From 33bc334a8bb6f20ca659f7d4f4669a04d54bd2e8 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 20 Jan 2005 22:07:29 +1100 Subject: - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 bytes to prevent errors from login_init_entry() when the username is exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ --- loginrec.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'loginrec.h') diff --git a/loginrec.h b/loginrec.h index 7f932c296..6b7233256 100644 --- a/loginrec.h +++ b/loginrec.h @@ -35,7 +35,7 @@ #include #include -/* RCSID("$Id: loginrec.h,v 1.7 2003/06/03 02:18:50 djm Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.8 2005/01/20 11:07:30 dtucker Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -62,7 +62,7 @@ union login_netinfo { /* string lengths - set very long */ #define LINFO_PROGSIZE 64 #define LINFO_LINESIZE 64 -#define LINFO_NAMESIZE 64 +#define LINFO_NAMESIZE 128 #define LINFO_HOSTSIZE 256 struct logininfo { -- cgit v1.2.3 From 42d9dc75ed2eefa6eeffc892f02eb164c1860603 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 17:10:11 +1100 Subject: - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] Make record_failed_login() call provide hostname rather than having the implementations having to do lookups themselves. Only affects AIX and UNICOS (the latter only uses the "user" parameter anyway). ok djm@ --- ChangeLog | 6 +++++- auth.c | 7 +++++-- loginrec.h | 4 +++- openbsd-compat/bsd-cray.c | 4 ++-- openbsd-compat/bsd-cray.h | 6 +++--- openbsd-compat/port-aix.c | 7 +------ openbsd-compat/port-aix.h | 3 +-- 7 files changed, 20 insertions(+), 17 deletions(-) (limited to 'loginrec.h') diff --git a/ChangeLog b/ChangeLog index eb897ec41..82758ca10 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ 20050202 - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}] + Make record_failed_login() call provide hostname rather than having the + implementations having to do lookups themselves. Only affects AIX and + UNICOS (the latter only uses the "user" parameter anyway). ok djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2055,4 +2059,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3629 2005/02/01 23:43:59 dtucker Exp $ +$Id: ChangeLog,v 1.3630 2005/02/02 06:10:11 dtucker Exp $ diff --git a/auth.c b/auth.c index 4698e3990..dfc1be374 100644 --- a/auth.c +++ b/auth.c @@ -50,6 +50,7 @@ RCSID("$OpenBSD: auth.c,v 1.57 2005/01/22 08:17:59 dtucker Exp $"); #include "misc.h" #include "bufaux.h" #include "packet.h" +#include "loginrec.h" /* import */ extern ServerOptions options; @@ -244,7 +245,8 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) #ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && strcmp(method, "password") == 0) - record_failed_login(authctxt->user, "ssh"); + record_failed_login(authctxt->user, + get_canonical_hostname(options.use_dns), "ssh"); #endif } @@ -468,7 +470,8 @@ getpwnamallow(const char *user) logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); #ifdef CUSTOM_FAILED_LOGIN - record_failed_login(user, "ssh"); + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); #endif return (NULL); } diff --git a/loginrec.h b/loginrec.h index 6b7233256..d1a12a853 100644 --- a/loginrec.h +++ b/loginrec.h @@ -35,7 +35,7 @@ #include #include -/* RCSID("$Id: loginrec.h,v 1.8 2005/01/20 11:07:30 dtucker Exp $"); */ +/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */ /** ** you should use the login_* calls to work around platform dependencies @@ -132,4 +132,6 @@ char *line_fullname(char *dst, const char *src, int dstsize); char *line_stripname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize); +void record_failed_login(const char *, const char *, const char *); + #endif /* _HAVE_LOGINREC_H_ */ diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index f630366be..d1f1c059c 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $ + * $Id: bsd-cray.c,v 1.14 2005/02/02 06:10:11 dtucker Exp $ * * bsd-cray.c * @@ -171,7 +171,7 @@ cray_access_denied(char *username) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { cray_login_failure((char *)user, IA_UDBERR); } diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index de6ba1a8d..774eceb5a 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,4 +1,4 @@ -/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */ +/* $Id: bsd-cray.h,v 1.12 2005/02/02 06:10:11 dtucker Exp $ */ /* * Copyright (c) 2002, Cray Inc. (Wendy Palm ) @@ -42,10 +42,10 @@ void cray_init_job(struct passwd *); void cray_job_termination_handler(int); void cray_login_failure(char *, int ); int cray_access_denied(char *); -#define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); extern char cray_tmpdir[]; +#define CUSTOM_FAILED_LOGIN 1 + #ifndef IA_SSHD # define IA_SSHD IA_LOGIN #endif diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index e7eb179ec..79d180211 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -28,8 +28,6 @@ #include "auth.h" #include "ssh.h" #include "log.h" -#include "servconf.h" -#include "canohost.h" #include "xmalloc.h" #include "buffer.h" @@ -38,7 +36,6 @@ #include #include "port-aix.h" -extern ServerOptions options; extern Buffer loginmsg; # ifdef HAVE_SETAUTHDB @@ -280,10 +277,8 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) * record_failed_login: generic "login failed" interface function */ void -record_failed_login(const char *user, const char *ttyname) +record_failed_login(const char *user, const char *hostname, const char *ttyname) { - char *hostname = (char *)get_canonical_hostname(options.use_dns); - if (geteuid() != 0) return; diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 29e9751ce..751139004 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.21 2004/08/14 14:09:12 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.22 2005/02/02 06:10:11 dtucker Exp $ */ /* * @@ -68,7 +68,6 @@ int sys_auth_allowed_user(struct passwd *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 int sys_auth_record_login(const char *, const char *, const char *); # define CUSTOM_FAILED_LOGIN 1 -void record_failed_login(const char *, const char *); #endif void aix_setauthdb(const char *); -- cgit v1.2.3