diff options
author | Darren Tucker <dtucker@zip.com.au> | 2003-07-14 16:41:55 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2003-07-14 16:41:55 +1000 |
commit | fc3454ee6752333ce7af349b71be12aa9cbe4fcc (patch) | |
tree | b20e59100fd141acf577c7a9d29b4ded590240ea | |
parent | 30317e37e4c3ba6b0a7c0b21f17760e4f45a6b12 (diff) |
- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
Call setauthdb() before loginfailed(), which may load password registry-
specific functions. Based on patch by cawlfiel@us.ibm.com.
-rw-r--r-- | CREDITS | 3 | ||||
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | configure.ac | 3 | ||||
-rw-r--r-- | openbsd-compat/port-aix.c | 38 | ||||
-rw-r--r-- | openbsd-compat/port-aix.h | 1 |
5 files changed, 47 insertions, 3 deletions
@@ -49,6 +49,7 @@ Juergen Keil <jk@tools.de> - scp bugfixing | |||
49 | KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes | 49 | KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes |
50 | Kees Cook <cook@cpoint.net> - scp fixes | 50 | Kees Cook <cook@cpoint.net> - scp fixes |
51 | Kenji Miyake <kenji@miyake.org> - Configure fixes | 51 | Kenji Miyake <kenji@miyake.org> - Configure fixes |
52 | Kevin Cawlfield <cawlfiel@us.ibm.com> - AIX fixes. | ||
52 | Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation | 53 | Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation |
53 | Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements | 54 | Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements |
54 | Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes | 55 | Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes |
@@ -92,5 +93,5 @@ Apologies to anyone I have missed. | |||
92 | 93 | ||
93 | Damien Miller <djm@mindrot.org> | 94 | Damien Miller <djm@mindrot.org> |
94 | 95 | ||
95 | $Id: CREDITS,v 1.69 2003/06/28 04:27:29 dtucker Exp $ | 96 | $Id: CREDITS,v 1.70 2003/07/14 06:41:55 dtucker Exp $ |
96 | 97 | ||
@@ -3,6 +3,9 @@ | |||
3 | loginfailed at all, so assume 3-arg loginfailed if not declared. | 3 | loginfailed at all, so assume 3-arg loginfailed if not declared. |
4 | - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by | 4 | - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by |
5 | undef'ing it. | 5 | undef'ing it. |
6 | - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h] | ||
7 | Call setauthdb() before loginfailed(), which may load password registry- | ||
8 | specific functions. Based on patch by cawlfiel@us.ibm.com. | ||
6 | 9 | ||
7 | 20030708 | 10 | 20030708 |
8 | - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] | 11 | - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] |
@@ -676,4 +679,4 @@ | |||
676 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 679 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
677 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 680 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
678 | 681 | ||
679 | $Id: ChangeLog,v 1.2851 2003/07/14 06:26:51 dtucker Exp $ | 682 | $Id: ChangeLog,v 1.2852 2003/07/14 06:41:55 dtucker Exp $ |
diff --git a/configure.ac b/configure.ac index 8a23469ad..516a24437 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.133 2003/07/14 06:21:44 dtucker Exp $ | 1 | # $Id: configure.ac,v 1.134 2003/07/14 06:41:55 dtucker Exp $ |
2 | 2 | ||
3 | AC_INIT | 3 | AC_INIT |
4 | AC_CONFIG_SRCDIR([ssh.c]) | 4 | AC_CONFIG_SRCDIR([ssh.c]) |
@@ -95,6 +95,7 @@ case "$host" in | |||
95 | [], | 95 | [], |
96 | [#include <usersec.h>] | 96 | [#include <usersec.h>] |
97 | ) | 97 | ) |
98 | AC_CHECK_FUNCS(setauthdb) | ||
98 | AC_DEFINE(BROKEN_GETADDRINFO) | 99 | AC_DEFINE(BROKEN_GETADDRINFO) |
99 | AC_DEFINE(BROKEN_REALPATH) | 100 | AC_DEFINE(BROKEN_REALPATH) |
100 | dnl AIX handles lastlog as part of its login message | 101 | dnl AIX handles lastlog as part of its login message |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 562923720..7a981634b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -32,6 +32,7 @@ | |||
32 | 32 | ||
33 | #include <uinfo.h> | 33 | #include <uinfo.h> |
34 | #include <../xmalloc.h> | 34 | #include <../xmalloc.h> |
35 | #include "port-aix.h" | ||
35 | 36 | ||
36 | extern ServerOptions options; | 37 | extern ServerOptions options; |
37 | 38 | ||
@@ -92,12 +93,49 @@ record_failed_login(const char *user, const char *ttyname) | |||
92 | { | 93 | { |
93 | char *hostname = get_canonical_hostname(options.use_dns); | 94 | char *hostname = get_canonical_hostname(options.use_dns); |
94 | 95 | ||
96 | if (geteuid() != 0) | ||
97 | return; | ||
98 | |||
99 | aix_setauthdb(user); | ||
95 | # ifdef AIX_LOGINFAILED_4ARG | 100 | # ifdef AIX_LOGINFAILED_4ARG |
96 | loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); | 101 | loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); |
97 | # else | 102 | # else |
98 | loginfailed((char *)user, hostname, (char *)ttyname); | 103 | loginfailed((char *)user, hostname, (char *)ttyname); |
99 | # endif | 104 | # endif |
100 | } | 105 | } |
106 | |||
107 | /* | ||
108 | * If we have setauthdb, retrieve the password registry for the user's | ||
109 | * account then feed it to setauthdb. This may load registry-specific method | ||
110 | * code. If we don't have setauthdb or have already called it this is a no-op. | ||
111 | */ | ||
112 | void | ||
113 | aix_setauthdb(const char *user) | ||
114 | { | ||
115 | # ifdef HAVE_SETAUTHDB | ||
116 | static char *registry = NULL; | ||
117 | |||
118 | if (registry != NULL) /* have already done setauthdb */ | ||
119 | return; | ||
120 | |||
121 | if (setuserdb(S_READ) == -1) { | ||
122 | debug3("%s: Could not open userdb to read", __func__); | ||
123 | return; | ||
124 | } | ||
125 | |||
126 | if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { | ||
127 | if (setauthdb(registry, NULL) == 0) | ||
128 | debug3("%s: AIX/setauthdb set registry %s", __func__, | ||
129 | registry); | ||
130 | else | ||
131 | debug3("%s: AIX/setauthdb set registry %s failed: %s", | ||
132 | __func__, registry, strerror(errno)); | ||
133 | } else | ||
134 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, | ||
135 | strerror(errno)); | ||
136 | enduserdb(); | ||
137 | # endif | ||
138 | } | ||
101 | # endif /* CUSTOM_FAILED_LOGIN */ | 139 | # endif /* CUSTOM_FAILED_LOGIN */ |
102 | #endif /* _AIX */ | 140 | #endif /* _AIX */ |
103 | 141 | ||
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 2e5def54e..25ceb5b19 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -53,6 +53,7 @@ | |||
53 | #ifdef WITH_AIXAUTHENTICATE | 53 | #ifdef WITH_AIXAUTHENTICATE |
54 | # define CUSTOM_FAILED_LOGIN 1 | 54 | # define CUSTOM_FAILED_LOGIN 1 |
55 | void record_failed_login(const char *user, const char *ttyname); | 55 | void record_failed_login(const char *user, const char *ttyname); |
56 | void aix_setauthdb(const char *); | ||
56 | #endif | 57 | #endif |
57 | 58 | ||
58 | void aix_usrinfo(struct passwd *pw); | 59 | void aix_usrinfo(struct passwd *pw); |