summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--auth.c15
-rw-r--r--auth1.c2
-rw-r--r--auth2.c4
-rw-r--r--openbsd-compat/bsd-cray.c10
-rw-r--r--openbsd-compat/bsd-cray.h4
-rw-r--r--openbsd-compat/port-aix.c16
-rw-r--r--openbsd-compat/port-aix.h5
8 files changed, 41 insertions, 19 deletions
diff --git a/ChangeLog b/ChangeLog
index a3bf76549..c850954be 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
120030502 120030502
2 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels, 2 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
3 privsep should now work. 3 privsep should now work.
4 - (dtucker) Move handling of bad password authentications into a platform
5 specific record_failed_login() function (affects AIX & Unicos).
4 6
520030429 720030429
6 - (djm) Add back radix.o (used by AFS support), after it went missing from 8 - (djm) Add back radix.o (used by AFS support), after it went missing from
@@ -1360,4 +1362,4 @@
1360 save auth method before monitor_reset_key_state(); bugzilla bug #284; 1362 save auth method before monitor_reset_key_state(); bugzilla bug #284;
1361 ok provos@ 1363 ok provos@
1362 1364
1363$Id: ChangeLog,v 1.2665 2003/05/02 10:48:21 dtucker Exp $ 1365$Id: ChangeLog,v 1.2666 2003/05/02 13:42:25 dtucker Exp $
diff --git a/auth.c b/auth.c
index ba26034d5..10f7b2a1f 100644
--- a/auth.c
+++ b/auth.c
@@ -268,13 +268,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
268 get_remote_port(), 268 get_remote_port(),
269 info); 269 info);
270 270
271#ifdef WITH_AIXAUTHENTICATE 271#ifdef CUSTOM_FAILED_LOGIN
272 if (authenticated == 0 && strcmp(method, "password") == 0) 272 if (authenticated == 0 && strcmp(method, "password") == 0)
273 loginfailed(authctxt->user, 273 record_failed_login(authctxt->user, "ssh");
274 get_canonical_hostname(options.verify_reverse_mapping), 274#endif
275 "ssh");
276#endif /* WITH_AIXAUTHENTICATE */
277
278} 275}
279 276
280/* 277/*
@@ -496,10 +493,8 @@ getpwnamallow(const char *user)
496 if (pw == NULL) { 493 if (pw == NULL) {
497 logit("Illegal user %.100s from %.100s", 494 logit("Illegal user %.100s from %.100s",
498 user, get_remote_ipaddr()); 495 user, get_remote_ipaddr());
499#ifdef WITH_AIXAUTHENTICATE 496#ifdef CUSTOM_FAILED_LOGIN
500 loginfailed(user, 497 record_failed_login(user, "ssh");
501 get_canonical_hostname(options.verify_reverse_mapping),
502 "ssh");
503#endif 498#endif
504 return (NULL); 499 return (NULL);
505 } 500 }
diff --git a/auth1.c b/auth1.c
index 7b40d70f4..e7d744f6e 100644
--- a/auth1.c
+++ b/auth1.c
@@ -311,8 +311,6 @@ do_authloop(Authctxt *authctxt)
311 authctxt->user); 311 authctxt->user);
312 312
313#ifdef _UNICOS 313#ifdef _UNICOS
314 if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
315 cray_login_failure(authctxt->user, IA_UDBERR);
316 if (authenticated && cray_access_denied(authctxt->user)) { 314 if (authenticated && cray_access_denied(authctxt->user)) {
317 authenticated = 0; 315 authenticated = 0;
318 fatal("Access denied for user %s.",authctxt->user); 316 fatal("Access denied for user %s.",authctxt->user);
diff --git a/auth2.c b/auth2.c
index 9c4919969..ee6931810 100644
--- a/auth2.c
+++ b/auth2.c
@@ -240,10 +240,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
240 } else { 240 } else {
241 if (authctxt->failures++ > AUTH_FAIL_MAX) 241 if (authctxt->failures++ > AUTH_FAIL_MAX)
242 packet_disconnect(AUTH_FAIL_MSG, authctxt->user); 242 packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
243#ifdef _UNICOS
244 if (strcmp(method, "password") == 0)
245 cray_login_failure(authctxt->user, IA_UDBERR);
246#endif /* _UNICOS */
247 methods = authmethods_get(); 243 methods = authmethods_get();
248 packet_start(SSH2_MSG_USERAUTH_FAILURE); 244 packet_start(SSH2_MSG_USERAUTH_FAILURE);
249 packet_put_cstring(methods); 245 packet_put_cstring(methods);
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
index edb3112b3..4875af868 100644
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ 2 * $Id: bsd-cray.c,v 1.9 2003/05/02 13:42:25 dtucker Exp $
3 * 3 *
4 * bsd-cray.c 4 * bsd-cray.c
5 * 5 *
@@ -143,6 +143,14 @@ cray_access_denied(char *username)
143 return (errcode); 143 return (errcode);
144} 144}
145 145
146/*
147 * record_failed_login: generic "login failed" interface function
148 */
149record_failed_login(const char *user, const char *ttyname)
150{
151 cray_login_failure((char *)user, IA_UDBERR);
152}
153
146int 154int
147cray_setup (uid_t uid, char *username, const char *command) 155cray_setup (uid_t uid, char *username, const char *command)
148{ 156{
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
index a09954f2f..d2489f4bf 100644
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $ 2 * $Id: bsd-cray.h,v 1.8 2003/05/02 13:42:25 dtucker Exp $
3 * 3 *
4 * bsd-cray.h 4 * bsd-cray.h
5 * 5 *
@@ -42,6 +42,8 @@ void cray_init_job(struct passwd *); /* init cray job */
42void cray_job_termination_handler(int); /* process end of job signal */ 42void cray_job_termination_handler(int); /* process end of job signal */
43void cray_login_failure(char *username, int errcode); 43void cray_login_failure(char *username, int errcode);
44int cray_access_denied(char *username); 44int cray_access_denied(char *username);
45#define CUSTOM_FAILED_LOGIN 1
46void record_failed_login(const char *user, const char *ttyname);
45extern char cray_tmpdir[]; /* cray tmpdir */ 47extern char cray_tmpdir[]; /* cray tmpdir */
46#ifndef IA_SSHD 48#ifndef IA_SSHD
47#define IA_SSHD IA_LOGIN 49#define IA_SSHD IA_LOGIN
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 4c96a3171..cddc0907f 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -24,12 +24,17 @@
24 * 24 *
25 */ 25 */
26#include "includes.h" 26#include "includes.h"
27#include "ssh.h"
28#include "log.h"
29#include "servconf.h"
27 30
28#ifdef _AIX 31#ifdef _AIX
29 32
30#include <uinfo.h> 33#include <uinfo.h>
31#include <../xmalloc.h> 34#include <../xmalloc.h>
32 35
36extern ServerOptions options;
37
33/* 38/*
34 * AIX has a "usrinfo" area where logname and other stuff is stored - 39 * AIX has a "usrinfo" area where logname and other stuff is stored -
35 * a few applications actually use this and die if it's not set 40 * a few applications actually use this and die if it's not set
@@ -52,5 +57,16 @@ aix_usrinfo(struct passwd *pw)
52 xfree(cp); 57 xfree(cp);
53} 58}
54 59
60# ifdef CUSTOM_FAILED_LOGIN
61/*
62 * record_failed_login: generic "login failed" interface function
63 */
64void
65record_failed_login(const char *user, const char *ttyname)
66{
67 loginfailed(user,
68 get_canonical_hostname(options.verify_reverse_mapping), ttyname);
69}
70# endif /* CUSTOM_FAILED_LOGIN */
55#endif /* _AIX */ 71#endif /* _AIX */
56 72
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 4abe00316..2254e7462 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -36,5 +36,10 @@
36# include <sys/timers.h> 36# include <sys/timers.h>
37#endif 37#endif
38 38
39#ifdef WITH_AIXAUTHENTICATE
40# define CUSTOM_FAILED_LOGIN 1
41void record_failed_login(const char *user, const char *ttyname);
42#endif
43
39void aix_usrinfo(struct passwd *pw); 44void aix_usrinfo(struct passwd *pw);
40#endif /* _AIX */ 45#endif /* _AIX */