diff --git a/README b/README --- a/README +++ b/README @@ -9,3 +9,27 @@ user can SSH to other hosts that accept typing any passwords. http://sourceforge.net/projects/pam-ssh/ + +Solaris 10 Installation +----------------------- + +1. Install automake, autoconf and libtool (I use the CSW versions). +2. export MAKE=gmake +3. Run: ./bootstrap.sh && ./configure && make && make install +4. Configure /etc/pam.conf, for example, by adding: + +login auth sufficient pam_ssh.so try_first_pass + +immediately after: + +login auth requisite pam_authtok_get.so.1 + +And by adding: + +other auth sufficient pam_ssh.so try_first_pass + +immediately after: + +other auth requisite pam_authtok_get.so.1 + +5. You should be right to try logging in with an SSH key. diff --git a/bootstrap.sh b/bootstrap.sh --- a/bootstrap.sh +++ b/bootstrap.sh @@ -26,5 +26,6 @@ # # $Id: bootstrap.sh,v 1.2 2004/02/19 20:47:56 akorty Exp $ -export WANT_AUTOMAKE=1.7 +WANT_AUTOMAKE=1.7 +export WANT_AUTOMAKE aclocal && autoheader && libtoolize && automake --add-missing --gnu && autoconf diff --git a/cipher.c b/cipher.c --- a/cipher.c +++ b/cipher.c @@ -79,16 +79,20 @@ struct Cipher { { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, #if OPENSSL_VERSION_NUMBER < 0x00907000L { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, +#if !defined (__SVR4) || !defined (__sun) //Sun has crippled AES support { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, +#endif //Sun's crippled AES support #else { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, +#if !defined (__SVR4) || !defined (__sun) //Sun has crippled AES support { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, +#endif //Sun's crippled AES support #endif #if OPENSSL_VERSION_NUMBER >= 0x00906000L { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, diff --git a/kex.h b/kex.h --- a/kex.h +++ b/kex.h @@ -24,6 +24,8 @@ #ifndef KEX_H #define KEX_H +#include "solaris.h" + #define KEX_DH1 "diffie-hellman-group1-sha1" #define KEX_DHGEX "diffie-hellman-group-exchange-sha1" diff --git a/log.c b/log.c --- a/log.c +++ b/log.c @@ -55,7 +55,11 @@ static int log_on_stderr = 1; static int log_facility = LOG_AUTH; static char *argv0; +#if defined (__SVR4) && defined (__sun) +char *__progname = "PACKAGE_NAME"; +#else extern char *__progname; +#endif /* textual representation of log-facilities/levels */ diff --git a/openpam_cred.h b/openpam_cred.h --- a/openpam_cred.h +++ b/openpam_cred.h @@ -34,6 +34,8 @@ struct passwd; +#include "solaris.h" + #if defined(NGROUPS_MAX) && !defined(PAM_SAVED_CRED) #define PAM_SAVED_CRED "pam_saved_cred" struct pam_saved_cred { diff --git a/pam_get_pass.c b/pam_get_pass.c --- a/pam_get_pass.c +++ b/pam_get_pass.c @@ -24,7 +24,11 @@ * SUCH DAMAGE. */ +#if defined (__SVR4) && defined (__sun) +#include "solaris.h" +#else #include +#endif #include #include diff --git a/pam_option.h b/pam_option.h --- a/pam_option.h +++ b/pam_option.h @@ -26,7 +26,11 @@ * $Id: pam_option.h,v 1.1 2002/09/20 00:00:55 akorty Exp $ */ +#if defined (__SVR4) && defined (__sun) +#include "solaris.h" +#else #include +#endif /* Standard options */ @@ -51,7 +55,6 @@ struct options { char *arg; } opt[PAM_MAX_OPTIONS]; }; - __BEGIN_DECLS void pam_std_option(struct options *, struct opttab *, int, const char **); int pam_test_option(struct options *, enum opt, char **); diff --git a/pam_ssh.c b/pam_ssh.c --- a/pam_ssh.c +++ b/pam_ssh.c @@ -40,7 +40,13 @@ /* to get the asprintf() prototype from the glibc headers */ #define _GNU_SOURCE +#if defined (__SVR4) && defined (__sun) +#include "solaris.h" +#include "solaris-io.h" +#else #include +#endif + #include #include #include @@ -75,6 +81,17 @@ # define PAM_SM_PASSWORD #endif +// To make it compile on Solaris +#if defined (__SVR4) && defined (__sun) +#ifdef PAM_STATIC +#define PAM_EXTERN static +#else +#define PAM_EXTERN extern +#endif // PAM_STATIC +#include +#include +#endif // defined (__SVR4) && defined (__sun) + #include #if HAVE_PAM_MOD_MISC_H # include diff --git a/pam_ssh_log.c b/pam_ssh_log.c --- a/pam_ssh_log.c +++ b/pam_ssh_log.c @@ -54,9 +54,18 @@ pam_ssh_log(int priority, const char *fm /* don't log LOG_DEBUG priority unless * PAM debug option is set */ if (priority != LOG_DEBUG || log_debug) { +#ifdef LOG_AUTHPRIV + //#if defined (__SVR4) && defined (__sun) + //Syslog is broken on sun somehow - it's + //causing horrible segfaults. So we printf instead. + //vprintf(fmt, ap); openlog(PACKAGE_NAME, LOG_PID, LOG_AUTHPRIV); +#else + openlog(PACKAGE_NAME, LOG_PID, LOG_AUTH); +#endif va_start(ap, fmt); vsyslog(priority, fmt, ap); + va_end(ap); closelog(); } diff --git a/pam_std_option.c b/pam_std_option.c --- a/pam_std_option.c +++ b/pam_std_option.c @@ -24,7 +24,11 @@ * SUCH DAMAGE. */ +#if defined (__SVR4) && defined (__sun) +#include "solaris.h" +#else #include +#endif #include #include diff --git a/solaris-io.h b/solaris-io.h new file mode 100644 --- /dev/null +++ b/solaris-io.h @@ -0,0 +1,82 @@ +/*- + * + * Copyright (c) 2008, 2009 Robert McLeay + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * +*/ + +#ifndef PAM_SSH_SOLARIS_IO +#define PAM_SSH_SOLARIS_IO +#if defined (__SVR4) && defined (__sun) + +#include +#include +#include + +/* +Function from: http://unixpapa.com/incnote/index.html +This function is in the public domain. +*/ +int vasprintf(char **ret, const char *format, va_list ap) +{ + va_list ap2; + int len= 100; /* First guess at the size */ + if ((*ret= (char *)malloc(len)) == NULL) return -1; + while (1) + { + int nchar; + va_copy(ap2, ap); + nchar= vsnprintf(*ret, len, format, ap2); + if (nchar > -1 && nchar < len) return nchar; + if (nchar > len) + len= nchar+1; + else + len*= 2; + if ((*ret= (char *)realloc(*ret, len)) == NULL) + { + free(*ret); + return -1; + } + } +} + +/* +Function from: http://unixpapa.com/incnote/index.html +This function is in the public domain. +*/ +int asprintf(char **str, const char *fmt, ...) +{ + va_list ap; + int ret; + + *str = NULL; + va_start(ap, fmt); + ret = vasprintf(str, fmt, ap); + va_end(ap); + + return ret; +} + +#endif //Solaris check +#endif diff --git a/solaris.h b/solaris.h new file mode 100644 --- /dev/null +++ b/solaris.h @@ -0,0 +1,60 @@ +/*- + * + * Copyright (c) 2008, 2009 Robert McLeay + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * +*/ + +#ifndef PAM_SSH_SOLARIS +#define PAM_SSH_SOLARIS +#if defined (__SVR4) && defined (__sun) + +// u_int32_t == uint32_t on Solaris +#define u_int32_t uint32_t + +/* Required equivalent to cdefs on linux systems */ +#ifdef __cplusplus +# define __BEGIN_DECLS extern "C" { +# define __END_DECLS } +#else +# define __BEGIN_DECLS +# define __END_DECLS +#endif + +//Define a few missing bits that GNU pam has and we don't +#ifdef PAM_STATIC +#define PAM_EXTERN static +#else +#define PAM_EXTERN extern +#endif //PAM_STATIC + +//We need to include these PRIOR to including pam_modules.h +#include +#include + +//NGROUPS-MAX is defined here +#include + +#endif //Solaris check +#endif