summaryrefslogtreecommitdiff
path: root/openbsd-compat
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2004-02-06 16:17:51 +1100
committerDarren Tucker <dtucker@zip.com.au>2004-02-06 16:17:51 +1100
commite45674ae8026b9399fc0778a7e964efbcd093689 (patch)
tree632cae57a5e429a8586661f07a7f592bc4b389ee /openbsd-compat
parentecc9d46dc53cddb5a220f89e6160b3ca6178bb9c (diff)
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls. Fixes problems with setpcred failing on accounts that use AFS or NIS password registries.
Diffstat (limited to 'openbsd-compat')
-rw-r--r--openbsd-compat/port-aix.c44
-rw-r--r--openbsd-compat/port-aix.h11
2 files changed, 43 insertions, 12 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index a9cbf49b..6fc2ef77 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -39,6 +39,10 @@
extern ServerOptions options;
extern Buffer loginmsg;
+# ifdef HAVE_SETAUTHDB
+static char old_registry[REGISTRY_SIZE] = "";
+# endif
+
/*
* AIX has a "usrinfo" area where logname and other stuff is stored -
* a few applications actually use this and die if it's not set
@@ -119,6 +123,7 @@ aix_authenticate(const char *name, const char *password, const char *host)
xfree(msg);
}
}
+ aix_restoreauthdb();
}
if (authmsg != NULL)
@@ -145,22 +150,21 @@ record_failed_login(const char *user, const char *ttyname)
# else
loginfailed((char *)user, hostname, (char *)ttyname);
# endif
+ aix_restoreauthdb();
}
# endif /* CUSTOM_FAILED_LOGIN */
/*
* If we have setauthdb, retrieve the password registry for the user's
- * account then feed it to setauthdb. This may load registry-specific method
- * code. If we don't have setauthdb or have already called it this is a no-op.
+ * account then feed it to setauthdb. This will mean that subsequent AIX auth
+ * functions will only use the specified loadable module. If we don't have
+ * setauthdb this is a no-op.
*/
void
aix_setauthdb(const char *user)
{
# ifdef HAVE_SETAUTHDB
- static char *registry = NULL;
-
- if (registry != NULL) /* have already done setauthdb */
- return;
+ char *registry;
if (setuserdb(S_READ) == -1) {
debug3("%s: Could not open userdb to read", __func__);
@@ -168,12 +172,11 @@ aix_setauthdb(const char *user)
}
if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
- if (setauthdb(registry, NULL) == 0)
- debug3("%s: AIX/setauthdb set registry %s", __func__,
- registry);
+ if (setauthdb(registry, old_registry) == 0)
+ debug3("AIX/setauthdb set registry '%s'", registry);
else
- debug3("%s: AIX/setauthdb set registry %s failed: %s",
- __func__, registry, strerror(errno));
+ debug3("AIX/setauthdb set registry '%s' failed: %s",
+ registry, strerror(errno));
} else
debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
strerror(errno));
@@ -181,6 +184,25 @@ aix_setauthdb(const char *user)
# endif /* HAVE_SETAUTHDB */
}
+/*
+ * Restore the user's registry settings from old_registry.
+ * Note that if the first aix_setauthdb fails, setauthdb("") is still safe
+ * (it restores the system default behaviour). If we don't have setauthdb,
+ * this is a no-op.
+ */
+void
+aix_restoreauthdb(void)
+{
+# ifdef HAVE_SETAUTHDB
+ if (setauthdb(old_registry, NULL) == 0)
+ debug3("%s: restoring old registry '%s'", __func__,
+ old_registry);
+ else
+ debug3("%s: failed to restore old registry %s", __func__,
+ old_registry);
+# endif /* HAVE_SETAUTHDB */
+}
+
# endif /* WITH_AIXAUTHENTICATE */
#endif /* _AIX */
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 975cdf05..930b3f24 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.16 2003/11/22 03:16:57 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.17 2004/02/06 05:17:52 dtucker Exp $ */
/*
*
@@ -51,6 +51,14 @@
# include <sys/timers.h>
#endif
+/*
+ * According to the setauthdb man page, AIX password registries must be 15
+ * chars or less plus terminating NUL.
+ */
+#ifdef HAVE_SETAUTHDB
+# define REGISTRY_SIZE 16
+#endif
+
void aix_usrinfo(struct passwd *);
#ifdef WITH_AIXAUTHENTICATE
@@ -60,5 +68,6 @@ void record_failed_login(const char *, const char *);
int aix_authenticate(const char *, const char *, const char *);
void aix_setauthdb(const char *);
+void aix_restoreauthdb(void);
void aix_remove_embedded_newlines(char *);
#endif /* _AIX */