*** ssh-2.0.13/apps/ssh/auths-passwd.c Tue May 11 01:34:45 1999 --- ssh-2.0.13.securid/apps/ssh/auths-passwd.c Thu May 18 11:42:32 2000 *************** *** 21,26 **** --- 21,39 ---- #include "sshserver.h" #include "sshconfig.h" + #ifdef HAVE_SECURID + /* Support for Security Dynamics SecurID card. + Contributed by Donald McKillican . */ + #include "sdi_athd.h" + #include "sdi_size.h" + #include "sdi_type.h" + #include "sdacmvls.h" + #include "sdconf.h" + union config_record configure; + static int securid_initialized = 0; + struct SD_CLIENT sd_dat, *sd; + #endif /* HAVE_SECURID */ + #define SSH_DEBUG_MODULE "Ssh2AuthPasswdServer" /* Password authentication. This handles all forms of password authentication, *************** *** 139,145 **** --- 152,192 ---- "kerberos passwd")); goto password_ok; } + #ifdef HAVE_SECURID + /* Support for Security Dynamics SecurId card. + Contributed by Donald McKillican . */ + + /* The user has a SecurID card. */ + SSH_DEBUG(2 ,("SecurID authentication for %.100s required.", server_user)); + + /* + * if no pass code has been supplied, fail immediately: passing + * a null pass code to sd_check causes a core dump + */ + if (*password == '\0') + { + + SSH_DEBUG(2 ,("No pass code given, authentication rejected.")); + goto password_bad; + } + sd = &sd_dat; + if (!securid_initialized) + { + memset(&sd_dat, 0, sizeof(sd_dat)); /* clear struct */ + creadcfg(); /* accesses sdconf.rec */ + if (sd_init(sd)) { + SSH_DEBUG(2 ,("Cannot contact securid server.")); + goto password_bad; + } + securid_initialized = 1; + } + if (sd_check(password, user, sd) == ACM_OK){ + goto password_ok; + }else{ + goto password_bad; + } + #endif /* HAVE_SECURID */ /* Try a local password (either normal or shadow). */ #ifdef HAVE_SIA if (ssh_user_validate_local_password(uc,