]>
Commit | Line | Data |
---|---|---|
d03f4262 | 1 | /* |
2 | * | |
3 | * Copyright (c) 2001 Gert Doering. All rights reserved. | |
e74dc197 | 4 | * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved. |
d03f4262 | 5 | * |
6 | * Redistribution and use in source and binary forms, with or without | |
7 | * modification, are permitted provided that the following conditions | |
8 | * are met: | |
9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | |
14 | * | |
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
25 | * | |
26 | */ | |
d832c38e | 27 | #include "includes.h" |
30460aeb | 28 | |
29 | #include "xmalloc.h" | |
30 | #include "buffer.h" | |
31 | #include "key.h" | |
32 | #include "hostfile.h" | |
540d72c3 | 33 | #include "auth.h" |
7cac2b65 | 34 | #include "ssh.h" |
35 | #include "log.h" | |
d832c38e | 36 | |
37 | #ifdef _AIX | |
38 | ||
30460aeb | 39 | #include <errno.h> |
40 | #if defined(HAVE_NETDB_H) | |
41 | # include <netdb.h> | |
42 | #endif | |
d832c38e | 43 | #include <uinfo.h> |
30460aeb | 44 | #include <stdarg.h> |
45 | #include <string.h> | |
46 | #include <unistd.h> | |
dfddba3d | 47 | #include <sys/socket.h> |
30460aeb | 48 | |
49 | #ifdef WITH_AIXAUTHENTICATE | |
50 | # include <login.h> | |
51 | # include <userpw.h> | |
52 | # if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG) | |
8c8b185b | 53 | # undef T_NULL |
30460aeb | 54 | # include <sys/audit.h> |
55 | # endif | |
56 | # include <usersec.h> | |
57 | #endif | |
58 | ||
7cac2b65 | 59 | #include "port-aix.h" |
60 | ||
b5afdff5 | 61 | static char *lastlogin_msg = NULL; |
62 | ||
540d72c3 | 63 | # ifdef HAVE_SETAUTHDB |
64 | static char old_registry[REGISTRY_SIZE] = ""; | |
65 | # endif | |
d832c38e | 66 | |
d832c38e | 67 | /* |
2ce0bfe4 | 68 | * AIX has a "usrinfo" area where logname and other stuff is stored - |
d03f4262 | 69 | * a few applications actually use this and die if it's not set |
70 | * | |
71 | * NOTE: TTY= should be set, but since no one uses it and it's hard to | |
72 | * acquire due to privsep code. We will just drop support. | |
d832c38e | 73 | */ |
74 | void | |
d03f4262 | 75 | aix_usrinfo(struct passwd *pw) |
d832c38e | 76 | { |
77 | u_int i; | |
7cac2b65 | 78 | size_t len; |
d03f4262 | 79 | char *cp; |
d832c38e | 80 | |
7cac2b65 | 81 | len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); |
82 | cp = xmalloc(len); | |
83 | ||
2ce0bfe4 | 84 | i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', |
7cac2b65 | 85 | pw->pw_name, '\0'); |
d832c38e | 86 | if (usrinfo(SETUINFO, cp, i) == -1) |
87 | fatal("Couldn't set usrinfo: %s", strerror(errno)); | |
88 | debug3("AIX/UsrInfo: set len %d", i); | |
7cac2b65 | 89 | |
d832c38e | 90 | xfree(cp); |
91 | } | |
92 | ||
540d72c3 | 93 | # ifdef WITH_AIXAUTHENTICATE |
7cac2b65 | 94 | /* |
95 | * Remove embedded newlines in string (if any). | |
96 | * Used before logging messages returned by AIX authentication functions | |
97 | * so the message is logged on one line. | |
98 | */ | |
99 | void | |
100 | aix_remove_embedded_newlines(char *p) | |
101 | { | |
102 | if (p == NULL) | |
103 | return; | |
104 | ||
105 | for (; *p; p++) { | |
106 | if (*p == '\n') | |
107 | *p = ' '; | |
108 | } | |
109 | /* Remove trailing whitespace */ | |
110 | if (*--p == ' ') | |
111 | *p = '\0'; | |
112 | } | |
540d72c3 | 113 | |
dfddba3d | 114 | /* |
115 | * Test specifically for the case where SYSTEM == NONE and AUTH1 contains | |
116 | * anything other than NONE or SYSTEM, which indicates that the admin has | |
117 | * configured the account for purely AUTH1-type authentication. | |
118 | * | |
119 | * Since authenticate() doesn't check AUTH1, and sshd can't sanely support | |
120 | * AUTH1 itself, in such a case authenticate() will allow access without | |
121 | * authentation, which is almost certainly not what the admin intends. | |
122 | * | |
123 | * (The native tools, eg login, will process the AUTH1 list in addition to | |
124 | * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods | |
125 | * have been deprecated since AIX 4.2.x and would be very difficult for sshd | |
126 | * to support. | |
127 | * | |
128 | * Returns 0 if an unsupportable combination is found, 1 otherwise. | |
129 | */ | |
130 | static int | |
131 | aix_valid_authentications(const char *user) | |
132 | { | |
133 | char *auth1, *sys, *p; | |
134 | int valid = 1; | |
135 | ||
136 | if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { | |
137 | logit("Can't retrieve attribute SYSTEM for %s: %.100s", | |
138 | user, strerror(errno)); | |
139 | return 0; | |
140 | } | |
141 | ||
142 | debug3("AIX SYSTEM attribute %s", sys); | |
143 | if (strcmp(sys, "NONE") != 0) | |
144 | return 1; /* not "NONE", so is OK */ | |
145 | ||
146 | if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { | |
147 | logit("Can't retrieve attribute auth1 for %s: %.100s", | |
148 | user, strerror(errno)); | |
149 | return 0; | |
150 | } | |
151 | ||
152 | p = auth1; | |
153 | /* A SEC_LIST is concatenated strings, ending with two NULs. */ | |
154 | while (p[0] != '\0' && p[1] != '\0') { | |
155 | debug3("AIX auth1 attribute list member %s", p); | |
156 | if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { | |
157 | logit("Account %s has unsupported auth1 value '%s'", | |
158 | user, p); | |
159 | valid = 0; | |
160 | } | |
161 | p += strlen(p) + 1; | |
162 | } | |
163 | ||
164 | return (valid); | |
165 | } | |
166 | ||
540d72c3 | 167 | /* |
168 | * Do authentication via AIX's authenticate routine. We loop until the | |
169 | * reenter parameter is 0, but normally authenticate is called only once. | |
170 | * | |
171 | * Note: this function returns 1 on success, whereas AIX's authenticate() | |
172 | * returns 0. | |
173 | */ | |
174 | int | |
8b32eddc | 175 | sys_auth_passwd(Authctxt *ctxt, const char *password) |
540d72c3 | 176 | { |
2ce0bfe4 | 177 | char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; |
540d72c3 | 178 | int authsuccess = 0, expired, reenter, result; |
179 | ||
180 | do { | |
181 | result = authenticate((char *)name, (char *)password, &reenter, | |
182 | &authmsg); | |
183 | aix_remove_embedded_newlines(authmsg); | |
2ce0bfe4 | 184 | debug3("AIX/authenticate result %d, authmsg %.100s", result, |
540d72c3 | 185 | authmsg); |
186 | } while (reenter); | |
187 | ||
dfddba3d | 188 | if (!aix_valid_authentications(name)) |
189 | result = -1; | |
190 | ||
540d72c3 | 191 | if (result == 0) { |
192 | authsuccess = 1; | |
193 | ||
2ce0bfe4 | 194 | /* |
540d72c3 | 195 | * Record successful login. We don't have a pty yet, so just |
196 | * label the line as "ssh" | |
197 | */ | |
198 | aix_setauthdb(name); | |
540d72c3 | 199 | |
200 | /* | |
201 | * Check if the user's password is expired. | |
202 | */ | |
7e82606e | 203 | expired = passwdexpired(name, &msg); |
204 | if (msg && *msg) { | |
8b32eddc | 205 | buffer_append(ctxt->loginmsg, msg, strlen(msg)); |
7e82606e | 206 | aix_remove_embedded_newlines(msg); |
207 | } | |
208 | debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); | |
540d72c3 | 209 | |
210 | switch (expired) { | |
211 | case 0: /* password not expired */ | |
212 | break; | |
213 | case 1: /* expired, password change required */ | |
214 | ctxt->force_pwchange = 1; | |
540d72c3 | 215 | break; |
216 | default: /* user can't change(2) or other error (-1) */ | |
217 | logit("Password can't be changed for user %s: %.100s", | |
218 | name, msg); | |
219 | if (msg) | |
220 | xfree(msg); | |
221 | authsuccess = 0; | |
222 | } | |
223 | ||
224 | aix_restoreauthdb(); | |
225 | } | |
226 | ||
227 | if (authmsg != NULL) | |
228 | xfree(authmsg); | |
229 | ||
230 | return authsuccess; | |
231 | } | |
7e82606e | 232 | |
233 | /* | |
234 | * Check if specified account is permitted to log in. | |
235 | * Returns 1 if login is allowed, 0 if not allowed. | |
236 | */ | |
237 | int | |
dfddba3d | 238 | sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) |
7e82606e | 239 | { |
240 | char *msg = NULL; | |
241 | int result, permitted = 0; | |
242 | struct stat st; | |
243 | ||
244 | /* | |
245 | * Don't perform checks for root account (PermitRootLogin controls | |
fa0f0f45 | 246 | * logins via ssh) or if running as non-root user (since |
7e82606e | 247 | * loginrestrictions will always fail due to insufficient privilege). |
248 | */ | |
249 | if (pw->pw_uid == 0 || geteuid() != 0) { | |
250 | debug3("%s: not checking", __func__); | |
251 | return 1; | |
252 | } | |
253 | ||
254 | result = loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg); | |
255 | if (result == 0) | |
256 | permitted = 1; | |
257 | /* | |
258 | * If restricted because /etc/nologin exists, the login will be denied | |
259 | * in session.c after the nologin message is sent, so allow for now | |
260 | * and do not append the returned message. | |
261 | */ | |
262 | if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) | |
263 | permitted = 1; | |
264 | else if (msg != NULL) | |
dfddba3d | 265 | buffer_append(loginmsg, msg, strlen(msg)); |
7e82606e | 266 | if (msg == NULL) |
267 | msg = xstrdup("(none)"); | |
268 | aix_remove_embedded_newlines(msg); | |
269 | debug3("AIX/loginrestrictions returned %d msg %.100s", result, msg); | |
270 | ||
271 | if (!permitted) | |
272 | logit("Login restricted for %s: %.100s", pw->pw_name, msg); | |
273 | xfree(msg); | |
274 | return permitted; | |
275 | } | |
276 | ||
277 | int | |
dfddba3d | 278 | sys_auth_record_login(const char *user, const char *host, const char *ttynm, |
279 | Buffer *loginmsg) | |
7e82606e | 280 | { |
2ce0bfe4 | 281 | char *msg = NULL; |
7e82606e | 282 | int success = 0; |
283 | ||
284 | aix_setauthdb(user); | |
dfddba3d | 285 | if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { |
7e82606e | 286 | success = 1; |
b5afdff5 | 287 | if (msg != NULL) { |
dfddba3d | 288 | debug("AIX/loginsuccess: msg %s", msg); |
b5afdff5 | 289 | if (lastlogin_msg == NULL) |
290 | lastlogin_msg = msg; | |
7e82606e | 291 | } |
292 | } | |
293 | aix_restoreauthdb(); | |
294 | return (success); | |
295 | } | |
296 | ||
b5afdff5 | 297 | char * |
298 | sys_auth_get_lastlogin_msg(const char *user, uid_t uid) | |
299 | { | |
300 | char *msg = lastlogin_msg; | |
301 | ||
302 | lastlogin_msg = NULL; | |
303 | return msg; | |
304 | } | |
305 | ||
540d72c3 | 306 | # ifdef CUSTOM_FAILED_LOGIN |
7cac2b65 | 307 | /* |
308 | * record_failed_login: generic "login failed" interface function | |
309 | */ | |
310 | void | |
dfddba3d | 311 | record_failed_login(const char *user, const char *hostname, const char *ttyname) |
7cac2b65 | 312 | { |
7cac2b65 | 313 | if (geteuid() != 0) |
314 | return; | |
315 | ||
316 | aix_setauthdb(user); | |
540d72c3 | 317 | # ifdef AIX_LOGINFAILED_4ARG |
dfddba3d | 318 | loginfailed((char *)user, (char *)hostname, (char *)ttyname, |
319 | AUDIT_FAIL_AUTH); | |
540d72c3 | 320 | # else |
dfddba3d | 321 | loginfailed((char *)user, (char *)hostname, (char *)ttyname); |
540d72c3 | 322 | # endif |
323 | aix_restoreauthdb(); | |
7cac2b65 | 324 | } |
540d72c3 | 325 | # endif /* CUSTOM_FAILED_LOGIN */ |
7cac2b65 | 326 | |
327 | /* | |
328 | * If we have setauthdb, retrieve the password registry for the user's | |
540d72c3 | 329 | * account then feed it to setauthdb. This will mean that subsequent AIX auth |
330 | * functions will only use the specified loadable module. If we don't have | |
331 | * setauthdb this is a no-op. | |
7cac2b65 | 332 | */ |
333 | void | |
334 | aix_setauthdb(const char *user) | |
335 | { | |
336 | # ifdef HAVE_SETAUTHDB | |
540d72c3 | 337 | char *registry; |
7cac2b65 | 338 | |
339 | if (setuserdb(S_READ) == -1) { | |
340 | debug3("%s: Could not open userdb to read", __func__); | |
341 | return; | |
342 | } | |
343 | ||
344 | if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { | |
540d72c3 | 345 | if (setauthdb(registry, old_registry) == 0) |
346 | debug3("AIX/setauthdb set registry '%s'", registry); | |
7cac2b65 | 347 | else |
540d72c3 | 348 | debug3("AIX/setauthdb set registry '%s' failed: %s", |
349 | registry, strerror(errno)); | |
7cac2b65 | 350 | } else |
351 | debug3("%s: Could not read S_REGISTRY for user: %s", __func__, | |
352 | strerror(errno)); | |
353 | enduserdb(); | |
540d72c3 | 354 | # endif /* HAVE_SETAUTHDB */ |
7cac2b65 | 355 | } |
d832c38e | 356 | |
540d72c3 | 357 | /* |
358 | * Restore the user's registry settings from old_registry. | |
359 | * Note that if the first aix_setauthdb fails, setauthdb("") is still safe | |
360 | * (it restores the system default behaviour). If we don't have setauthdb, | |
361 | * this is a no-op. | |
362 | */ | |
363 | void | |
364 | aix_restoreauthdb(void) | |
365 | { | |
366 | # ifdef HAVE_SETAUTHDB | |
367 | if (setauthdb(old_registry, NULL) == 0) | |
368 | debug3("%s: restoring old registry '%s'", __func__, | |
369 | old_registry); | |
370 | else | |
371 | debug3("%s: failed to restore old registry %s", __func__, | |
372 | old_registry); | |
373 | # endif /* HAVE_SETAUTHDB */ | |
374 | } | |
375 | ||
376 | # endif /* WITH_AIXAUTHENTICATE */ | |
377 | ||
dfddba3d | 378 | # if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) |
379 | # undef getnameinfo | |
380 | /* | |
381 | * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros | |
382 | * IPv6 address into its textual representation ("::"), so we wrap it | |
383 | * with a function that will. | |
384 | */ | |
385 | int | |
386 | sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, | |
387 | size_t hostlen, char *serv, size_t servlen, int flags) | |
388 | { | |
389 | struct sockaddr_in6 *sa6; | |
390 | u_int32_t *a6; | |
391 | ||
392 | if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && | |
393 | sa->sa_family == AF_INET6) { | |
394 | sa6 = (struct sockaddr_in6 *)sa; | |
395 | a6 = sa6->sin6_addr.u6_addr.u6_addr32; | |
396 | ||
397 | if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { | |
398 | strlcpy(host, "::", hostlen); | |
399 | snprintf(serv, servlen, "%d", sa6->sin6_port); | |
400 | return 0; | |
401 | } | |
402 | } | |
403 | return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); | |
404 | } | |
405 | # endif /* AIX_GETNAMEINFO_HACK */ | |
406 | ||
e74dc197 | 407 | # if defined(USE_GETGRSET) |
408 | # include <stdlib.h> | |
409 | int | |
410 | getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt) | |
411 | { | |
412 | char *cp, *grplist, *grp; | |
413 | gid_t gid; | |
414 | int ret = 0, ngroups = 0, maxgroups; | |
415 | long l; | |
416 | ||
417 | maxgroups = *grpcnt; | |
418 | ||
419 | if ((cp = grplist = getgrset(user)) == NULL) | |
420 | return -1; | |
421 | ||
422 | /* handle zero-length case */ | |
423 | if (maxgroups <= 0) { | |
424 | *grpcnt = 0; | |
425 | return -1; | |
426 | } | |
427 | ||
428 | /* copy primary group */ | |
429 | groups[ngroups++] = pgid; | |
430 | ||
431 | /* copy each entry from getgrset into group list */ | |
432 | while ((grp = strsep(&grplist, ",")) != NULL) { | |
433 | l = strtol(grp, NULL, 10); | |
434 | if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) { | |
435 | ret = -1; | |
436 | goto out; | |
437 | } | |
438 | gid = (gid_t)l; | |
439 | if (gid == pgid) | |
440 | continue; /* we have already added primary gid */ | |
441 | groups[ngroups++] = gid; | |
442 | } | |
443 | out: | |
444 | free(cp); | |
445 | *grpcnt = ngroups; | |
446 | return ret; | |
447 | } | |
448 | # endif /* USE_GETGRSET */ | |
449 | ||
540d72c3 | 450 | #endif /* _AIX */ |