Give OpenSSH TIS client-side authentication.

Submitted by:	peter

security/openssh/files/patch-ac

@@ -0,0 +1,10 @@
+--- readconf.h.dist	Fri Nov 19 23:32:48 1999
++++ readconf.h	Fri Nov 19 23:48:22 1999
+@@ -54,6 +54,7 @@
+   int compression;		/* Compress packets in both directions. */
+   int compression_level;	/* Compression level 1 (fast) to 9 (best). */
+   int keepalives;		/* Set SO_KEEPALIVE. */
++  int tis_authentication;	/* TIS client-side authentication */
+   LogLevel log_level;		/* Level for logging. */
+ 
+   int port;			/* Port to connect. */

security/openssh/files/patch-ad

@@ -0,0 +1,35 @@
+--- readconf.c.dist	Fri Nov 19 23:32:48 1999
++++ readconf.c	Fri Nov 19 23:41:27 1999
+@@ -369,13 +369,8 @@
+       goto parse_int;
+       
+     case oTISAuthentication:
+-      cp = strtok(NULL, WHITESPACE);
+-      if (cp != 0 && (strcmp(cp, "yes") == 0 || strcmp(cp, "true") == 0))
+-	fprintf(stderr,
+-		"%.99s line %d: Warning, TIS is not supported.\n",
+-		filename,
+-		linenum);
+-      break;
++      intptr = &options->tis_authentication;
++      goto parse_flag;
+ 
+     case oCompressionLevel:
+       intptr = &options->compression_level;
+@@ -655,6 +650,7 @@
+   options->num_local_forwards = 0;
+   options->num_remote_forwards = 0;
+   options->log_level = (LogLevel)-1;
++  options->tis_authentication = -1;
+ }
+ 
+ /* Called after processing other sources of option data, this fills those
+@@ -727,6 +723,8 @@
+     options->user_hostfile = SSH_USER_HOSTFILE;
+   if (options->log_level == (LogLevel)-1)
+     options->log_level = SYSLOG_LEVEL_INFO;
++  if (options->tis_authentication == -1)
++    options->tis_authentication = 0;
+   /* options->proxy_command should not be set by default */
+   /* options->user will be set in the main program if appropriate */
+   /* options->hostname will be set in the main program if appropriate */

security/openssh/files/patch-ae

@@ -0,0 +1,43 @@
+--- sshconnect.c.orig	Fri Nov 19 23:54:54 1999
++++ sshconnect.c	Fri Nov 19 23:56:22 1999
+@@ -1496,6 +1496,40 @@
+ 	  return; /* Successful connection. */
+     }
+   
++  /* Support for TIS authentication server obtained from
++     Andre April <Andre.April@cediti.be>. */
++  if ((supported_authentications & (1 << SSH_AUTH_TIS)) &&
++      options.tis_authentication && !options.batch_mode)
++    {
++      char *prompt;
++      debug("Doing TIS authentication.");
++      if (options.cipher == SSH_CIPHER_NONE)
++	log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
++      packet_start(SSH_CMSG_AUTH_TIS);
++      packet_send();
++      packet_write_wait();
++      type = packet_read(&payload_len);
++      if (type == SSH_SMSG_FAILURE)
++	debug("User cannot be identifier on authentication server.");
++      else {
++	if (type != SSH_SMSG_AUTH_TIS_CHALLENGE)
++	  packet_disconnect("Protocol error: got %d in response to TIS auth request", type);
++	prompt = packet_get_string(NULL);
++	password = read_passphrase(prompt, 0);
++	packet_start(SSH_CMSG_AUTH_TIS_RESPONSE);
++	packet_put_string(password, strlen(password));
++	memset(password, 0, strlen(password));
++	xfree(password);
++	packet_send();
++	packet_write_wait();
++        type = packet_read(&payload_len);
++	if (type == SSH_SMSG_SUCCESS)
++	  return;
++	if (type != SSH_SMSG_FAILURE)
++	  packet_disconnect("Protocol error: got %d in response to TIS auth", type);
++      }
++    }
++
+   /* Try password authentication if the server supports it. */
+   if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
+       options.password_authentication && !options.batch_mode)

security/openssh/files/patch-af

@@ -0,0 +1,11 @@
+--- ssh.h.dist	Fri Nov 19 23:50:37 1999
++++ ssh.h	Fri Nov 19 23:50:22 1999
+@@ -141,7 +141,7 @@
+ #define SSH_AUTH_RSA		2
+ #define SSH_AUTH_PASSWORD	3
+ #define SSH_AUTH_RHOSTS_RSA	4
+-				/* 5 is TIS */
++#define SSH_AUTH_TIS		5
+ #define SSH_AUTH_KERBEROS	6
+ #define SSH_PASS_KERBEROS_TGT	7
+ 				/* 8 to 15 are reserved */