[gssapi-openssh.git] / openssh / openbsd-compat / port-aix.c

/*
 *
 * Copyright (c) 2001 Gert Doering.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */
#include "includes.h"
#include "ssh.h"
#include "log.h"
#include "servconf.h"
#include "canohost.h"
#include "xmalloc.h"

#ifdef _AIX

#include <uinfo.h>
#include "port-aix.h"

extern ServerOptions options;

/*
 * AIX has a "usrinfo" area where logname and other stuff is stored - 
 * a few applications actually use this and die if it's not set
 *
 * NOTE: TTY= should be set, but since no one uses it and it's hard to
 * acquire due to privsep code.  We will just drop support.
 */
void
aix_usrinfo(struct passwd *pw)
{
	u_int i;
	size_t len;
	char *cp;

	len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
	cp = xmalloc(len);

	i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', 
	    pw->pw_name, '\0');
	if (usrinfo(SETUINFO, cp, i) == -1)
		fatal("Couldn't set usrinfo: %s", strerror(errno));
	debug3("AIX/UsrInfo: set len %d", i);

	xfree(cp);
}

#ifdef WITH_AIXAUTHENTICATE
/*
 * Remove embedded newlines in string (if any).
 * Used before logging messages returned by AIX authentication functions
 * so the message is logged on one line.
 */
void
aix_remove_embedded_newlines(char *p)
{
	if (p == NULL)
		return;

	for (; *p; p++) {
		if (*p == '\n')
			*p = ' ';
	}
	/* Remove trailing whitespace */
	if (*--p == ' ')
		*p = '\0';
}
#endif /* WITH_AIXAUTHENTICATE */
  
# ifdef CUSTOM_FAILED_LOGIN
/*
 * record_failed_login: generic "login failed" interface function
 */
void
record_failed_login(const char *user, const char *ttyname)
{
	char *hostname = get_canonical_hostname(options.use_dns);

	if (geteuid() != 0)
		return;

	aix_setauthdb(user);
#  ifdef AIX_LOGINFAILED_4ARG
	loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
#  else
	loginfailed((char *)user, hostname, (char *)ttyname);
#  endif
}

/*
 * If we have setauthdb, retrieve the password registry for the user's
 * account then feed it to setauthdb.  This may load registry-specific method
 * code.  If we don't have setauthdb or have already called it this is a no-op.
 */
void
aix_setauthdb(const char *user)
{
#  ifdef HAVE_SETAUTHDB
	static char *registry = NULL;

	if (registry != NULL)	/* have already done setauthdb */
		return;

	if (setuserdb(S_READ) == -1) {
		debug3("%s: Could not open userdb to read", __func__);
		return;
	}
	
	if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
		if (setauthdb(registry, NULL) == 0)
			debug3("%s: AIX/setauthdb set registry %s", __func__,
			    registry);
		else 
			debug3("%s: AIX/setauthdb set registry %s failed: %s",
			    __func__, registry, strerror(errno));
	} else
		debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
		    strerror(errno));
	enduserdb();
#  endif
}
# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */
Commit	Line	Data
d03f4262	1	/*
	2	*
	3	* Copyright (c) 2001 Gert Doering. All rights reserved.
	4	*
	5	* Redistribution and use in source and binary forms, with or without
	6	* modification, are permitted provided that the following conditions
	7	* are met:
	8	* 1. Redistributions of source code must retain the above copyright
	9	* notice, this list of conditions and the following disclaimer.
	10	* 2. Redistributions in binary form must reproduce the above copyright
	11	* notice, this list of conditions and the following disclaimer in the
	12	* documentation and/or other materials provided with the distribution.
	13	*
	14	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	15	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	16	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	17	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	18	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	19	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	20	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	21	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	22	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	23	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	24	*
	25	*/
d832c38e	26	#include "includes.h"
7cac2b65	27	#include "ssh.h"
	28	#include "log.h"
	29	#include "servconf.h"
29d88157	30	#include "canohost.h"
29d88157	31	#include "xmalloc.h"
d832c38e	32
	33	#ifdef _AIX
	34
d832c38e	35	#include <uinfo.h>
7cac2b65	36	#include "port-aix.h"
	37
	38	extern ServerOptions options;
d832c38e	39
d832c38e	40	/*
d03f4262	41	* AIX has a "usrinfo" area where logname and other stuff is stored -
	42	* a few applications actually use this and die if it's not set
	43	*
	44	* NOTE: TTY= should be set, but since no one uses it and it's hard to
	45	* acquire due to privsep code. We will just drop support.
d832c38e	46	*/
d832c38e	47	void
d03f4262	48	aix_usrinfo(struct passwd *pw)
d832c38e	49	{
d832c38e	50	u_int i;
7cac2b65	51	size_t len;
d03f4262	52	char *cp;
d832c38e	53
7cac2b65	54	len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
	55	cp = xmalloc(len);
	56
	57	i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
	58	pw->pw_name, '\0');
d832c38e	59	if (usrinfo(SETUINFO, cp, i) == -1)
	60	fatal("Couldn't set usrinfo: %s", strerror(errno));
	61	debug3("AIX/UsrInfo: set len %d", i);
7cac2b65	62
d832c38e	63	xfree(cp);
	64	}
	65
7cac2b65	66	#ifdef WITH_AIXAUTHENTICATE
	67	/*
	68	* Remove embedded newlines in string (if any).
	69	* Used before logging messages returned by AIX authentication functions
	70	* so the message is logged on one line.
	71	*/
	72	void
	73	aix_remove_embedded_newlines(char *p)
	74	{
	75	if (p == NULL)
	76	return;
	77
	78	for (; *p; p++) {
	79	if (*p == '\n')
	80	*p = ' ';
	81	}
	82	/* Remove trailing whitespace */
	83	if (*--p == ' ')
	84	*p = '\0';
	85	}
	86	#endif /* WITH_AIXAUTHENTICATE */
	87
	88	# ifdef CUSTOM_FAILED_LOGIN
	89	/*
	90	* record_failed_login: generic "login failed" interface function
	91	*/
	92	void
	93	record_failed_login(const char user, const char ttyname)
	94	{
	95	char *hostname = get_canonical_hostname(options.use_dns);
	96
	97	if (geteuid() != 0)
	98	return;
	99
	100	aix_setauthdb(user);
	101	# ifdef AIX_LOGINFAILED_4ARG
	102	loginfailed((char )user, hostname, (char )ttyname, AUDIT_FAIL_AUTH);
	103	# else
	104	loginfailed((char )user, hostname, (char )ttyname);
	105	# endif
	106	}
	107
	108	/*
	109	* If we have setauthdb, retrieve the password registry for the user's
	110	* account then feed it to setauthdb. This may load registry-specific method
	111	* code. If we don't have setauthdb or have already called it this is a no-op.
	112	*/
	113	void
	114	aix_setauthdb(const char *user)
	115	{
	116	# ifdef HAVE_SETAUTHDB
	117	static char *registry = NULL;
	118
	119	if (registry != NULL) /* have already done setauthdb */
	120	return;
	121
	122	if (setuserdb(S_READ) == -1) {
	123	debug3("%s: Could not open userdb to read", __func__);
	124	return;
	125	}
	126
	127	if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
	128	if (setauthdb(registry, NULL) == 0)
	129	debug3("%s: AIX/setauthdb set registry %s", __func__,
130	registry);
131	else
132	debug3("%s: AIX/setauthdb set registry %s failed: %s",
133	__func__, registry, strerror(errno));
134	} else
135	debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
136	strerror(errno));
137	enduserdb();
138	# endif
139	}
140	# endif /* CUSTOM_FAILED_LOGIN */
d832c38e	141	#endif /* _AIX */
d832c38e	142