- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]

   Include AIX headers for authentication functions and make calls match
   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.

7 files changed, 44 insertions, 12 deletions

diff --git a/ChangeLog b/ChangeLog
index 266756fe3..ea4d4ac20 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20030708
+ - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
+   Include AIX headers for authentication functions and make calls match
+   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.
+
 20030707
  - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
    searching libraries for it.  Fixes build errors on NCR MP-RAS.
@@ -662,4 +667,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.2846 2003/07/07 09:44:01 dtucker Exp $
+$Id: ChangeLog,v 1.2847 2003/07/08 10:52:12 dtucker Exp $
diff --git a/acconfig.h b/acconfig.h
index e6f5ebbbd..23cc9c817 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.157 2003/06/11 12:51:32 djm Exp $ */
+/* $Id: acconfig.h,v 1.158 2003/07/08 10:52:13 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -110,6 +110,9 @@
 /* Define if you want to enable AIX4's authenticate function */
 #undef WITH_AIXAUTHENTICATE
 
+/* Define if your AIX loginfailed() function takes 3 arguments (AIX <= 5.1) */
+#undef AIX_LOGINFAILED_3ARG
+
 /* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
 #undef WITH_IRIX_ARRAY
 
diff --git a/auth-passwd.c b/auth-passwd.c
index 9a94c373f..ea65a0125 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -42,15 +42,13 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $");
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
+#include "canohost.h"
 
 #if !defined(HAVE_OSF_SIA)
 /* Don't need any of these headers for the SIA cases */
 # ifdef HAVE_CRYPT_H
 #  include <crypt.h>
 # endif
-# ifdef WITH_AIXAUTHENTICATE
-#  include <login.h>
-# endif
 # ifdef __hpux
 #  include <hpsecurity.h>
 #  include <prot.h>
diff --git a/configure.ac b/configure.ac
index 8d9143e6c..431c6446b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.131 2003/07/07 09:44:01 dtucker Exp $
+# $Id: configure.ac,v 1.132 2003/07/08 10:52:13 dtucker Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -75,12 +75,25 @@ case "$host" in
                 AC_MSG_RESULT($blibflags)
         fi
         LDFLAGS="$saved_LDFLAGS"
-        AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
+        # Check for authenticate.  Might be in libs.a on older AIXes
+        AC_CHECK_FUNC(authenticate, [with_aixauthenticate=1],
                 [AC_CHECK_LIB(s,authenticate,
-                        [ AC_DEFINE(WITH_AIXAUTHENTICATE)
+                        [       with_aixaixauthenticate=1
                                 LIBS="$LIBS -ls"
                         ])
                 ])
+        # Check if loginfailed takes 3 arguments (AIX <= 5.1)
+        if (test "x$with_aixauthenticate" = "x1" ); then
+                AC_DEFINE(WITH_AIXAUTHENTICATE)
+                AC_MSG_CHECKING(if loginfailed takes 3 arguments)
+                AC_TRY_COMPILE(
+                        [#include <usersec.h>],
+                        [(void)loginfailed("user","host","tty");],
+                        [AC_MSG_RESULT(yes)
+                         AC_DEFINE(AIX_LOGINFAILED_3ARG)],
+                        [AC_MSG_RESULT(no)]
+                )
+        fi
         AC_DEFINE(BROKEN_GETADDRINFO)
         AC_DEFINE(BROKEN_REALPATH)
         dnl AIX handles lastlog as part of its login message
@@ -456,8 +469,8 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
         login_cap.h maillock.h netdb.h netgroup.h \
         netinet/in_systm.h paths.h pty.h readpassphrase.h \
         rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
-        strings.h sys/strtio.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
-        sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
+        strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
+        sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
         sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
         sys/un.h time.h tmpdir.h ttyent.h usersec.h \
         util.h utime.h utmp.h utmpx.h)
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index b4c9454a1..c8d9517b6 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -70,7 +70,11 @@ record_failed_login(const char *user, const char *ttyname)
 {
         char *hostname = get_canonical_hostname(options.use_dns);
 
-        loginfailed(user, hostname, ttyname);
+#  ifdef AIX_LOGINFAILED_3ARG
+        loginfailed((char *)user, hostname, (char *)ttyname);
+#  else
+        loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
+#  endif
 }
 # endif /* CUSTOM_FAILED_LOGIN */
 #endif /* _AIX */
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 2254e7462..2787d919d 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -26,6 +26,15 @@
 
 #ifdef _AIX
 
+#ifdef WITH_AIXAUTHENTICATE
+# include <login.h>
+# include <userpw.h>
+# include <usersec.h>
+# ifdef HAVE_SYS_AUDIT_H
+#  include <sys/audit.h>
+# endif
+#endif
+
 /* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
 #if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
 # define nanosleep(a,b) nsleep(a,b)
diff --git a/session.c b/session.c
index dc9777de9..ac57c3d0f 100644
--- a/session.c
+++ b/session.c
@@ -1215,7 +1215,7 @@ do_setusercontext(struct passwd *pw)
         {
 
 #ifdef HAVE_SETPCRED
-                setpcred(pw->pw_name);
+                setpcred(pw->pw_name, (char **)NULL);
 #endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 # ifdef __bsdi__