From fc3454ee6752333ce7af349b71be12aa9cbe4fcc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 14 Jul 2003 16:41:55 +1000 Subject: - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h] Call setauthdb() before loginfailed(), which may load password registry- specific functions. Based on patch by cawlfiel@us.ibm.com. --- openbsd-compat/port-aix.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'openbsd-compat/port-aix.c') diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 562923720..7a981634b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -32,6 +32,7 @@ #include #include <../xmalloc.h> +#include "port-aix.h" extern ServerOptions options; @@ -92,12 +93,49 @@ record_failed_login(const char *user, const char *ttyname) { char *hostname = get_canonical_hostname(options.use_dns); + if (geteuid() != 0) + return; + + aix_setauthdb(user); # ifdef AIX_LOGINFAILED_4ARG loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); # else loginfailed((char *)user, hostname, (char *)ttyname); # endif } + +/* + * If we have setauthdb, retrieve the password registry for the user's + * account then feed it to setauthdb. This may load registry-specific method + * code. If we don't have setauthdb or have already called it this is a no-op. + */ +void +aix_setauthdb(const char *user) +{ +# ifdef HAVE_SETAUTHDB + static char *registry = NULL; + + if (registry != NULL) /* have already done setauthdb */ + return; + + if (setuserdb(S_READ) == -1) { + debug3("%s: Could not open userdb to read", __func__); + return; + } + + if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { + if (setauthdb(registry, NULL) == 0) + debug3("%s: AIX/setauthdb set registry %s", __func__, + registry); + else + debug3("%s: AIX/setauthdb set registry %s failed: %s", + __func__, registry, strerror(errno)); + } else + debug3("%s: Could not read S_REGISTRY for user: %s", __func__, + strerror(errno)); + enduserdb(); +# endif +} # endif /* CUSTOM_FAILED_LOGIN */ #endif /* _AIX */ -- cgit v1.2.3