diff options
| author | des <des@FreeBSD.org> | 2002-06-29 10:44:37 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2002-06-29 10:44:37 +0000 |
| commit | 4d49e874a98f2f5132b00b21cc2e6cd067f67c8f (patch) | |
| tree | 8a2e55c734b859d50b5ee7776a4b6c24c8a176e5 /crypto/openssh | |
| parent | 3aa72d2c55b928a8d2b106c4f67e6b2d4117a6bb (diff) | |
| download | FreeBSD-src-4d49e874a98f2f5132b00b21cc2e6cd067f67c8f.zip FreeBSD-src-4d49e874a98f2f5132b00b21cc2e6cd067f67c8f.tar.gz | |
Support OPIE as an alternative to S/Key.
Sponsored by: DARPA, NAI Labs
Diffstat (limited to 'crypto/openssh')
| -rw-r--r-- | crypto/openssh/acconfig.h | 4 | ||||
| -rw-r--r-- | crypto/openssh/auth-skey.c | 9 | ||||
| -rw-r--r-- | crypto/openssh/auth.h | 8 | ||||
| -rw-r--r-- | crypto/openssh/configure.ac | 41 | ||||
| -rw-r--r-- | crypto/openssh/monitor.c | 9 | ||||
| -rw-r--r-- | crypto/openssh/monitor_wrap.c | 2 |
6 files changed, 73 insertions, 0 deletions
diff --git a/crypto/openssh/acconfig.h b/crypto/openssh/acconfig.h index 713b094..dc47bf5 100644 --- a/crypto/openssh/acconfig.h +++ b/crypto/openssh/acconfig.h @@ -1,4 +1,5 @@ /* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */ +/* $FreeBSD$ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -213,6 +214,9 @@ /* Define if you want S/Key support */ #undef SKEY +/* Define if you want OPIE support */ +#undef OPIE + /* Define if you want TCP Wrappers support */ #undef LIBWRAP diff --git a/crypto/openssh/auth-skey.c b/crypto/openssh/auth-skey.c index eb13c5c..886b2d2 100644 --- a/crypto/openssh/auth-skey.c +++ b/crypto/openssh/auth-skey.c @@ -23,10 +23,19 @@ */ #include "includes.h" RCSID("$OpenBSD: auth-skey.c,v 1.19 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$FreeBSD$"); #ifdef SKEY +#ifdef OPIE +#include <opie.h> +#define skey opie +#define skeychallenge(k, u, c) opiechallenge((k), (u), (c)) +#define skey_haskey(u) opie_haskey((u)) +#define skey_passcheck(u, r) opie_passverify((u), (r)) +#else #include <skey.h> +#endif #include "xmalloc.h" #include "auth.h" diff --git a/crypto/openssh/auth.h b/crypto/openssh/auth.h index d98547d..730b70d 100644 --- a/crypto/openssh/auth.h +++ b/crypto/openssh/auth.h @@ -1,4 +1,5 @@ /* $OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $ */ +/* $FreeBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -188,5 +189,12 @@ void auth_debug_reset(void); #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) #define AUTH_FAIL_MSG "Too many authentication failures for %.100s" +#ifdef SKEY +#ifdef OPIE +#define SKEY_PROMPT "\nOPIE Password: " +#else #define SKEY_PROMPT "\nS/Key Password: " #endif +#endif + +#endif diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index 9daf3b0..b255486 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -1,4 +1,5 @@ # $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $ +# $FreeBSD$ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -508,6 +509,41 @@ int main() { char *ff = skey_keyinfo(""); ff=""; return 0; } ] ) +# Check whether user wants OPIE support +OPIE_MSG="no" +AC_ARG_WITH(opie, + [ --with-opie[[=PATH]] Enable OPIE support + (optionally in PATH)], + [ + if test "x$withval" != "xno" ; then + + if test "x$withval" != "xyes" ; then + CPPFLAGS="$CPPFLAGS -I${withval}/include" + LDFLAGS="$LDFLAGS -L${withval}/lib" + fi + + AC_DEFINE(SKEY) + AC_DEFINE(OPIE) + LIBS="-lopie $LIBS" + OPIE_MSG="yes" + + AC_MSG_CHECKING([for opie support]) + AC_TRY_RUN( + [ +#include <sys/types.h> +#include <stdio.h> +#include <opie.h> +int main() { char *ff = opie_keyinfo(""); ff=""; return 0; } + ], + [AC_MSG_RESULT(yes)], + [ + AC_MSG_RESULT(no) + AC_MSG_ERROR([** Incomplete or missing opie libraries.]) + ]) + fi + ] +) + # Check whether user wants TCP wrappers support TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, @@ -1583,7 +1619,11 @@ AC_CACHE_CHECK([whether getopt has optreset support], ac_cv_have_getopt_optreset, [ AC_TRY_LINK( [ +#if HAVE_GETOPT_H #include <getopt.h> +#elif HAVE_UNISTD_H +#include <unistd.h> +#endif ], [ extern int optreset; optreset = 0; ], [ ac_cv_have_getopt_optreset="yes" ], @@ -2391,6 +2431,7 @@ echo " KerberosV support: $KRB5_MSG" echo " Smartcard support: $SCARD_MSG" echo " AFS support: $AFS_MSG" echo " S/KEY support: $SKEY_MSG" +echo " OPIE support: $OPIE_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" diff --git a/crypto/openssh/monitor.c b/crypto/openssh/monitor.c index 39b6248..1770e67 100644 --- a/crypto/openssh/monitor.c +++ b/crypto/openssh/monitor.c @@ -26,12 +26,21 @@ #include "includes.h" RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $"); +RCSID("$FreeBSD$"); #include <openssl/dh.h> #ifdef SKEY +#ifdef OPIE +#include <opie.h> +#define skey opie +#define skeychallenge(k, u, c) opiechallenge((k), (u), (c)) +#define skey_haskey(u) opie_haskey((u)) +#define skey_passcheck(u, r) opie_passverify((u), (r)) +#else #include <skey.h> #endif +#endif #include "ssh.h" #include "auth.h" diff --git a/crypto/openssh/monitor_wrap.c b/crypto/openssh/monitor_wrap.c index f7e332d..9b740ac 100644 --- a/crypto/openssh/monitor_wrap.c +++ b/crypto/openssh/monitor_wrap.c @@ -767,6 +767,7 @@ mm_bsdauth_respond(void *ctx, u_int numresponses, char **responses) return ((authok == 0) ? -1 : 0); } +#ifdef SKEY int mm_skey_query(void *ctx, char **name, char **infotxt, u_int *numprompts, char ***prompts, u_int **echo_on) @@ -829,6 +830,7 @@ mm_skey_respond(void *ctx, u_int numresponses, char **responses) return ((authok == 0) ? -1 : 0); } +#endif void mm_ssh1_session_id(u_char session_id[16]) |
