diff options
| author | Damien Miller <djm@mindrot.org> | 2000-01-23 10:32:03 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-01-23 10:32:03 +1100 |
| commit | 1fa154bb1e06bfb4f8d6b95f09a6352d38577c57 (patch) | |
| tree | 62678a152fab75d8062dff6eb85e72db6fb27acc /sshd.c | |
| parent | 6fe375dee4f0c5b81026d7eb9dc00cf75645b241 (diff) | |
- AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
<drankin@bohemians.lexington.ky.us>
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 38 |
1 files changed, 36 insertions, 2 deletions
| @@ -1099,6 +1099,9 @@ allowed_user(struct passwd * pw) | |||
| 1099 | { | 1099 | { |
| 1100 | struct group *grp; | 1100 | struct group *grp; |
| 1101 | int i; | 1101 | int i; |
| 1102 | #ifdef WITH_AIXAUTHENTICATE | ||
| 1103 | char *loginmsg; | ||
| 1104 | #endif /* WITH_AIXAUTHENTICATE */ | ||
| 1102 | 1105 | ||
| 1103 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ | 1106 | /* Shouldn't be called if pw is NULL, but better safe than sorry... */ |
| 1104 | if (!pw) | 1107 | if (!pw) |
| @@ -1155,6 +1158,12 @@ allowed_user(struct passwd * pw) | |||
| 1155 | return 0; | 1158 | return 0; |
| 1156 | } | 1159 | } |
| 1157 | } | 1160 | } |
| 1161 | |||
| 1162 | #ifdef WITH_AIXAUTHENTICATE | ||
| 1163 | if (loginrestrictions(pw->pw_name,S_LOGIN,NULL,&loginmsg) != 0) | ||
| 1164 | return 0; | ||
| 1165 | #endif /* WITH_AIXAUTHENTICATE */ | ||
| 1166 | |||
| 1158 | /* We found no reason not to let this user try to log on... */ | 1167 | /* We found no reason not to let this user try to log on... */ |
| 1159 | return 1; | 1168 | return 1; |
| 1160 | } | 1169 | } |
| @@ -1179,6 +1188,10 @@ do_authentication() | |||
| 1179 | 1188 | ||
| 1180 | setproctitle("%s", user); | 1189 | setproctitle("%s", user); |
| 1181 | 1190 | ||
| 1191 | #ifdef WITH_AIXAUTHENTICATE | ||
| 1192 | char *loginmsg; | ||
| 1193 | #endif /* WITH_AIXAUTHENTICATE */ | ||
| 1194 | |||
| 1182 | #ifdef AFS | 1195 | #ifdef AFS |
| 1183 | /* If machine has AFS, set process authentication group. */ | 1196 | /* If machine has AFS, set process authentication group. */ |
| 1184 | if (k_hasafs()) { | 1197 | if (k_hasafs()) { |
| @@ -1244,6 +1257,9 @@ do_authentication() | |||
| 1244 | get_canonical_hostname()); | 1257 | get_canonical_hostname()); |
| 1245 | } | 1258 | } |
| 1246 | /* The user has been authenticated and accepted. */ | 1259 | /* The user has been authenticated and accepted. */ |
| 1260 | #ifdef WITH_AIXAUTHENTICATE | ||
| 1261 | loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg); | ||
| 1262 | #endif /* WITH_AIXAUTHENTICATE */ | ||
| 1247 | packet_start(SSH_SMSG_SUCCESS); | 1263 | packet_start(SSH_SMSG_SUCCESS); |
| 1248 | packet_send(); | 1264 | packet_send(); |
| 1249 | packet_write_wait(); | 1265 | packet_write_wait(); |
| @@ -1498,8 +1514,7 @@ do_authloop(struct passwd * pw) | |||
| 1498 | 1514 | ||
| 1499 | if (authenticated) { | 1515 | if (authenticated) { |
| 1500 | #ifdef USE_PAM | 1516 | #ifdef USE_PAM |
| 1501 | if (!do_pam_account(pw->pw_name, client_user)) | 1517 | if (!do_pam_account(pw->pw_name, client_user)) { |
| 1502 | { | ||
| 1503 | if (client_user != NULL) | 1518 | if (client_user != NULL) |
| 1504 | xfree(client_user); | 1519 | xfree(client_user); |
| 1505 | 1520 | ||
| @@ -1582,6 +1597,11 @@ do_fake_authloop(char *user) | |||
| 1582 | packet_start(SSH_SMSG_FAILURE); | 1597 | packet_start(SSH_SMSG_FAILURE); |
| 1583 | packet_send(); | 1598 | packet_send(); |
| 1584 | packet_write_wait(); | 1599 | packet_write_wait(); |
| 1600 | #ifdef WITH_AIXAUTHENTICATE | ||
| 1601 | if (strncmp(get_authname(type),"password", | ||
| 1602 | strlen(get_authname(type))) == 0) | ||
| 1603 | loginfailed(pw->pw_name,get_canonical_hostname(),"ssh"); | ||
| 1604 | #endif /* WITH_AIXAUTHENTICATE */ | ||
| 1585 | } | 1605 | } |
| 1586 | /* NOTREACHED */ | 1606 | /* NOTREACHED */ |
| 1587 | abort(); | 1607 | abort(); |
| @@ -2423,6 +2443,18 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
| 2423 | if (display) | 2443 | if (display) |
| 2424 | child_set_env(&env, &envsize, "DISPLAY", display); | 2444 | child_set_env(&env, &envsize, "DISPLAY", display); |
| 2425 | 2445 | ||
| 2446 | #ifdef _AIX | ||
| 2447 | { | ||
| 2448 | char *authstate,*krb5cc; | ||
| 2449 | |||
| 2450 | if ((authstate = getenv("AUTHSTATE")) != NULL) | ||
| 2451 | child_set_env(&env,&envsize,"AUTHSTATE",authstate); | ||
| 2452 | |||
| 2453 | if ((krb5cc = getenv("KRB5CCNAME")) != NULL) | ||
| 2454 | child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc); | ||
| 2455 | } | ||
| 2456 | #endif | ||
| 2457 | |||
| 2426 | #ifdef KRB4 | 2458 | #ifdef KRB4 |
| 2427 | { | 2459 | { |
| 2428 | extern char *ticket; | 2460 | extern char *ticket; |
| @@ -2444,6 +2476,8 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
| 2444 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, | 2476 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
| 2445 | auth_get_socket_name()); | 2477 | auth_get_socket_name()); |
| 2446 | 2478 | ||
| 2479 | read_environment_file(&env,&envsize,"/etc/environment"); | ||
| 2480 | |||
| 2447 | /* read $HOME/.ssh/environment. */ | 2481 | /* read $HOME/.ssh/environment. */ |
| 2448 | if (!options.use_login) { | 2482 | if (!options.use_login) { |
| 2449 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); | 2483 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); |