- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]

Call setauthdb() before loginfailed(), which may load password registry- specific functions. Based on patch by cawlfiel@us.ibm.com.
author: Darren Tucker <dtucker@zip.com.au> 2003-07-14 16:41:55 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2003-07-14 16:41:55 +1000
commit: fc3454ee6752333ce7af349b71be12aa9cbe4fcc (patch)
tree: b20e59100fd141acf577c7a9d29b4ded590240ea /openbsd-compat/port-aix.c
parent: 30317e37e4c3ba6b0a7c0b21f17760e4f45a6b12 (diff)
1 files changed, 38 insertions, 0 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 562923720..7a981634b 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -32,6 +32,7 @@
 #include <uinfo.h>
 #include <../xmalloc.h>
+#include "port-aix.h"
 extern ServerOptions options;
@@ -92,12 +93,49 @@ record_failed_login(const char *user, const char *ttyname)
 {
        char *hostname = get_canonical_hostname(options.use_dns);
+        if (geteuid() != 0)
+                return;
+        aix_setauthdb(user);
 #  ifdef AIX_LOGINFAILED_4ARG
        loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
 #  else
        loginfailed((char *)user, hostname, (char *)ttyname);
 #  endif
 }
+/*
+ * If we have setauthdb, retrieve the password registry for the user's
+ * account then feed it to setauthdb.  This may load registry-specific method
+ * code.  If we don't have setauthdb or have already called it this is a no-op.
+ */
+void
+aix_setauthdb(const char *user)
+{
+#  ifdef HAVE_SETAUTHDB
+        static char *registry = NULL;
+        if (registry != NULL)   /* have already done setauthdb */
+                return;
+        if (setuserdb(S_READ) == -1) {
+                debug3("%s: Could not open userdb to read", __func__);
+                return;
+        }
+        
+        if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
+                if (setauthdb(registry, NULL) == 0)
+                        debug3("%s: AIX/setauthdb set registry %s", __func__,
+                            registry);
+                else 
+                        debug3("%s: AIX/setauthdb set registry %s failed: %s",
+                            __func__, registry, strerror(errno));
+        } else
+                debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
+                    strerror(errno));
+        enduserdb();
+#  endif
+}
 # endif /* CUSTOM_FAILED_LOGIN */
 #endif /* _AIX */
author	Darren Tucker <dtucker@zip.com.au>	2003-07-14 16:41:55 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2003-07-14 16:41:55 +1000
commit	fc3454ee6752333ce7af349b71be12aa9cbe4fcc (patch)
tree	b20e59100fd141acf577c7a9d29b4ded590240ea /openbsd-compat/port-aix.c
parent	30317e37e4c3ba6b0a7c0b21f17760e4f45a6b12 (diff)

diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 562923720..7a981634b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c
@@ -32,6 +32,7 @@
32		32
33	#include <uinfo.h>	33	#include <uinfo.h>
34	#include <../xmalloc.h>	34	#include <../xmalloc.h>
		35	#include "port-aix.h"
35		36
36	extern ServerOptions options;	37	extern ServerOptions options;
37		38
@@ -92,12 +93,49 @@ record_failed_login(const char user, const char ttyname)
92	{	93	{
93	char *hostname = get_canonical_hostname(options.use_dns);	94	char *hostname = get_canonical_hostname(options.use_dns);
94		95
		96	if (geteuid() != 0)
		97	return;
		98
		99	aix_setauthdb(user);
95	# ifdef AIX_LOGINFAILED_4ARG	100	# ifdef AIX_LOGINFAILED_4ARG
96	loginfailed((char )user, hostname, (char )ttyname, AUDIT_FAIL_AUTH);	101	loginfailed((char )user, hostname, (char )ttyname, AUDIT_FAIL_AUTH);
97	# else	102	# else
98	loginfailed((char )user, hostname, (char )ttyname);	103	loginfailed((char )user, hostname, (char )ttyname);
99	# endif	104	# endif
100	}	105	}
		106
		107	/*
		108	* If we have setauthdb, retrieve the password registry for the user's
		109	* account then feed it to setauthdb. This may load registry-specific method
		110	* code. If we don't have setauthdb or have already called it this is a no-op.
		111	*/
		112	void
		113	aix_setauthdb(const char *user)
		114	{
		115	# ifdef HAVE_SETAUTHDB
		116	static char *registry = NULL;
		117
		118	if (registry != NULL) /* have already done setauthdb */
		119	return;
		120
		121	if (setuserdb(S_READ) == -1) {
		122	debug3("%s: Could not open userdb to read", __func__);
		123	return;
		124	}
		125
		126	if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
		127	if (setauthdb(registry, NULL) == 0)
		128	debug3("%s: AIX/setauthdb set registry %s", __func__,
		129	registry);
		130	else
		131	debug3("%s: AIX/setauthdb set registry %s failed: %s",
		132	__func__, registry, strerror(errno));
		133	} else
		134	debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
		135	strerror(errno));
		136	enduserdb();
		137	# endif
		138	}
101	# endif /* CUSTOM_FAILED_LOGIN */	139	# endif /* CUSTOM_FAILED_LOGIN */
102	#endif /* _AIX */	140	#endif /* _AIX */
103		141