- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]

Call setauthdb() before loginfailed(), which may load password registry-
   specific functions.  Based on patch by cawlfiel@us.ibm.com.
This commit is contained in:
Darren Tucker 2003-07-14 16:41:55 +10:00
parent 30317e37e4
commit fc3454ee67
5 changed files with 47 additions and 3 deletions

View File

@ -49,6 +49,7 @@ Juergen Keil <jk@tools.de> - scp bugfixing
KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
Kees Cook <cook@cpoint.net> - scp fixes
Kenji Miyake <kenji@miyake.org> - Configure fixes
Kevin Cawlfield <cawlfiel@us.ibm.com> - AIX fixes.
Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation
Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements
Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
@ -92,5 +93,5 @@ Apologies to anyone I have missed.
Damien Miller <djm@mindrot.org>
$Id: CREDITS,v 1.69 2003/06/28 04:27:29 dtucker Exp $
$Id: CREDITS,v 1.70 2003/07/14 06:41:55 dtucker Exp $

View File

@ -3,6 +3,9 @@
loginfailed at all, so assume 3-arg loginfailed if not declared.
- (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
undef'ing it.
- (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
Call setauthdb() before loginfailed(), which may load password registry-
specific functions. Based on patch by cawlfiel@us.ibm.com.
20030708
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
@ -676,4 +679,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.2851 2003/07/14 06:26:51 dtucker Exp $
$Id: ChangeLog,v 1.2852 2003/07/14 06:41:55 dtucker Exp $

View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.133 2003/07/14 06:21:44 dtucker Exp $
# $Id: configure.ac,v 1.134 2003/07/14 06:41:55 dtucker Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@ -95,6 +95,7 @@ case "$host" in
[],
[#include <usersec.h>]
)
AC_CHECK_FUNCS(setauthdb)
AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message

View File

@ -32,6 +32,7 @@
#include <uinfo.h>
#include <../xmalloc.h>
#include "port-aix.h"
extern ServerOptions options;
@ -92,12 +93,49 @@ record_failed_login(const char *user, const char *ttyname)
{
char *hostname = get_canonical_hostname(options.use_dns);
if (geteuid() != 0)
return;
aix_setauthdb(user);
# ifdef AIX_LOGINFAILED_4ARG
loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
# else
loginfailed((char *)user, hostname, (char *)ttyname);
# endif
}
/*
* If we have setauthdb, retrieve the password registry for the user's
* account then feed it to setauthdb. This may load registry-specific method
* code. If we don't have setauthdb or have already called it this is a no-op.
*/
void
aix_setauthdb(const char *user)
{
# ifdef HAVE_SETAUTHDB
static char *registry = NULL;
if (registry != NULL) /* have already done setauthdb */
return;
if (setuserdb(S_READ) == -1) {
debug3("%s: Could not open userdb to read", __func__);
return;
}
if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
if (setauthdb(registry, NULL) == 0)
debug3("%s: AIX/setauthdb set registry %s", __func__,
registry);
else
debug3("%s: AIX/setauthdb set registry %s failed: %s",
__func__, registry, strerror(errno));
} else
debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
strerror(errno));
enduserdb();
# endif
}
# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */

View File

@ -53,6 +53,7 @@
#ifdef WITH_AIXAUTHENTICATE
# define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *user, const char *ttyname);
void aix_setauthdb(const char *);
#endif
void aix_usrinfo(struct passwd *pw);