]>
Commit | Line | Data |
---|---|---|
41b2f314 | 1 | /* |
2 | * | |
3 | * Copyright (c) 2001 Gert Doering. All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | |
13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | * | |
25 | */ | |
e9a17296 | 26 | #include "includes.h" |
0fff78ff | 27 | #include "ssh.h" |
28 | #include "log.h" | |
29 | #include "servconf.h" | |
e9a17296 | 30 | |
31 | #ifdef _AIX | |
32 | ||
e9a17296 | 33 | #include <uinfo.h> |
34 | #include <../xmalloc.h> | |
0fff78ff | 35 | #include "port-aix.h" |
36 | ||
37 | extern ServerOptions options; | |
e9a17296 | 38 | |
e9a17296 | 39 | /* |
41b2f314 | 40 | * AIX has a "usrinfo" area where logname and other stuff is stored - |
41 | * a few applications actually use this and die if it's not set | |
42 | * | |
43 | * NOTE: TTY= should be set, but since no one uses it and it's hard to | |
44 | * acquire due to privsep code. We will just drop support. | |
e9a17296 | 45 | */ |
46 | void | |
41b2f314 | 47 | aix_usrinfo(struct passwd *pw) |
e9a17296 | 48 | { |
49 | u_int i; | |
0fff78ff | 50 | size_t len; |
41b2f314 | 51 | char *cp; |
e9a17296 | 52 | |
0fff78ff | 53 | len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); |
54 | cp = xmalloc(len); | |
55 | ||
56 | i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', | |
57 | pw->pw_name, '\0'); | |
e9a17296 | 58 | if (usrinfo(SETUINFO, cp, i) == -1) |
59 | fatal("Couldn't set usrinfo: %s", strerror(errno)); | |
60 | debug3("AIX/UsrInfo: set len %d", i); | |
0fff78ff | 61 | |
e9a17296 | 62 | xfree(cp); |
63 | } | |
64 | ||
0fff78ff | 65 | #ifdef WITH_AIXAUTHENTICATE |
66 | /* | |
67 | * Remove embedded newlines in string (if any). | |
68 | * Used before logging messages returned by AIX authentication functions | |
69 | * so the message is logged on one line. | |
70 | */ | |
71 | void | |
72 | aix_remove_embedded_newlines(char *p) | |
73 | { | |
74 | if (p == NULL) | |
75 | return; | |
76 | ||
77 | for (; *p; p++) { | |
78 | if (*p == '\n') | |
79 | *p = ' '; | |
80 | } | |
81 | /* Remove trailing whitespace */ | |
82 | if (*--p == ' ') | |
83 | *p = '\0'; | |
84 | } | |
85 | #endif /* WITH_AIXAUTHENTICATE */ | |
86 | ||
87 | # ifdef CUSTOM_FAILED_LOGIN | |
88 | /* | |
89 | * record_failed_login: generic "login failed" interface function | |
90 | */ | |
91 | void | |
92 | record_failed_login(const char *user, const char *ttyname) | |
93 | { | |
94 | char *hostname = get_canonical_hostname(options.use_dns); | |
95 | ||
96 | if (geteuid() != 0) | |
97 | return; | |
98 | ||
99 | aix_setauthdb(user); | |
100 | # ifdef AIX_LOGINFAILED_4ARG | |
101 | loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); | |
102 | # else | |
103 | loginfailed((char *)user, hostname, (char *)ttyname); | |
104 | # endif | |
105 | } | |
106 | ||
107 | /* | |
108 | * If we have setauthdb, retrieve the password registry for the user's | |
109 | * account then feed it to setauthdb. This may load registry-specific method | |
110 | * code. If we don't have setauthdb or have already called it this is a no-op. | |
111 | */ | |
112 | void | |
113 | aix_setauthdb(const char *user) | |
114 | { | |
115 | # ifdef HAVE_SETAUTHDB | |
116 | static char *registry = NULL; | |
117 | ||
118 | if (registry != NULL) /* have already done setauthdb */ | |
119 | return; | |
120 | ||
121 | if (setuserdb(S_READ) == -1) { | |
122 | debug3("%s: Could not open userdb to read", __func__); | |
123 | return; | |
124 | } | |
125 | ||
126 | if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { | |
127 | if (setauthdb(registry, NULL) == 0) | |
128 | debug3("%s: AIX/setauthdb set registry %s", __func__, | |
129 | registry); | |
130 | else | |
131 | debug3("%s: AIX/setauthdb set registry %s failed: %s", | |
132 | __func__, registry, strerror(errno)); | |
133 | } else | |
134 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, | |
135 | strerror(errno)); | |
136 | enduserdb(); | |
137 | # endif | |
138 | } | |
139 | # endif /* CUSTOM_FAILED_LOGIN */ | |
e9a17296 | 140 | #endif /* _AIX */ |
141 |