mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-22 10:00:14 +00:00
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call authenticate() until reenter flag is clear.
This commit is contained in:
parent
0eae442235
commit
d76341616d
@ -1,5 +1,8 @@
|
||||
20031122
|
||||
- (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@
|
||||
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
|
||||
Move AIX specific password authentication code to port-aix.c, call
|
||||
authenticate() until reenter flag is clear.
|
||||
|
||||
20031121
|
||||
- (djm) OpenBSD CVS Sync
|
||||
@ -1501,4 +1504,4 @@
|
||||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3120 2003/11/22 03:10:02 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3121 2003/11/22 03:16:56 dtucker Exp $
|
||||
|
@ -43,9 +43,7 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $");
|
||||
#include "servconf.h"
|
||||
#include "auth.h"
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
# include "buffer.h"
|
||||
# include "canohost.h"
|
||||
extern Buffer loginmsg;
|
||||
#endif
|
||||
|
||||
extern ServerOptions options;
|
||||
@ -89,44 +87,11 @@ auth_password(Authctxt *authctxt, const char *password)
|
||||
}
|
||||
# endif
|
||||
# ifdef WITH_AIXAUTHENTICATE
|
||||
{
|
||||
char *authmsg = NULL;
|
||||
int reenter = 1;
|
||||
int authsuccess = 0;
|
||||
|
||||
if (authenticate(pw->pw_name, password, &reenter,
|
||||
&authmsg) == 0 && ok) {
|
||||
char *msg;
|
||||
char *host =
|
||||
(char *)get_canonical_hostname(options.use_dns);
|
||||
|
||||
authsuccess = 1;
|
||||
aix_remove_embedded_newlines(authmsg);
|
||||
|
||||
debug3("AIX/authenticate succeeded for user %s: %.100s",
|
||||
pw->pw_name, authmsg);
|
||||
|
||||
/* No pty yet, so just label the line as "ssh" */
|
||||
aix_setauthdb(authctxt->user);
|
||||
if (loginsuccess(authctxt->user, host, "ssh",
|
||||
&msg) == 0) {
|
||||
if (msg != NULL) {
|
||||
debug("%s: msg %s", __func__, msg);
|
||||
buffer_append(&loginmsg, msg,
|
||||
strlen(msg));
|
||||
xfree(msg);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
debug3("AIX/authenticate failed for user %s: %.100s",
|
||||
pw->pw_name, authmsg);
|
||||
}
|
||||
|
||||
if (authmsg != NULL)
|
||||
xfree(authmsg);
|
||||
|
||||
return authsuccess;
|
||||
}
|
||||
if (aix_authenticate(pw->pw_name, password,
|
||||
get_canonical_hostname(options.use_dns)) == 0)
|
||||
return 0;
|
||||
else
|
||||
return ok;
|
||||
# endif
|
||||
# ifdef BSD_AUTH
|
||||
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
|
||||
|
@ -29,6 +29,7 @@
|
||||
#include "servconf.h"
|
||||
#include "canohost.h"
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
|
||||
#ifdef _AIX
|
||||
|
||||
@ -36,6 +37,7 @@
|
||||
#include "port-aix.h"
|
||||
|
||||
extern ServerOptions options;
|
||||
extern Buffer loginmsg;
|
||||
|
||||
/*
|
||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||
@ -63,7 +65,7 @@ aix_usrinfo(struct passwd *pw)
|
||||
xfree(cp);
|
||||
}
|
||||
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
# ifdef WITH_AIXAUTHENTICATE
|
||||
/*
|
||||
* Remove embedded newlines in string (if any).
|
||||
* Used before logging messages returned by AIX authentication functions
|
||||
@ -83,27 +85,68 @@ aix_remove_embedded_newlines(char *p)
|
||||
if (*--p == ' ')
|
||||
*p = '\0';
|
||||
}
|
||||
#endif /* WITH_AIXAUTHENTICATE */
|
||||
|
||||
# ifdef CUSTOM_FAILED_LOGIN
|
||||
/*
|
||||
* Do authentication via AIX's authenticate routine. We loop until the
|
||||
* reenter parameter is 0, but normally authenticate is called only once.
|
||||
*
|
||||
* Note: this function returns 1 on success, whereas AIX's authenticate()
|
||||
* returns 0.
|
||||
*/
|
||||
int
|
||||
aix_authenticate(const char *name, const char *password, const char *host)
|
||||
{
|
||||
char *authmsg = NULL, *msg;
|
||||
int authsuccess = 0, reenter, result;
|
||||
|
||||
do {
|
||||
result = authenticate((char *)name, (char *)password, &reenter,
|
||||
&authmsg);
|
||||
aix_remove_embedded_newlines(authmsg);
|
||||
debug3("AIX/authenticate result %d, msg %.100s", result,
|
||||
authmsg);
|
||||
} while (reenter);
|
||||
|
||||
if (result == 0) {
|
||||
authsuccess = 1;
|
||||
|
||||
/* No pty yet, so just label the line as "ssh" */
|
||||
aix_setauthdb(name);
|
||||
if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
|
||||
if (msg != NULL) {
|
||||
debug("%s: msg %s", __func__, msg);
|
||||
buffer_append(&loginmsg, msg, strlen(msg));
|
||||
xfree(msg);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (authmsg != NULL)
|
||||
xfree(authmsg);
|
||||
|
||||
return authsuccess;
|
||||
}
|
||||
|
||||
# ifdef CUSTOM_FAILED_LOGIN
|
||||
/*
|
||||
* record_failed_login: generic "login failed" interface function
|
||||
*/
|
||||
void
|
||||
record_failed_login(const char *user, const char *ttyname)
|
||||
{
|
||||
char *hostname = get_canonical_hostname(options.use_dns);
|
||||
char *hostname = (char *)get_canonical_hostname(options.use_dns);
|
||||
|
||||
if (geteuid() != 0)
|
||||
return;
|
||||
|
||||
aix_setauthdb(user);
|
||||
# ifdef AIX_LOGINFAILED_4ARG
|
||||
# ifdef AIX_LOGINFAILED_4ARG
|
||||
loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
|
||||
# else
|
||||
# else
|
||||
loginfailed((char *)user, hostname, (char *)ttyname);
|
||||
# endif
|
||||
# endif
|
||||
}
|
||||
# endif /* CUSTOM_FAILED_LOGIN */
|
||||
|
||||
/*
|
||||
* If we have setauthdb, retrieve the password registry for the user's
|
||||
@ -135,8 +178,9 @@ aix_setauthdb(const char *user)
|
||||
debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
|
||||
strerror(errno));
|
||||
enduserdb();
|
||||
# endif
|
||||
# endif /* HAVE_SETAUTHDB */
|
||||
}
|
||||
# endif /* CUSTOM_FAILED_LOGIN */
|
||||
#endif /* _AIX */
|
||||
|
||||
# endif /* WITH_AIXAUTHENTICATE */
|
||||
|
||||
#endif /* _AIX */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: port-aix.h,v 1.15 2003/09/19 10:43:38 dtucker Exp $ */
|
||||
/* $Id: port-aix.h,v 1.16 2003/11/22 03:16:57 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
@ -51,12 +51,14 @@
|
||||
# include <sys/timers.h>
|
||||
#endif
|
||||
|
||||
void aix_usrinfo(struct passwd *);
|
||||
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
# define CUSTOM_FAILED_LOGIN 1
|
||||
void record_failed_login(const char *, const char *);
|
||||
void aix_setauthdb(const char *);
|
||||
#endif
|
||||
|
||||
void aix_usrinfo(struct passwd *);
|
||||
int aix_authenticate(const char *, const char *, const char *);
|
||||
void aix_setauthdb(const char *);
|
||||
void aix_remove_embedded_newlines(char *);
|
||||
#endif /* _AIX */
|
||||
|
Loading…
Reference in New Issue
Block a user