diff options
author | Darren Tucker <dtucker@zip.com.au> | 2003-07-14 16:41:55 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2003-07-14 16:41:55 +1000 |
commit | fc3454ee6752333ce7af349b71be12aa9cbe4fcc (patch) | |
tree | b20e59100fd141acf577c7a9d29b4ded590240ea /openbsd-compat/port-aix.c | |
parent | 30317e37e4c3ba6b0a7c0b21f17760e4f45a6b12 (diff) |
- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
Call setauthdb() before loginfailed(), which may load password registry-
specific functions. Based on patch by cawlfiel@us.ibm.com.
Diffstat (limited to 'openbsd-compat/port-aix.c')
-rw-r--r-- | openbsd-compat/port-aix.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 562923720..7a981634b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -32,6 +32,7 @@ | |||
32 | 32 | ||
33 | #include <uinfo.h> | 33 | #include <uinfo.h> |
34 | #include <../xmalloc.h> | 34 | #include <../xmalloc.h> |
35 | #include "port-aix.h" | ||
35 | 36 | ||
36 | extern ServerOptions options; | 37 | extern ServerOptions options; |
37 | 38 | ||
@@ -92,12 +93,49 @@ record_failed_login(const char *user, const char *ttyname) | |||
92 | { | 93 | { |
93 | char *hostname = get_canonical_hostname(options.use_dns); | 94 | char *hostname = get_canonical_hostname(options.use_dns); |
94 | 95 | ||
96 | if (geteuid() != 0) | ||
97 | return; | ||
98 | |||
99 | aix_setauthdb(user); | ||
95 | # ifdef AIX_LOGINFAILED_4ARG | 100 | # ifdef AIX_LOGINFAILED_4ARG |
96 | loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); | 101 | loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); |
97 | # else | 102 | # else |
98 | loginfailed((char *)user, hostname, (char *)ttyname); | 103 | loginfailed((char *)user, hostname, (char *)ttyname); |
99 | # endif | 104 | # endif |
100 | } | 105 | } |
106 | |||
107 | /* | ||
108 | * If we have setauthdb, retrieve the password registry for the user's | ||
109 | * account then feed it to setauthdb. This may load registry-specific method | ||
110 | * code. If we don't have setauthdb or have already called it this is a no-op. | ||
111 | */ | ||
112 | void | ||
113 | aix_setauthdb(const char *user) | ||
114 | { | ||
115 | # ifdef HAVE_SETAUTHDB | ||
116 | static char *registry = NULL; | ||
117 | |||
118 | if (registry != NULL) /* have already done setauthdb */ | ||
119 | return; | ||
120 | |||
121 | if (setuserdb(S_READ) == -1) { | ||
122 | debug3("%s: Could not open userdb to read", __func__); | ||
123 | return; | ||
124 | } | ||
125 | |||
126 | if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { | ||
127 | if (setauthdb(registry, NULL) == 0) | ||
128 | debug3("%s: AIX/setauthdb set registry %s", __func__, | ||
129 | registry); | ||
130 | else | ||
131 | debug3("%s: AIX/setauthdb set registry %s failed: %s", | ||
132 | __func__, registry, strerror(errno)); | ||
133 | } else | ||
134 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, | ||
135 | strerror(errno)); | ||
136 | enduserdb(); | ||
137 | # endif | ||
138 | } | ||
101 | # endif /* CUSTOM_FAILED_LOGIN */ | 139 | # endif /* CUSTOM_FAILED_LOGIN */ |
102 | #endif /* _AIX */ | 140 | #endif /* _AIX */ |
103 | 141 | ||