diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2003-11-22 14:16:56 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2003-11-22 14:16:56 +1100 |
| commit | d76341616dfebd4addc9c9594767ab1832ccb100 (patch) | |
| tree | c47fc617084c1c068e065a11b633db595e262fd1 /openbsd-compat/port-aix.c | |
| parent | 0eae4422350c4903a23d20b8a5153f939d721428 (diff) | |
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
Diffstat (limited to 'openbsd-compat/port-aix.c')
| -rw-r--r-- | openbsd-compat/port-aix.c | 64 |
1 files changed, 54 insertions, 10 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 9fbcce936..a9cbf49b0 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
| @@ -29,6 +29,7 @@ | |||
| 29 | #include "servconf.h" | 29 | #include "servconf.h" |
| 30 | #include "canohost.h" | 30 | #include "canohost.h" |
| 31 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
| 32 | #include "buffer.h" | ||
| 32 | 33 | ||
| 33 | #ifdef _AIX | 34 | #ifdef _AIX |
| 34 | 35 | ||
| @@ -36,6 +37,7 @@ | |||
| 36 | #include "port-aix.h" | 37 | #include "port-aix.h" |
| 37 | 38 | ||
| 38 | extern ServerOptions options; | 39 | extern ServerOptions options; |
| 40 | extern Buffer loginmsg; | ||
| 39 | 41 | ||
| 40 | /* | 42 | /* |
| 41 | * AIX has a "usrinfo" area where logname and other stuff is stored - | 43 | * AIX has a "usrinfo" area where logname and other stuff is stored - |
| @@ -63,7 +65,7 @@ aix_usrinfo(struct passwd *pw) | |||
| 63 | xfree(cp); | 65 | xfree(cp); |
| 64 | } | 66 | } |
| 65 | 67 | ||
| 66 | #ifdef WITH_AIXAUTHENTICATE | 68 | # ifdef WITH_AIXAUTHENTICATE |
| 67 | /* | 69 | /* |
| 68 | * Remove embedded newlines in string (if any). | 70 | * Remove embedded newlines in string (if any). |
| 69 | * Used before logging messages returned by AIX authentication functions | 71 | * Used before logging messages returned by AIX authentication functions |
| @@ -83,27 +85,68 @@ aix_remove_embedded_newlines(char *p) | |||
| 83 | if (*--p == ' ') | 85 | if (*--p == ' ') |
| 84 | *p = '\0'; | 86 | *p = '\0'; |
| 85 | } | 87 | } |
| 86 | #endif /* WITH_AIXAUTHENTICATE */ | 88 | |
| 89 | /* | ||
| 90 | * Do authentication via AIX's authenticate routine. We loop until the | ||
| 91 | * reenter parameter is 0, but normally authenticate is called only once. | ||
| 92 | * | ||
| 93 | * Note: this function returns 1 on success, whereas AIX's authenticate() | ||
| 94 | * returns 0. | ||
| 95 | */ | ||
| 96 | int | ||
| 97 | aix_authenticate(const char *name, const char *password, const char *host) | ||
| 98 | { | ||
| 99 | char *authmsg = NULL, *msg; | ||
| 100 | int authsuccess = 0, reenter, result; | ||
| 101 | |||
| 102 | do { | ||
| 103 | result = authenticate((char *)name, (char *)password, &reenter, | ||
| 104 | &authmsg); | ||
| 105 | aix_remove_embedded_newlines(authmsg); | ||
| 106 | debug3("AIX/authenticate result %d, msg %.100s", result, | ||
| 107 | authmsg); | ||
| 108 | } while (reenter); | ||
| 109 | |||
| 110 | if (result == 0) { | ||
| 111 | authsuccess = 1; | ||
| 112 | |||
| 113 | /* No pty yet, so just label the line as "ssh" */ | ||
| 114 | aix_setauthdb(name); | ||
| 115 | if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) { | ||
| 116 | if (msg != NULL) { | ||
| 117 | debug("%s: msg %s", __func__, msg); | ||
| 118 | buffer_append(&loginmsg, msg, strlen(msg)); | ||
| 119 | xfree(msg); | ||
| 120 | } | ||
| 121 | } | ||
| 122 | } | ||
| 123 | |||
| 124 | if (authmsg != NULL) | ||
| 125 | xfree(authmsg); | ||
| 126 | |||
| 127 | return authsuccess; | ||
| 128 | } | ||
| 87 | 129 | ||
| 88 | # ifdef CUSTOM_FAILED_LOGIN | 130 | # ifdef CUSTOM_FAILED_LOGIN |
| 89 | /* | 131 | /* |
| 90 | * record_failed_login: generic "login failed" interface function | 132 | * record_failed_login: generic "login failed" interface function |
| 91 | */ | 133 | */ |
| 92 | void | 134 | void |
| 93 | record_failed_login(const char *user, const char *ttyname) | 135 | record_failed_login(const char *user, const char *ttyname) |
| 94 | { | 136 | { |
| 95 | char *hostname = get_canonical_hostname(options.use_dns); | 137 | char *hostname = (char *)get_canonical_hostname(options.use_dns); |
| 96 | 138 | ||
| 97 | if (geteuid() != 0) | 139 | if (geteuid() != 0) |
| 98 | return; | 140 | return; |
| 99 | 141 | ||
| 100 | aix_setauthdb(user); | 142 | aix_setauthdb(user); |
| 101 | # ifdef AIX_LOGINFAILED_4ARG | 143 | # ifdef AIX_LOGINFAILED_4ARG |
| 102 | loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); | 144 | loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); |
| 103 | # else | 145 | # else |
| 104 | loginfailed((char *)user, hostname, (char *)ttyname); | 146 | loginfailed((char *)user, hostname, (char *)ttyname); |
| 105 | # endif | 147 | # endif |
| 106 | } | 148 | } |
| 149 | # endif /* CUSTOM_FAILED_LOGIN */ | ||
| 107 | 150 | ||
| 108 | /* | 151 | /* |
| 109 | * If we have setauthdb, retrieve the password registry for the user's | 152 | * If we have setauthdb, retrieve the password registry for the user's |
| @@ -135,8 +178,9 @@ aix_setauthdb(const char *user) | |||
| 135 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, | 178 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, |
| 136 | strerror(errno)); | 179 | strerror(errno)); |
| 137 | enduserdb(); | 180 | enduserdb(); |
| 138 | # endif | 181 | # endif /* HAVE_SETAUTHDB */ |
| 139 | } | 182 | } |
| 140 | # endif /* CUSTOM_FAILED_LOGIN */ | ||
| 141 | #endif /* _AIX */ | ||
| 142 | 183 | ||
| 184 | # endif /* WITH_AIXAUTHENTICATE */ | ||
| 185 | |||
| 186 | #endif /* _AIX */ | ||