",
		    ctxt->user);
	    goto fail;
	}

	return (ctxt);

    fail:
	sshlam_free_ctx(ctxt);
	return (NULL);
}

/*
 * Releases storage associated with the context
 * returned from sshlam_init_ctx
 */
static void
sshlam_free_ctx(void *ctxtp)
{
	struct lam_ctxt *ctxt = ctxtp;

	debug3("LAM: sshlam_free_ctx entering");

        /* aix_restoreauthdb(); */
	if (ctxt->message)
	    xfree(ctxt->message);
	xfree(ctxt->user);
	xfree(ctxt);
}

/*
 * Returns the user prompt for the current round of
 * AIX LAM authentication.
 */
static int
sshlam_query(void *ctx, char **name, char **info,
    u_int *num, char ***prompts, u_int **echo_on)
{
	struct lam_ctxt *ctxt = ctx;

	debug3("LAM: sshlam_query entering");

	*name = xstrdup("");
	*info = xstrdup("");
	*prompts = (char **)xmalloc(sizeof(char *));
	*echo_on = (u_int *)xmalloc(sizeof(u_int));
	if (ctxt->message) {
	    **prompts = xstrdup(ctxt->message);
	    **echo_on = 0;
	    *num = 1;
	} else
	    *num = 0;

	return 0;
}

/*
 * Processes a user response for an AIX LAM authentication round.
 * Returns
 *     1 if another round must be performed
 *     0 if authentication completed with success
 *    -1 if authentication failed
 */
static int
sshlam_respond(void *ctx, u_int num, char **resp)
{
	struct lam_ctxt *ctxt = ctx;
	int e;
	char *message = NULL;
	struct passwd *pwuser = NULL;
	char badpw[] = "\b\n\r\177INCORRECT"; /* XXX: Duplicated from auth-pam.c */
	char *authpw = NULL;

	debug2("LAM: sshlam_respond entering, %u responses", num);

	if (num != 1) {
	    error("LAM: expected one response, got %u", num);
	    return (-1);
	}

        if (ctxt->faking_noent)
            return (-1);

	pwuser = getpwnam(ctxt->user);
	if (!pwuser) {
	    error("LAM: could not resolve user %.100s", ctxt->user);
	    return (-1);
	}

	/* Have LAM process a junk password to avoid timing-based disclosure. */
	if (pwuser->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
	    authpw = badpw;
	else
	    authpw = *resp;

	/* Perform an authentication round */
	e = authenticate(ctxt->user, authpw, &ctxt->reenter, &message);
        if (e) {
            if (message)
                xfree(message);
	    error("LAM: authenticate %s: %d %.100s", ctxt->user, e,
                    strerror(errno));
	    return (-1);
	}

	if (pwuser->pw_uid == 0 && options.permit_root_login != PERMIT_YES) {
	    error("LAM: denying root access");
	    return (-1);
	}

	if (ctxt->reenter) {
	    if (message == NULL) {
		error("LAM: authenticate %s returned NULL message", ctxt->user);
		return (-1);
	    }
	    ctxt->message = message;
	    return 1;
	}

	/* Handle extra messages by adding them to the login banner */
	if (message) {
	    debug3("LAM: authenticate: %.100s", message);
	    buffer_append(&loginmsg, message, strlen(message));
	    xfree(message);
	    message = NULL;
	}

	/* Detect expired passwords */
	e = passwdexpired(ctxt->user, &message);
	if (e == -1) {
	    error("LAM: passwdexpired %s: %.100s", ctxt->user, strerror(errno));
	    return (-1);
	}
	if (message) {
	    debug3("LAM: passwdexpired: %.100s", message);
	    buffer_append(&loginmsg, message, strlen(message));
	    xfree(message);
	    message = NULL;
	}
	switch (e) {
	case 0:
	    break;
	case 1:
	    logit("LAM: password for %s expired", ctxt->user);
	    sshlam_force_pwchange(1);
	    break;
	case 2:
	    error("LAM: password for %s expired and unchangeable", ctxt->user);
	    return (-1);
	default:
	    error("LAM: passwdexpired returned %d", e);
	    return (-1);
	}

	return 0;
}

static void
sshlam_force_pwchange(int reqd)
{
    sshlam_authctxt->force_pwchange = reqd;
}

#endif /* WITH_AIXAUTHENTICATE */


Lines 56-61 extern KbdintDevice bsdauth_device; Link Here

(-)a/auth2-chall.c (-1 / +13 lines)
56	#ifdef USE_PAM	56	#ifdef USE_PAM
57	extern KbdintDevice sshpam_device;	57	extern KbdintDevice sshpam_device;
58	#endif	58	#endif
		59	#ifdef WITH_AIXAUTHENTICATE
		60	extern KbdintDevice sshlam_device;
		61	#endif
59	#ifdef SKEY	62	#ifdef SKEY
60	extern KbdintDevice skey_device;	63	extern KbdintDevice skey_device;
61	#endif	64	#endif
Lines 68-73 KbdintDevice *devices[] = { Link Here
68	#ifdef USE_PAM	71	#ifdef USE_PAM
69	&sshpam_device,	72	&sshpam_device,
70	#endif	73	#endif
		74	#ifdef WITH_AIXAUTHENTICATE
		75	&sshlam_device,
		76	#endif
71	#ifdef SKEY	77	#ifdef SKEY
72	&skey_device,	78	&skey_device,
73	#endif	79	#endif
Lines 348-354 input_userauth_info_response(int type, u_int32_t seq, void *ctxt) Link Here
348	void	354	void
349	privsep_challenge_enable(void)	355	privsep_challenge_enable(void)
350	{	356	{
351	#if defined(BSD_AUTH) \|\| defined(USE_PAM) \|\| defined(SKEY)	357	#if defined(BSD_AUTH) \|\| defined(USE_PAM) \|\| defined(SKEY) \|\| defined(WITH_AIXAUTHENTICATE)
352	int n = 0;	358	int n = 0;
353	#endif	359	#endif
354	#ifdef BSD_AUTH	360	#ifdef BSD_AUTH
Lines 357-362 privsep_challenge_enable(void) Link Here
357	#ifdef USE_PAM	363	#ifdef USE_PAM
358	extern KbdintDevice mm_sshpam_device;	364	extern KbdintDevice mm_sshpam_device;
359	#endif	365	#endif
		366	#ifdef WITH_AIXAUTHENTICATE
		367	extern KbdintDevice mm_sshlam_device;
		368	#endif
360	#ifdef SKEY	369	#ifdef SKEY
361	extern KbdintDevice mm_skey_device;	370	extern KbdintDevice mm_skey_device;
362	#endif	371	#endif
Lines 367-372 privsep_challenge_enable(void) Link Here
367	#ifdef USE_PAM	376	#ifdef USE_PAM
368	devices[n++] = &mm_sshpam_device;	377	devices[n++] = &mm_sshpam_device;
369	#endif	378	#endif
		379	#ifdef WITH_AIXAUTHENTICATE
		380	devices[n++] = &mm_sshlam_device;
		381	#endif
370	#ifdef SKEY	382	#ifdef SKEY
371	devices[n++] = &mm_skey_device;	383	devices[n++] = &mm_skey_device;
372	#endif	384	#endif

Lines 167-172 int mm_answer_pam_respond(int, Buffer *); Link Here

(-)a/monitor.c (+119 lines)
167	int mm_answer_pam_free_ctx(int, Buffer *);	167	int mm_answer_pam_free_ctx(int, Buffer *);
168	#endif	168	#endif
169		169
		170	#ifdef WITH_AIXAUTHENTICATE
		171	int mm_answer_lam_init_ctx(int, Buffer *);
		172	int mm_answer_lam_query(int, Buffer *);
		173	int mm_answer_lam_respond(int, Buffer *);
		174	int mm_answer_lam_free_ctx(int, Buffer *);
		175	#endif
		176
170	#ifdef GSSAPI	177	#ifdef GSSAPI
171	int mm_answer_gss_setup_ctx(int, Buffer *);	178	int mm_answer_gss_setup_ctx(int, Buffer *);
172	int mm_answer_gss_accept_ctx(int, Buffer *);	179	int mm_answer_gss_accept_ctx(int, Buffer *);
Lines 223-228 struct mon_table mon_dispatch_proto20[] = { Link Here
223	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},	230	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
224	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},	231	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
225	#endif	232	#endif
		233	#ifdef WITH_AIXAUTHENTICATE
		234	{MONITOR_REQ_LAM_INIT_CTX, MON_ISAUTH, mm_answer_lam_init_ctx},
		235	{MONITOR_REQ_LAM_QUERY, MON_ISAUTH, mm_answer_lam_query},
		236	{MONITOR_REQ_LAM_RESPOND, MON_ISAUTH, mm_answer_lam_respond},
		237	{MONITOR_REQ_LAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_lam_free_ctx},
		238	#endif
226	#ifdef SSH_AUDIT_EVENTS	239	#ifdef SSH_AUDIT_EVENTS
227	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	240	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
228	#endif	241	#endif
Lines 290-295 struct mon_table mon_dispatch_proto15[] = { Link Here
290	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},	303	{MONITOR_REQ_PAM_RESPOND, MON_ISAUTH, mm_answer_pam_respond},
291	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},	304	{MONITOR_REQ_PAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_pam_free_ctx},
292	#endif	305	#endif
		306	#ifdef WITH_AIXAUTHENTICATE
		307	{MONITOR_REQ_LAM_INIT_CTX, MON_ISAUTH, mm_answer_lam_init_ctx},
		308	{MONITOR_REQ_LAM_QUERY, MON_ISAUTH, mm_answer_lam_query},
		309	{MONITOR_REQ_LAM_RESPOND, MON_ISAUTH, mm_answer_lam_respond},
		310	{MONITOR_REQ_LAM_FREE_CTX, MON_ONCE\|MON_AUTHDECIDE, mm_answer_lam_free_ctx},
		311	#endif
293	#ifdef SSH_AUDIT_EVENTS	312	#ifdef SSH_AUDIT_EVENTS
294	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},	313	{MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event},
295	#endif	314	#endif
Lines 997-1002 mm_answer_pam_free_ctx(int sock, Buffer *m) Link Here
997	}	1016	}
998	#endif	1017	#endif
999		1018
		1019	#ifdef WITH_AIXAUTHENTICATE
		1020	static void sshlam_ctxt, sshlam_authok;
		1021	extern KbdintDevice sshlam_device;
		1022
		1023	int
		1024	mm_answer_lam_init_ctx(int sock, Buffer *m)
		1025	{
		1026
		1027	debug3("%s", __func__);
		1028	authctxt->user = buffer_get_string(m, NULL);
		1029	sshlam_ctxt = (sshlam_device.init_ctx)(authctxt);
		1030	sshlam_authok = NULL;
		1031	buffer_clear(m);
		1032	if (sshlam_ctxt != NULL) {
		1033	monitor_permit(mon_dispatch, MONITOR_REQ_LAM_FREE_CTX, 1);
		1034	buffer_put_int(m, 1);
		1035	} else {
		1036	buffer_put_int(m, 0);
		1037	}
		1038	mm_request_send(sock, MONITOR_ANS_LAM_INIT_CTX, m);
		1039	return (0);
		1040	}
		1041
		1042	int
		1043	mm_answer_lam_query(int sock, Buffer *m)
		1044	{
		1045	char name, info, **prompts;
		1046	u_int i, num, *echo_on;
		1047	int ret;
		1048
		1049	debug3("%s", __func__);
		1050	sshlam_authok = NULL;
		1051	ret = (sshlam_device.query)(sshlam_ctxt, &name, &info, &num, &prompts, &echo_on);
		1052	if (ret == 0 && num == 0)
		1053	sshlam_authok = sshlam_ctxt;
		1054	if (num > 1 \|\| name == NULL \|\| info == NULL)
		1055	ret = -1;
		1056	buffer_clear(m);
		1057	buffer_put_int(m, ret);
		1058	buffer_put_cstring(m, name);
		1059	xfree(name);
		1060	buffer_put_cstring(m, info);
		1061	xfree(info);
		1062	buffer_put_int(m, num);
		1063	for (i = 0; i < num; ++i) {
		1064	buffer_put_cstring(m, prompts[i]);
		1065	xfree(prompts[i]);
		1066	buffer_put_int(m, echo_on[i]);
		1067	}
		1068	if (prompts != NULL)
		1069	xfree(prompts);
		1070	if (echo_on != NULL)
		1071	xfree(echo_on);
		1072	mm_request_send(sock, MONITOR_ANS_LAM_QUERY, m);
		1073	return (0);
		1074	}
		1075
		1076	int
		1077	mm_answer_lam_respond(int sock, Buffer *m)
		1078	{
		1079	char **resp;
		1080	u_int i, num;
		1081	int ret;
		1082
1083	debug3("%s", __func__);
1084	sshlam_authok = NULL;
1085	num = buffer_get_int(m);
1086	if (num > 0) {
1087	resp = xmalloc(num * sizeof(char *));
1088	for (i = 0; i < num; ++i)
1089	resp[i] = buffer_get_string(m, NULL);
1090	ret = (sshlam_device.respond)(sshlam_ctxt, num, resp);
1091	for (i = 0; i < num; ++i)
1092	xfree(resp[i]);
1093	xfree(resp);
1094	} else {
1095	ret = (sshlam_device.respond)(sshlam_ctxt, num, NULL);
1096	}
1097	buffer_clear(m);
1098	buffer_put_int(m, ret);
1099	mm_request_send(sock, MONITOR_ANS_LAM_RESPOND, m);
1100	auth_method = "keyboard-interactive/lam";
1101	if (ret == 0)
1102	sshlam_authok = sshlam_ctxt;
1103	return (0);
1104	}
1105
1106	int
1107	mm_answer_lam_free_ctx(int sock, Buffer *m)
1108	{
1109
1110	debug3("%s", __func__);
1111	(sshlam_device.free_ctx)(sshlam_ctxt);
1112	buffer_clear(m);
1113	mm_request_send(sock, MONITOR_ANS_LAM_FREE_CTX, m);
1114	return (sshlam_authok && sshlam_authok == sshlam_ctxt);
1115	}
1116	#endif /* WITH_AIXAUTHENTICATE */
1117
1118
1000	static void	1119	static void
1001	mm_append_debug(Buffer *m)	1120	mm_append_debug(Buffer *m)
1002	{	1121	{

Lines 59-64 enum monitor_reqtype { Link Here

(-)a/monitor.h (+4 lines)
59	MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,	59	MONITOR_REQ_PAM_QUERY, MONITOR_ANS_PAM_QUERY,
60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,	60	MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND,
61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,	61	MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX,
		62	MONITOR_REQ_LAM_INIT_CTX, MONITOR_ANS_LAM_INIT_CTX,
		63	MONITOR_REQ_LAM_QUERY, MONITOR_ANS_LAM_QUERY,
		64	MONITOR_REQ_LAM_RESPOND, MONITOR_ANS_LAM_RESPOND,
		65	MONITOR_REQ_LAM_FREE_CTX, MONITOR_ANS_LAM_FREE_CTX,
62	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,	66	MONITOR_REQ_AUDIT_EVENT, MONITOR_REQ_AUDIT_COMMAND,
63	MONITOR_REQ_TERM,	67	MONITOR_REQ_TERM,
64	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,	68	MONITOR_REQ_JPAKE_STEP1, MONITOR_ANS_JPAKE_STEP1,




}
#endif /* USE_PAM */

#if WITH_AIXAUTHENTICATE
void *
mm_sshlam_init_ctx(Authctxt *authctxt)
{
	Buffer m;
	int success;

	debug3("%s", __func__);
	buffer_init(&m);
	buffer_put_cstring(&m, authctxt->user);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_INIT_CTX, &m);
	debug3("%s: waiting for MONITOR_ANS_LAM_INIT_CTX", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_INIT_CTX, &m);
	success = buffer_get_int(&m);
	if (success == 0) {
		debug3("%s: lam_init_ctx failed", __func__);
		buffer_free(&m);
		return (NULL);
	}
	buffer_free(&m);
	return (authctxt);
}

int
mm_sshlam_query(void *ctx, char **name, char **info,
    u_int *num, char ***prompts, u_int **echo_on)
{
	Buffer m;
	u_int i;
	int ret;

	debug3("%s", __func__);
	buffer_init(&m);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_QUERY, &m);
	debug3("%s: waiting for MONITOR_ANS_LAM_QUERY", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_QUERY, &m);
	ret = buffer_get_int(&m);
	debug3("%s: lam_query returned %d", __func__, ret);
	*name = buffer_get_string(&m, NULL);
	*info = buffer_get_string(&m, NULL);
	*num = buffer_get_int(&m);
	*prompts = xmalloc((*num + 1) * sizeof(char *));
	*echo_on = xmalloc((*num + 1) * sizeof(u_int));
	for (i = 0; i < *num; ++i) {
		(*prompts)[i] = buffer_get_string(&m, NULL);
		(*echo_on)[i] = buffer_get_int(&m);
	}
	buffer_free(&m);
	return (ret);
}

int
mm_sshlam_respond(void *ctx, u_int num, char **resp)
{
	Buffer m;
	u_int i;
	int ret;

	debug3("%s", __func__);
	buffer_init(&m);
	buffer_put_int(&m, num);
	for (i = 0; i < num; ++i)
		buffer_put_cstring(&m, resp[i]);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_RESPOND, &m);
	debug3("%s: waiting for MONITOR_ANS_LAM_RESPOND", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_RESPOND, &m);
	ret = buffer_get_int(&m);
	debug3("%s: lam_respond returned %d", __func__, ret);
	buffer_free(&m);
	return (ret);
}

void
mm_sshlam_free_ctx(void *ctxtp)
{
	Buffer m;

	debug3("%s", __func__);
	buffer_init(&m);
	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_FREE_CTX, &m);
	debug3("%s: waiting for MONITOR_ANS_LAM_FREE_CTX", __func__);
	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_FREE_CTX, &m);
	buffer_free(&m);
}
#endif /* WITH_AIXAUTHENTICATE */


/* Request process termination */

void

Lines 70-75 int mm_sshpam_respond(void , u_int, char *); Link Here

(-)a/monitor_wrap.h (+7 lines)
70	void mm_sshpam_free_ctx(void *);	70	void mm_sshpam_free_ctx(void *);
71	#endif	71	#endif
72		72
		73	#ifdef WITH_AIXAUTHENTICATE
		74	void mm_sshlam_init_ctx(struct Authctxt );
		75	int mm_sshlam_query(void , char , char , u_int , char *, u_int );
		76	int mm_sshlam_respond(void , u_int, char *);
		77	void mm_sshlam_free_ctx(void *);
		78	#endif
		79
73	#ifdef SSH_AUDIT_EVENTS	80	#ifdef SSH_AUDIT_EVENTS
74	#include "audit.h"	81	#include "audit.h"
75	void mm_audit_event(ssh_audit_event_t);	82	void mm_audit_event(ssh_audit_event_t);

Return to bug 1228

Lines 876-881 mm_sshpam_free_ctx(void *ctxtp) Link Here

(-)a/monitor_wrap.c (+87 lines)
876	}	876	}
877	#endif /* USE_PAM */	877	#endif /* USE_PAM */
878		878
		879	#if WITH_AIXAUTHENTICATE
		880	void *
		881	mm_sshlam_init_ctx(Authctxt *authctxt)
		882	{
		883	Buffer m;
		884	int success;
		885
		886	debug3("%s", __func__);
		887	buffer_init(&m);
		888	buffer_put_cstring(&m, authctxt->user);
		889	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_INIT_CTX, &m);
		890	debug3("%s: waiting for MONITOR_ANS_LAM_INIT_CTX", __func__);
		891	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_INIT_CTX, &m);
		892	success = buffer_get_int(&m);
		893	if (success == 0) {
		894	debug3("%s: lam_init_ctx failed", __func__);
		895	buffer_free(&m);
		896	return (NULL);
		897	}
		898	buffer_free(&m);
		899	return (authctxt);
		900	}
		901
		902	int
		903	mm_sshlam_query(void ctx, char name, char *info,
		904	u_int num, char prompts, u_int echo_on)
		905	{
		906	Buffer m;
		907	u_int i;
		908	int ret;
		909
		910	debug3("%s", __func__);
		911	buffer_init(&m);
		912	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_QUERY, &m);
		913	debug3("%s: waiting for MONITOR_ANS_LAM_QUERY", __func__);
		914	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_QUERY, &m);
		915	ret = buffer_get_int(&m);
		916	debug3("%s: lam_query returned %d", __func__, ret);
		917	*name = buffer_get_string(&m, NULL);
		918	*info = buffer_get_string(&m, NULL);
		919	*num = buffer_get_int(&m);
		920	prompts = xmalloc((num + 1) * sizeof(char *));
		921	echo_on = xmalloc((num + 1) * sizeof(u_int));
		922	for (i = 0; i < *num; ++i) {
		923	(*prompts)[i] = buffer_get_string(&m, NULL);
		924	(*echo_on)[i] = buffer_get_int(&m);
		925	}
		926	buffer_free(&m);
		927	return (ret);
		928	}
		929
		930	int
		931	mm_sshlam_respond(void ctx, u_int num, char *resp)
		932	{
		933	Buffer m;
		934	u_int i;
		935	int ret;
		936
		937	debug3("%s", __func__);
		938	buffer_init(&m);
		939	buffer_put_int(&m, num);
		940	for (i = 0; i < num; ++i)
		941	buffer_put_cstring(&m, resp[i]);
		942	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_RESPOND, &m);
943	debug3("%s: waiting for MONITOR_ANS_LAM_RESPOND", __func__);
944	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_RESPOND, &m);
945	ret = buffer_get_int(&m);
946	debug3("%s: lam_respond returned %d", __func__, ret);
947	buffer_free(&m);
948	return (ret);
949	}
950
951	void
952	mm_sshlam_free_ctx(void *ctxtp)
953	{
954	Buffer m;
955
956	debug3("%s", __func__);
957	buffer_init(&m);
958	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_LAM_FREE_CTX, &m);
959	debug3("%s: waiting for MONITOR_ANS_LAM_FREE_CTX", __func__);
960	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_LAM_FREE_CTX, &m);
961	buffer_free(&m);
962	}
963	#endif /* WITH_AIXAUTHENTICATE */
964
965
879	/* Request process termination */	966	/* Request process termination */
880		967
881	void	968	void

Line 0 Link Here

(-)a/auth-lam.c (+283 lines)
		1	/*-
		2	* Copyright (c) 2009 Quest Software, Inc. All rights reserved.
		3	*
		4	* Permission to use, copy, modify, and distribute this software for any
		5	* purpose with or without fee is hereby granted, provided that the above
		6	* copyright notice and this permission notice appear in all copies.
		7	*
		8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		15	*/
		16
		17	#include "includes.h"
		18	#ifdef WITH_AIXAUTHENTICATE
		19	#include <sys/audit.h>
		20	#include <usersec.h>
		21	#include <pwd.h>
		22	#include "auth.h"
		23	#include "buffer.h"
		24	#include "bufaux.h"
		25	#include "canohost.h"
		26	#include "log.h"
		27	#include "monitor_wrap.h"
		28	#include "msg.h"
		29	#include "packet.h"
		30	#include "misc.h"
		31	#include "servconf.h"
		32	#include "ssh2.h"
		33	#include "uidswap.h"
		34	#include "xmalloc.h"
		35	#include "auth-options.h"
		36	#include "openbsd-compat/port-aix.h"
		37
		38	extern ServerOptions options;
		39	extern Buffer loginmsg;
		40
		41	struct lam_ctxt {
		42	char * user;
		43	char * message;
		44	int reenter;
		45	int faking_noent;
		46	};
		47	struct Authctxt *sshlam_authctxt;
		48
		49	static void * sshlam_init_ctx(Authctxt *authctxt);
		50	static int sshlam_query(void ctx, char name, char *info,
		51	u_int num, char prompts, u_int echo_on);
		52	static int sshlam_respond(void ctx, u_int num, char *resp);
		53	static void sshlam_free_ctx(void *ctxtp);
		54	static void sshlam_force_pwchange(int reqd);
		55
		56	KbdintDevice sshlam_device = {
		57	"lam",
		58	sshlam_init_ctx,
		59	sshlam_query,
		60	sshlam_respond,
		61	sshlam_free_ctx
		62	};
		63
		64	KbdintDevice mm_sshlam_device = {
65	"lam",
66	mm_sshlam_init_ctx,
67	mm_sshlam_query,
68	mm_sshlam_respond,
69	mm_sshlam_free_ctx
70	};
71
72	/*
73	* Allocates and initialises storage for LAM authentication state.
74	* Returns NULL if LAM authentication is not available.
75	*/
76	static void *
77	sshlam_init_ctx(Authctxt *authctxt)
78	{
79	struct lam_ctxt *ctxt;
80
81	debug3("LAM: sshlam_init_ctx entering");
82
83	ctxt = xmalloc(sizeof *ctxt);
84	memset(ctxt, 0, sizeof *ctxt);
85
86	ctxt->user = xstrdup(authctxt->user);
87	ctxt->message = NULL;
88	ctxt->faking_noent = 0;
89	ctxt->reenter = 0;
90	sshlam_authctxt = authctxt;
91
92	debug3("LAM: AUTHSTATE=%s", getenv("AUTHSTATE") ?
93	getenv("AUTHSTATE") : "NULL");
94
95	/* aix_setauthdb(ctxt->user); */
96	if (authenticate(ctxt->user, NULL, &ctxt->reenter, &ctxt->message))
97	{
98	error("LAM: authenticate(%.100s) failed: %.100s", ctxt->user,
99	strerror(errno));
100	if (errno == ENOENT) {
101	char buf[200];
102	/*
103	* When a user is known not to exist, we pretend
104	* that they do, and fake a password prompt
105	*/
106	logit("LAM: pretending that user '%.100s' exists", ctxt->user);
107	ctxt->faking_noent = 1;
108	snprintf(buf, sizeof buf, "%.100s's Password:", ctxt->user);
109	ctxt->message = xstrdup(buf);
110	ctxt->reenter = 1;
111	} else {
112	goto fail;
113	}
114	}
115
116	/* Instant authentication should never happen here;
117	* 'none' authentication should have permitted it */
118	if (!ctxt->reenter) {
119	error("LAM: %.100s authenticated immediately; ignoring",
120	ctxt->user);
121	goto fail;
122	}
123
124	return (ctxt);
125
126	fail:
127	sshlam_free_ctx(ctxt);
128	return (NULL);
129	}
130
131	/*
132	* Releases storage associated with the context
133	* returned from sshlam_init_ctx
134	*/
135	static void
136	sshlam_free_ctx(void *ctxtp)
137	{
138	struct lam_ctxt *ctxt = ctxtp;
139
140	debug3("LAM: sshlam_free_ctx entering");
141
142	/* aix_restoreauthdb(); */
143	if (ctxt->message)
144	xfree(ctxt->message);
145	xfree(ctxt->user);
146	xfree(ctxt);
147	}
148
149	/*
150	* Returns the user prompt for the current round of
151	* AIX LAM authentication.
152	*/
153	static int
154	sshlam_query(void ctx, char name, char *info,
155	u_int num, char prompts, u_int echo_on)
156	{
157	struct lam_ctxt *ctxt = ctx;
158
159	debug3("LAM: sshlam_query entering");
160
161	*name = xstrdup("");
162	*info = xstrdup("");
163	prompts = (char )xmalloc(sizeof(char ));
164	echo_on = (u_int )xmalloc(sizeof(u_int));
165	if (ctxt->message) {
166	**prompts = xstrdup(ctxt->message);
167	**echo_on = 0;
168	*num = 1;
169	} else
170	*num = 0;
171
172	return 0;
173	}
174
175	/*
176	* Processes a user response for an AIX LAM authentication round.
177	* Returns
178	* 1 if another round must be performed
179	* 0 if authentication completed with success
180	* -1 if authentication failed
181	*/
182	static int
183	sshlam_respond(void ctx, u_int num, char *resp)
184	{
185	struct lam_ctxt *ctxt = ctx;
186	int e;
187	char *message = NULL;
188	struct passwd *pwuser = NULL;
189	char badpw[] = "\b\n\r\177INCORRECT"; /* XXX: Duplicated from auth-pam.c */
190	char *authpw = NULL;
191
192	debug2("LAM: sshlam_respond entering, %u responses", num);
193
194	if (num != 1) {
195	error("LAM: expected one response, got %u", num);
196	return (-1);
197	}
198
199	if (ctxt->faking_noent)
200	return (-1);
201
202	pwuser = getpwnam(ctxt->user);
203	if (!pwuser) {
204	error("LAM: could not resolve user %.100s", ctxt->user);
205	return (-1);
206	}
207
208	/* Have LAM process a junk password to avoid timing-based disclosure. */
209	if (pwuser->pw_uid == 0 && options.permit_root_login != PERMIT_YES)
210	authpw = badpw;
211	else
212	authpw = *resp;
213
214	/* Perform an authentication round */
215	e = authenticate(ctxt->user, authpw, &ctxt->reenter, &message);
216	if (e) {
217	if (message)
218	xfree(message);
219	error("LAM: authenticate %s: %d %.100s", ctxt->user, e,
220	strerror(errno));
221	return (-1);
222	}
223
224	if (pwuser->pw_uid == 0 && options.permit_root_login != PERMIT_YES) {
225	error("LAM: denying root access");
226	return (-1);
227	}
228
229	if (ctxt->reenter) {
230	if (message == NULL) {
231	error("LAM: authenticate %s returned NULL message", ctxt->user);
232	return (-1);
233	}
234	ctxt->message = message;
235	return 1;
236	}
237
238	/* Handle extra messages by adding them to the login banner */
239	if (message) {
240	debug3("LAM: authenticate: %.100s", message);
241	buffer_append(&loginmsg, message, strlen(message));
242	xfree(message);
243	message = NULL;
244	}
245
246	/* Detect expired passwords */
247	e = passwdexpired(ctxt->user, &message);
248	if (e == -1) {
249	error("LAM: passwdexpired %s: %.100s", ctxt->user, strerror(errno));
250	return (-1);
251	}
252	if (message) {
253	debug3("LAM: passwdexpired: %.100s", message);
254	buffer_append(&loginmsg, message, strlen(message));
255	xfree(message);
256	message = NULL;
257	}
258	switch (e) {
259	case 0:
260	break;
261	case 1:
262	logit("LAM: password for %s expired", ctxt->user);
263	sshlam_force_pwchange(1);
264	break;
265	case 2:
266	error("LAM: password for %s expired and unchangeable", ctxt->user);
267	return (-1);
268	default:
269	error("LAM: passwdexpired returned %d", e);
270	return (-1);
271	}
272
273	return 0;
274	}
275
276	static void
277	sshlam_force_pwchange(int reqd)
278	{
279	sshlam_authctxt->force_pwchange = reqd;
280	}
281
282	#endif /* WITH_AIXAUTHENTICATE */
283