diff options
author | Darren Tucker <dtucker@zip.com.au> | 2004-02-06 16:17:51 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2004-02-06 16:17:51 +1100 |
commit | e45674ae8026b9399fc0778a7e964efbcd093689 (patch) | |
tree | 632cae57a5e429a8586661f07a7f592bc4b389ee /openbsd-compat | |
parent | ecc9d46dc53cddb5a220f89e6160b3ca6178bb9c (diff) |
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/port-aix.c | 44 | ||||
-rw-r--r-- | openbsd-compat/port-aix.h | 11 |
2 files changed, 43 insertions, 12 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index a9cbf49b0..6fc2ef771 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -39,6 +39,10 @@ | |||
39 | extern ServerOptions options; | 39 | extern ServerOptions options; |
40 | extern Buffer loginmsg; | 40 | extern Buffer loginmsg; |
41 | 41 | ||
42 | # ifdef HAVE_SETAUTHDB | ||
43 | static char old_registry[REGISTRY_SIZE] = ""; | ||
44 | # endif | ||
45 | |||
42 | /* | 46 | /* |
43 | * AIX has a "usrinfo" area where logname and other stuff is stored - | 47 | * AIX has a "usrinfo" area where logname and other stuff is stored - |
44 | * a few applications actually use this and die if it's not set | 48 | * a few applications actually use this and die if it's not set |
@@ -119,6 +123,7 @@ aix_authenticate(const char *name, const char *password, const char *host) | |||
119 | xfree(msg); | 123 | xfree(msg); |
120 | } | 124 | } |
121 | } | 125 | } |
126 | aix_restoreauthdb(); | ||
122 | } | 127 | } |
123 | 128 | ||
124 | if (authmsg != NULL) | 129 | if (authmsg != NULL) |
@@ -145,22 +150,21 @@ record_failed_login(const char *user, const char *ttyname) | |||
145 | # else | 150 | # else |
146 | loginfailed((char *)user, hostname, (char *)ttyname); | 151 | loginfailed((char *)user, hostname, (char *)ttyname); |
147 | # endif | 152 | # endif |
153 | aix_restoreauthdb(); | ||
148 | } | 154 | } |
149 | # endif /* CUSTOM_FAILED_LOGIN */ | 155 | # endif /* CUSTOM_FAILED_LOGIN */ |
150 | 156 | ||
151 | /* | 157 | /* |
152 | * If we have setauthdb, retrieve the password registry for the user's | 158 | * If we have setauthdb, retrieve the password registry for the user's |
153 | * account then feed it to setauthdb. This may load registry-specific method | 159 | * account then feed it to setauthdb. This will mean that subsequent AIX auth |
154 | * code. If we don't have setauthdb or have already called it this is a no-op. | 160 | * functions will only use the specified loadable module. If we don't have |
161 | * setauthdb this is a no-op. | ||
155 | */ | 162 | */ |
156 | void | 163 | void |
157 | aix_setauthdb(const char *user) | 164 | aix_setauthdb(const char *user) |
158 | { | 165 | { |
159 | # ifdef HAVE_SETAUTHDB | 166 | # ifdef HAVE_SETAUTHDB |
160 | static char *registry = NULL; | 167 | char *registry; |
161 | |||
162 | if (registry != NULL) /* have already done setauthdb */ | ||
163 | return; | ||
164 | 168 | ||
165 | if (setuserdb(S_READ) == -1) { | 169 | if (setuserdb(S_READ) == -1) { |
166 | debug3("%s: Could not open userdb to read", __func__); | 170 | debug3("%s: Could not open userdb to read", __func__); |
@@ -168,12 +172,11 @@ aix_setauthdb(const char *user) | |||
168 | } | 172 | } |
169 | 173 | ||
170 | if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { | 174 | if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { |
171 | if (setauthdb(registry, NULL) == 0) | 175 | if (setauthdb(registry, old_registry) == 0) |
172 | debug3("%s: AIX/setauthdb set registry %s", __func__, | 176 | debug3("AIX/setauthdb set registry '%s'", registry); |
173 | registry); | ||
174 | else | 177 | else |
175 | debug3("%s: AIX/setauthdb set registry %s failed: %s", | 178 | debug3("AIX/setauthdb set registry '%s' failed: %s", |
176 | __func__, registry, strerror(errno)); | 179 | registry, strerror(errno)); |
177 | } else | 180 | } else |
178 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, | 181 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, |
179 | strerror(errno)); | 182 | strerror(errno)); |
@@ -181,6 +184,25 @@ aix_setauthdb(const char *user) | |||
181 | # endif /* HAVE_SETAUTHDB */ | 184 | # endif /* HAVE_SETAUTHDB */ |
182 | } | 185 | } |
183 | 186 | ||
187 | /* | ||
188 | * Restore the user's registry settings from old_registry. | ||
189 | * Note that if the first aix_setauthdb fails, setauthdb("") is still safe | ||
190 | * (it restores the system default behaviour). If we don't have setauthdb, | ||
191 | * this is a no-op. | ||
192 | */ | ||
193 | void | ||
194 | aix_restoreauthdb(void) | ||
195 | { | ||
196 | # ifdef HAVE_SETAUTHDB | ||
197 | if (setauthdb(old_registry, NULL) == 0) | ||
198 | debug3("%s: restoring old registry '%s'", __func__, | ||
199 | old_registry); | ||
200 | else | ||
201 | debug3("%s: failed to restore old registry %s", __func__, | ||
202 | old_registry); | ||
203 | # endif /* HAVE_SETAUTHDB */ | ||
204 | } | ||
205 | |||
184 | # endif /* WITH_AIXAUTHENTICATE */ | 206 | # endif /* WITH_AIXAUTHENTICATE */ |
185 | 207 | ||
186 | #endif /* _AIX */ | 208 | #endif /* _AIX */ |
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 975cdf051..930b3f248 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-aix.h,v 1.16 2003/11/22 03:16:57 dtucker Exp $ */ | 1 | /* $Id: port-aix.h,v 1.17 2004/02/06 05:17:52 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * | 4 | * |
@@ -51,6 +51,14 @@ | |||
51 | # include <sys/timers.h> | 51 | # include <sys/timers.h> |
52 | #endif | 52 | #endif |
53 | 53 | ||
54 | /* | ||
55 | * According to the setauthdb man page, AIX password registries must be 15 | ||
56 | * chars or less plus terminating NUL. | ||
57 | */ | ||
58 | #ifdef HAVE_SETAUTHDB | ||
59 | # define REGISTRY_SIZE 16 | ||
60 | #endif | ||
61 | |||
54 | void aix_usrinfo(struct passwd *); | 62 | void aix_usrinfo(struct passwd *); |
55 | 63 | ||
56 | #ifdef WITH_AIXAUTHENTICATE | 64 | #ifdef WITH_AIXAUTHENTICATE |
@@ -60,5 +68,6 @@ void record_failed_login(const char *, const char *); | |||
60 | 68 | ||
61 | int aix_authenticate(const char *, const char *, const char *); | 69 | int aix_authenticate(const char *, const char *, const char *); |
62 | void aix_setauthdb(const char *); | 70 | void aix_setauthdb(const char *); |
71 | void aix_restoreauthdb(void); | ||
63 | void aix_remove_embedded_newlines(char *); | 72 | void aix_remove_embedded_newlines(char *); |
64 | #endif /* _AIX */ | 73 | #endif /* _AIX */ |