diff options
| author | Brian Feldman <green@FreeBSD.org> | 1999-11-20 06:59:57 +0000 |
|---|---|---|
| committer | Brian Feldman <green@FreeBSD.org> | 1999-11-20 06:59:57 +0000 |
| commit | 5ef3dcc5cbe4d23b771975bf8113ba33318b5bc5 (patch) | |
| tree | 0b9d48288cc92cd644fbdf8738622bc004cadcf8 | |
| parent | ARGH! Remember the echo -n ' sshd'. (diff) | |
Give OpenSSH TIS client-side authentication.
Submitted by: peter
Notes
Notes:
svn path=/head/; revision=23210
| -rw-r--r-- | security/openssh/files/patch-ac | 10 | ||||
| -rw-r--r-- | security/openssh/files/patch-ad | 35 | ||||
| -rw-r--r-- | security/openssh/files/patch-ae | 43 | ||||
| -rw-r--r-- | security/openssh/files/patch-af | 11 |
4 files changed, 99 insertions, 0 deletions
diff --git a/security/openssh/files/patch-ac b/security/openssh/files/patch-ac new file mode 100644 index 000000000000..f03c0f6c88c2 --- /dev/null +++ b/security/openssh/files/patch-ac @@ -0,0 +1,10 @@ +--- readconf.h.dist Fri Nov 19 23:32:48 1999 ++++ readconf.h Fri Nov 19 23:48:22 1999 +@@ -54,6 +54,7 @@ + int compression; /* Compress packets in both directions. */ + int compression_level; /* Compression level 1 (fast) to 9 (best). */ + int keepalives; /* Set SO_KEEPALIVE. */ ++ int tis_authentication; /* TIS client-side authentication */ + LogLevel log_level; /* Level for logging. */ + + int port; /* Port to connect. */ diff --git a/security/openssh/files/patch-ad b/security/openssh/files/patch-ad new file mode 100644 index 000000000000..b99d16d2c0d1 --- /dev/null +++ b/security/openssh/files/patch-ad @@ -0,0 +1,35 @@ +--- readconf.c.dist Fri Nov 19 23:32:48 1999 ++++ readconf.c Fri Nov 19 23:41:27 1999 +@@ -369,13 +369,8 @@ + goto parse_int; + + case oTISAuthentication: +- cp = strtok(NULL, WHITESPACE); +- if (cp != 0 && (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0)) +- fprintf(stderr, +- "%.99s line %d: Warning, TIS is not supported.\n", +- filename, +- linenum); +- break; ++ intptr = &options->tis_authentication; ++ goto parse_flag; + + case oCompressionLevel: + intptr = &options->compression_level; +@@ -655,6 +650,7 @@ + options->num_local_forwards = 0; + options->num_remote_forwards = 0; + options->log_level = (LogLevel)-1; ++ options->tis_authentication = -1; + } + + /* Called after processing other sources of option data, this fills those +@@ -727,6 +723,8 @@ + options->user_hostfile = SSH_USER_HOSTFILE; + if (options->log_level == (LogLevel)-1) + options->log_level = SYSLOG_LEVEL_INFO; ++ if (options->tis_authentication == -1) ++ options->tis_authentication = 0; + /* options->proxy_command should not be set by default */ + /* options->user will be set in the main program if appropriate */ + /* options->hostname will be set in the main program if appropriate */ diff --git a/security/openssh/files/patch-ae b/security/openssh/files/patch-ae new file mode 100644 index 000000000000..f0692ec9487c --- /dev/null +++ b/security/openssh/files/patch-ae @@ -0,0 +1,43 @@ +--- sshconnect.c.orig Fri Nov 19 23:54:54 1999 ++++ sshconnect.c Fri Nov 19 23:56:22 1999 +@@ -1496,6 +1496,40 @@ + return; /* Successful connection. */ + } + ++ /* Support for TIS authentication server obtained from ++ Andre April <Andre.April@cediti.be>. */ ++ if ((supported_authentications & (1 << SSH_AUTH_TIS)) && ++ options.tis_authentication && !options.batch_mode) ++ { ++ char *prompt; ++ debug("Doing TIS authentication."); ++ if (options.cipher == SSH_CIPHER_NONE) ++ log("WARNING: Encryption is disabled! Password will be transmitted in clear text."); ++ packet_start(SSH_CMSG_AUTH_TIS); ++ packet_send(); ++ packet_write_wait(); ++ type = packet_read(&payload_len); ++ if (type == SSH_SMSG_FAILURE) ++ debug("User cannot be identifier on authentication server."); ++ else { ++ if (type != SSH_SMSG_AUTH_TIS_CHALLENGE) ++ packet_disconnect("Protocol error: got %d in response to TIS auth request", type); ++ prompt = packet_get_string(NULL); ++ password = read_passphrase(prompt, 0); ++ packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); ++ packet_put_string(password, strlen(password)); ++ memset(password, 0, strlen(password)); ++ xfree(password); ++ packet_send(); ++ packet_write_wait(); ++ type = packet_read(&payload_len); ++ if (type == SSH_SMSG_SUCCESS) ++ return; ++ if (type != SSH_SMSG_FAILURE) ++ packet_disconnect("Protocol error: got %d in response to TIS auth", type); ++ } ++ } ++ + /* Try password authentication if the server supports it. */ + if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) && + options.password_authentication && !options.batch_mode) diff --git a/security/openssh/files/patch-af b/security/openssh/files/patch-af new file mode 100644 index 000000000000..6eadf2eafb68 --- /dev/null +++ b/security/openssh/files/patch-af @@ -0,0 +1,11 @@ +--- ssh.h.dist Fri Nov 19 23:50:37 1999 ++++ ssh.h Fri Nov 19 23:50:22 1999 +@@ -141,7 +141,7 @@ + #define SSH_AUTH_RSA 2 + #define SSH_AUTH_PASSWORD 3 + #define SSH_AUTH_RHOSTS_RSA 4 +- /* 5 is TIS */ ++#define SSH_AUTH_TIS 5 + #define SSH_AUTH_KERBEROS 6 + #define SSH_PASS_KERBEROS_TGT 7 + /* 8 to 15 are reserved */ |