summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2003-07-14 16:41:55 +1000
committerDarren Tucker <dtucker@zip.com.au>2003-07-14 16:41:55 +1000
commitfc3454ee6752333ce7af349b71be12aa9cbe4fcc (patch)
treeb20e59100fd141acf577c7a9d29b4ded590240ea
parent30317e37e4c3ba6b0a7c0b21f17760e4f45a6b12 (diff)
- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
Call setauthdb() before loginfailed(), which may load password registry- specific functions. Based on patch by cawlfiel@us.ibm.com.
-rw-r--r--CREDITS3
-rw-r--r--ChangeLog5
-rw-r--r--configure.ac3
-rw-r--r--openbsd-compat/port-aix.c38
-rw-r--r--openbsd-compat/port-aix.h1
5 files changed, 47 insertions, 3 deletions
diff --git a/CREDITS b/CREDITS
index 6434e5d3..d52c7cbc 100644
--- a/CREDITS
+++ b/CREDITS
@@ -49,6 +49,7 @@ Juergen Keil <jk@tools.de> - scp bugfixing
KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
Kees Cook <cook@cpoint.net> - scp fixes
Kenji Miyake <kenji@miyake.org> - Configure fixes
+Kevin Cawlfield <cawlfiel@us.ibm.com> - AIX fixes.
Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation
Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements
Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
@@ -92,5 +93,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
-$Id: CREDITS,v 1.69 2003/06/28 04:27:29 dtucker Exp $
+$Id: CREDITS,v 1.70 2003/07/14 06:41:55 dtucker Exp $
diff --git a/ChangeLog b/ChangeLog
index 884dd636..28003b96 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
loginfailed at all, so assume 3-arg loginfailed if not declared.
- (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
undef'ing it.
+ - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
+ Call setauthdb() before loginfailed(), which may load password registry-
+ specific functions. Based on patch by cawlfiel@us.ibm.com.
20030708
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
@@ -676,4 +679,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2851 2003/07/14 06:26:51 dtucker Exp $
+$Id: ChangeLog,v 1.2852 2003/07/14 06:41:55 dtucker Exp $
diff --git a/configure.ac b/configure.ac
index 8a23469a..516a2443 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.133 2003/07/14 06:21:44 dtucker Exp $
+# $Id: configure.ac,v 1.134 2003/07/14 06:41:55 dtucker Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@@ -95,6 +95,7 @@ case "$host" in
[],
[#include <usersec.h>]
)
+ AC_CHECK_FUNCS(setauthdb)
AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 56292372..7a981634 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -32,6 +32,7 @@
#include <uinfo.h>
#include <../xmalloc.h>
+#include "port-aix.h"
extern ServerOptions options;
@@ -92,12 +93,49 @@ record_failed_login(const char *user, const char *ttyname)
{
char *hostname = get_canonical_hostname(options.use_dns);
+ if (geteuid() != 0)
+ return;
+
+ aix_setauthdb(user);
# ifdef AIX_LOGINFAILED_4ARG
loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
# else
loginfailed((char *)user, hostname, (char *)ttyname);
# endif
}
+
+/*
+ * If we have setauthdb, retrieve the password registry for the user's
+ * account then feed it to setauthdb. This may load registry-specific method
+ * code. If we don't have setauthdb or have already called it this is a no-op.
+ */
+void
+aix_setauthdb(const char *user)
+{
+# ifdef HAVE_SETAUTHDB
+ static char *registry = NULL;
+
+ if (registry != NULL) /* have already done setauthdb */
+ return;
+
+ if (setuserdb(S_READ) == -1) {
+ debug3("%s: Could not open userdb to read", __func__);
+ return;
+ }
+
+ if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
+ if (setauthdb(registry, NULL) == 0)
+ debug3("%s: AIX/setauthdb set registry %s", __func__,
+ registry);
+ else
+ debug3("%s: AIX/setauthdb set registry %s failed: %s",
+ __func__, registry, strerror(errno));
+ } else
+ debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
+ strerror(errno));
+ enduserdb();
+# endif
+}
# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 2e5def54..25ceb5b1 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -53,6 +53,7 @@
#ifdef WITH_AIXAUTHENTICATE
# define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *user, const char *ttyname);
+void aix_setauthdb(const char *);
#endif
void aix_usrinfo(struct passwd *pw);