Support OPIE as an alternative to S/Key.

Sponsored by:	DARPA, NAI Labs
This commit is contained in:
des 2002-06-29 10:44:37 +00:00
parent 3aa72d2c55
commit 4d49e874a9
6 changed files with 73 additions and 0 deletions

View File

@ -1,4 +1,5 @@
/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */
/* $FreeBSD$ */
#ifndef _CONFIG_H
#define _CONFIG_H
@ -213,6 +214,9 @@
/* Define if you want S/Key support */
#undef SKEY
/* Define if you want OPIE support */
#undef OPIE
/* Define if you want TCP Wrappers support */
#undef LIBWRAP

View File

@ -23,10 +23,19 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-skey.c,v 1.19 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$FreeBSD$");
#ifdef SKEY
#ifdef OPIE
#include <opie.h>
#define skey opie
#define skeychallenge(k, u, c) opiechallenge((k), (u), (c))
#define skey_haskey(u) opie_haskey((u))
#define skey_passcheck(u, r) opie_passverify((u), (r))
#else
#include <skey.h>
#endif
#include "xmalloc.h"
#include "auth.h"

View File

@ -1,4 +1,5 @@
/* $OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $ */
/* $FreeBSD$ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@ -188,5 +189,12 @@ void auth_debug_reset(void);
#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
#ifdef SKEY
#ifdef OPIE
#define SKEY_PROMPT "\nOPIE Password: "
#else
#define SKEY_PROMPT "\nS/Key Password: "
#endif
#endif
#endif

View File

@ -1,4 +1,5 @@
# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
# $FreeBSD$
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@ -508,6 +509,41 @@ int main() { char *ff = skey_keyinfo(""); ff=""; return 0; }
]
)
# Check whether user wants OPIE support
OPIE_MSG="no"
AC_ARG_WITH(opie,
[ --with-opie[[=PATH]] Enable OPIE support
(optionally in PATH)],
[
if test "x$withval" != "xno" ; then
if test "x$withval" != "xyes" ; then
CPPFLAGS="$CPPFLAGS -I${withval}/include"
LDFLAGS="$LDFLAGS -L${withval}/lib"
fi
AC_DEFINE(SKEY)
AC_DEFINE(OPIE)
LIBS="-lopie $LIBS"
OPIE_MSG="yes"
AC_MSG_CHECKING([for opie support])
AC_TRY_RUN(
[
#include <sys/types.h>
#include <stdio.h>
#include <opie.h>
int main() { char *ff = opie_keyinfo(""); ff=""; return 0; }
],
[AC_MSG_RESULT(yes)],
[
AC_MSG_RESULT(no)
AC_MSG_ERROR([** Incomplete or missing opie libraries.])
])
fi
]
)
# Check whether user wants TCP wrappers support
TCPW_MSG="no"
AC_ARG_WITH(tcp-wrappers,
@ -1583,7 +1619,11 @@ AC_CACHE_CHECK([whether getopt has optreset support],
ac_cv_have_getopt_optreset, [
AC_TRY_LINK(
[
#if HAVE_GETOPT_H
#include <getopt.h>
#elif HAVE_UNISTD_H
#include <unistd.h>
#endif
],
[ extern int optreset; optreset = 0; ],
[ ac_cv_have_getopt_optreset="yes" ],
@ -2391,6 +2431,7 @@ echo " KerberosV support: $KRB5_MSG"
echo " Smartcard support: $SCARD_MSG"
echo " AFS support: $AFS_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " OPIE support: $OPIE_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
echo " MD5 password support: $MD5_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"

View File

@ -26,12 +26,21 @@
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $");
RCSID("$FreeBSD$");
#include <openssl/dh.h>
#ifdef SKEY
#ifdef OPIE
#include <opie.h>
#define skey opie
#define skeychallenge(k, u, c) opiechallenge((k), (u), (c))
#define skey_haskey(u) opie_haskey((u))
#define skey_passcheck(u, r) opie_passverify((u), (r))
#else
#include <skey.h>
#endif
#endif
#include "ssh.h"
#include "auth.h"

View File

@ -767,6 +767,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses)
return ((authok == 0) ? -1 : 0);
}
#ifdef SKEY
int
mm_skey_query(void *ctx, char **name, char **infotxt,
u_int *numprompts, char ***prompts, u_int **echo_on)
@ -829,6 +830,7 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses)
return ((authok == 0) ? -1 : 0);
}
#endif
void
mm_ssh1_session_id(u_char session_id[16])