1 diff -urN openssh-3.4p1-owl-always-auth/Makefile.in openssh-3.4p1/Makefile.in
2 --- openssh-3.4p1-owl-always-auth/Makefile.in Wed Jun 26 03:45:42 2002
3 +++ openssh-3.4p1/Makefile.in Mon Jul 1 23:11:30 2002
6 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
8 -SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o
9 +SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o appl_userpass.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o
11 MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
12 MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
13 diff -urN openssh-3.4p1-owl-always-auth/_pam_userpass.h openssh-3.4p1/_pam_userpass.h
14 --- openssh-3.4p1-owl-always-auth/_pam_userpass.h Thu Jan 1 03:00:00 1970
15 +++ openssh-3.4p1/_pam_userpass.h Mon Jul 1 23:11:30 2002
17 +#ifndef __PAM_USERPASS_H
18 +#define __PAM_USERPASS_H
20 +#define USERPASS_AGENT_ID "userpass"
21 +#define USERPASS_AGENT_ID_LENGTH 8
23 +#define USERPASS_USER_MASK 0x03
24 +#define USERPASS_USER_REQUIRED 1
25 +#define USERPASS_USER_KNOWN 2
26 +#define USERPASS_USER_FIXED 3
29 diff -urN openssh-3.4p1-owl-always-auth/appl_userpass.c openssh-3.4p1/appl_userpass.c
30 --- openssh-3.4p1-owl-always-auth/appl_userpass.c Thu Jan 1 03:00:00 1970
31 +++ openssh-3.4p1/appl_userpass.c Mon Jul 1 23:11:30 2002
36 +#include <security/pam_appl.h>
37 +#include <security/pam_client.h>
39 +#ifndef PAM_BP_RCONTROL
40 +/* Linux-PAM prior to 0.74 */
41 +#define PAM_BP_RCONTROL PAM_BP_CONTROL
42 +#define PAM_BP_WDATA PAM_BP_DATA
43 +#define PAM_BP_RDATA PAM_BP_DATA
46 +#include "_pam_userpass.h"
47 +#include "pam_userpass.h"
49 +int pam_userpass_conv(int num_msg, const struct pam_message **msg,
50 + struct pam_response **resp, void *appdata_ptr)
52 + pam_userpass_t *userpass = (pam_userpass_t *)appdata_ptr;
58 + if (num_msg != 1 || msg[0]->msg_style != PAM_BINARY_PROMPT)
59 + return PAM_CONV_ERR;
61 + prompt = (pamc_bp_t)msg[0]->msg;
62 + input = PAM_BP_RDATA(prompt);
64 + if (PAM_BP_RCONTROL(prompt) != PAM_BPC_SELECT ||
65 + strncmp(input, USERPASS_AGENT_ID "/", USERPASS_AGENT_ID_LENGTH + 1))
66 + return PAM_CONV_ERR;
68 + flags = input[USERPASS_AGENT_ID_LENGTH + 1];
69 + input += USERPASS_AGENT_ID_LENGTH + 1 + 1;
71 + if ((flags & USERPASS_USER_MASK) == USERPASS_USER_FIXED &&
72 + strcmp(input, userpass->user))
73 + return PAM_CONV_AGAIN;
75 + if (!(*resp = malloc(sizeof(struct pam_response))))
76 + return PAM_CONV_ERR;
79 + PAM_BP_RENEW(&prompt, PAM_BPC_DONE,
80 + strlen(userpass->user) + 1 + strlen(userpass->pass));
81 + output = PAM_BP_WDATA(prompt);
83 + strcpy(output, userpass->user);
84 + output += strlen(output) + 1;
85 + memcpy(output, userpass->pass, strlen(userpass->pass));
87 + (*resp)[0].resp_retcode = 0;
88 + (*resp)[0].resp = (char *)prompt;
92 diff -urN openssh-3.4p1-owl-always-auth/auth-pam.c openssh-3.4p1/auth-pam.c
93 --- openssh-3.4p1-owl-always-auth/auth-pam.c Mon Jul 1 23:09:55 2002
94 +++ openssh-3.4p1/auth-pam.c Mon Jul 1 23:38:11 2002
99 +#include <security/pam_misc.h>
100 +#include "pam_userpass.h"
102 extern char *__progname;
106 struct pam_response **resp, void *appdata_ptr);
108 /* module-local variables */
109 +static pam_userpass_t userpass;
110 static struct pam_conv conv = {
115 static char *__pam_msg = NULL;
116 static pam_handle_t *__pamh = NULL;
117 -static const char *__pampasswd = NULL;
119 /* states for do_pam_conversation() */
120 enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN;
122 * PAM conversation function.
123 * There are two states this can run in.
125 - * INITIAL_LOGIN mode simply feeds the password from the client into
126 - * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output
127 - * messages with into __pam_msg. This is used during initial
128 - * authentication to bypass the normal PAM password prompt.
129 + * INITIAL_LOGIN mode simply feeds the username and the password from
130 + * the client into PAM via Linux-PAM binary prompts and queues any text
131 + * messages for printing later.
133 - * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase()
134 - * and outputs messages to stderr. This mode is used if pam_chauthtok()
135 - * is called to update expired passwords.
136 + * OTHER mode is a regular PAM conversation. This mode is used if
137 + * pam_chauthtok() is called to update expired passwords.
139 static int do_pam_conversation(int num_msg, const struct pam_message **msg,
140 struct pam_response **resp, void *appdata_ptr)
142 + if (pamstate == INITIAL_LOGIN) {
145 + status = pam_userpass_conv(num_msg, msg, resp, appdata_ptr);
146 + if (status != PAM_CONV_ERR)
149 + if (!(*resp = malloc(num_msg * sizeof(struct pam_response))))
150 + return PAM_CONV_ERR;
151 + for (i = 0; i < num_msg; i++) {
152 + switch (msg[i]->msg_style) {
153 + case PAM_ERROR_MSG:
154 + case PAM_TEXT_INFO:
155 + message_cat(&__pam_msg, msg[i]->msg);
156 + (*resp)[i].resp_retcode = PAM_SUCCESS;
157 + (*resp)[i].resp = NULL;
162 + return PAM_CONV_ERR;
165 + return PAM_SUCCESS;
168 + return misc_conv(num_msg, msg, resp, appdata_ptr);
171 struct pam_response *reply;
181 /* Called at exit to cleanly shutdown PAM */
183 if (*password == '\0' && options.permit_empty_passwd == 0)
186 - __pampasswd = password;
187 + userpass.user = pw ? pw->pw_name : "ILLEGAL USER";
188 + userpass.pass = password;
190 pamstate = INITIAL_LOGIN;
191 pam_retval = do_pam_authenticate(
192 diff -urN openssh-3.4p1-owl-always-auth/pam_userpass.h openssh-3.4p1/pam_userpass.h
193 --- openssh-3.4p1-owl-always-auth/pam_userpass.h Thu Jan 1 03:00:00 1970
194 +++ openssh-3.4p1/pam_userpass.h Mon Jul 1 23:11:30 2002
196 +#ifndef _PAM_USERPASS_H
197 +#define _PAM_USERPASS_H
199 +#include <security/pam_appl.h>
206 +extern int pam_userpass_conv(int num_msg, const struct pam_message **msg,
207 + struct pam_response **resp, void *appdata_ptr);