- (dtucker) Move handling of bad password authentications into a platform

   specific record_failed_login() function (affects AIX & Unicos).

8 files changed, 41 insertions, 19 deletions

diff --git a/ChangeLog b/ChangeLog
index a3bf76549..c850954be 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 20030502
  - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
    privsep should now work.
+ - (dtucker) Move handling of bad password authentications into a platform
+   specific record_failed_login() function (affects AIX & Unicos).
 
 20030429
  - (djm) Add back radix.o (used by AFS support), after it went missing from
@@ -1360,4 +1362,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2665 2003/05/02 10:48:21 dtucker Exp $
+$Id: ChangeLog,v 1.2666 2003/05/02 13:42:25 dtucker Exp $
diff --git a/auth.c b/auth.c
index ba26034d5..10f7b2a1f 100644
--- a/auth.c
+++ b/auth.c
@@ -268,13 +268,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
             get_remote_port(),
             info);
 
-#ifdef WITH_AIXAUTHENTICATE
+#ifdef CUSTOM_FAILED_LOGIN
         if (authenticated == 0 && strcmp(method, "password") == 0)
-            loginfailed(authctxt->user,
-                get_canonical_hostname(options.verify_reverse_mapping),
-                "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
-
+                record_failed_login(authctxt->user, "ssh");
+#endif
 }
 
 /*
@@ -496,10 +493,8 @@ getpwnamallow(const char *user)
         if (pw == NULL) {
                 logit("Illegal user %.100s from %.100s",
                     user, get_remote_ipaddr());
-#ifdef WITH_AIXAUTHENTICATE
-                loginfailed(user,
-                    get_canonical_hostname(options.verify_reverse_mapping),
-                    "ssh");
+#ifdef CUSTOM_FAILED_LOGIN
+                record_failed_login(user, "ssh");
 #endif
                 return (NULL);
         }
diff --git a/auth1.c b/auth1.c
index 7b40d70f4..e7d744f6e 100644
--- a/auth1.c
+++ b/auth1.c
@@ -311,8 +311,6 @@ do_authloop(Authctxt *authctxt)
                             authctxt->user);
 
 #ifdef _UNICOS
-                if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
-                        cray_login_failure(authctxt->user, IA_UDBERR);
                 if (authenticated && cray_access_denied(authctxt->user)) {
                         authenticated = 0;
                         fatal("Access denied for user %s.",authctxt->user);
diff --git a/auth2.c b/auth2.c
index 9c4919969..ee6931810 100644
--- a/auth2.c
+++ b/auth2.c
@@ -240,10 +240,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
         } else {
                 if (authctxt->failures++ > AUTH_FAIL_MAX)
                         packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
-#ifdef _UNICOS
-                if (strcmp(method, "password") == 0)
-                        cray_login_failure(authctxt->user, IA_UDBERR);
-#endif /* _UNICOS */
                 methods = authmethods_get();
                 packet_start(SSH2_MSG_USERAUTH_FAILURE);
                 packet_put_cstring(methods);
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
index edb3112b3..4875af868 100644
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
+ * $Id: bsd-cray.c,v 1.9 2003/05/02 13:42:25 dtucker Exp $
  *
  * bsd-cray.c
  *
@@ -143,6 +143,14 @@ cray_access_denied(char *username)
         return (errcode);
 }
 
+/*
+ * record_failed_login: generic "login failed" interface function
+ */
+record_failed_login(const char *user, const char *ttyname)
+{
+        cray_login_failure((char *)user, IA_UDBERR);
+}
+
 int
 cray_setup (uid_t uid, char *username, const char *command)
 {
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
index a09954f2f..d2489f4bf 100644
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@@ -1,5 +1,5 @@
 /* 
- * $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $
+ * $Id: bsd-cray.h,v 1.8 2003/05/02 13:42:25 dtucker Exp $
  *
  * bsd-cray.h
  *
@@ -42,6 +42,8 @@ void cray_init_job(struct passwd *);		/* init cray job */
 void cray_job_termination_handler(int);         /* process end of job signal */
 void cray_login_failure(char *username, int errcode);
 int cray_access_denied(char *username);
+#define CUSTOM_FAILED_LOGIN 1
+void record_failed_login(const char *user, const char *ttyname);
 extern  char   cray_tmpdir[];                   /* cray tmpdir */
 #ifndef IA_SSHD
 #define IA_SSHD IA_LOGIN
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 4c96a3171..cddc0907f 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -24,12 +24,17 @@
  *
  */
 #include "includes.h"
+#include "ssh.h"
+#include "log.h"
+#include "servconf.h"
 
 #ifdef _AIX
 
 #include <uinfo.h>
 #include <../xmalloc.h>
 
+extern ServerOptions options;
+
 /*
  * AIX has a "usrinfo" area where logname and other stuff is stored - 
  * a few applications actually use this and die if it's not set
@@ -52,5 +57,16 @@ aix_usrinfo(struct passwd *pw)
         xfree(cp);
 }
 
+# ifdef CUSTOM_FAILED_LOGIN
+/*
+ * record_failed_login: generic "login failed" interface function
+ */
+void
+record_failed_login(const char *user, const char *ttyname)
+{
+        loginfailed(user,
+            get_canonical_hostname(options.verify_reverse_mapping), ttyname);
+}
+# endif /* CUSTOM_FAILED_LOGIN */
 #endif /* _AIX */
 
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 4abe00316..2254e7462 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -36,5 +36,10 @@
 # include <sys/timers.h>
 #endif
 
+#ifdef WITH_AIXAUTHENTICATE
+# define CUSTOM_FAILED_LOGIN 1
+void record_failed_login(const char *user, const char *ttyname);
+#endif
+
 void aix_usrinfo(struct passwd *pw);
 #endif /* _AIX */