X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/8b32eddc967aaf168381bd0552cafc7fd3b6fad6..b5afdff53b51d529e596da3b4c2aa5ee14cc8b08:/openssh/openbsd-compat/port-aix.c

diff --git a/openssh/openbsd-compat/port-aix.c b/openssh/openbsd-compat/port-aix.c
index cf5d4b9..ebf62d3 100644
--- a/openssh/openbsd-compat/port-aix.c
+++ b/openssh/openbsd-compat/port-aix.c
@@ -1,7 +1,7 @@
 /*
  *
  * Copyright (c) 2001 Gert Doering.  All rights reserved.
- * Copyright (c) 2003,2004 Darren Tucker.  All rights reserved.
+ * Copyright (c) 2003,2004,2005,2006 Darren Tucker.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -25,31 +25,52 @@
  *
  */
 #include "includes.h"
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "key.h"
+#include "hostfile.h"
 #include "auth.h"
 #include "ssh.h"
 #include "log.h"
-#include "xmalloc.h"
-#include "buffer.h"
 
 #ifdef _AIX
 
+#include <errno.h>
+#if defined(HAVE_NETDB_H)
+# include <netdb.h>
+#endif
 #include <uinfo.h>
+#include <stdarg.h>
+#include <string.h>
+#include <unistd.h>
 #include <sys/socket.h>
+
+#ifdef WITH_AIXAUTHENTICATE
+# include <login.h>
+# include <userpw.h>
+# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG)
+#  undef T_NULL
+#  include <sys/audit.h>
+# endif
+# include <usersec.h>
+#endif
+
 #include "port-aix.h"
 
+static char *lastlogin_msg = NULL;
+
 # ifdef HAVE_SETAUTHDB
 static char old_registry[REGISTRY_SIZE] = "";
 # endif
 
 /*
- * AIX has a "usrinfo" area where logname and other stuff is stored - 
+ * AIX has a "usrinfo" area where logname and other stuff is stored -
  * a few applications actually use this and die if it's not set
  *
  * NOTE: TTY= should be set, but since no one uses it and it's hard to
  * acquire due to privsep code.  We will just drop support.
  */
-
-
 void
 aix_usrinfo(struct passwd *pw)
 {
@@ -60,7 +81,7 @@ aix_usrinfo(struct passwd *pw)
 	len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
 	cp = xmalloc(len);
 
-	i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', 
+	i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
 	    pw->pw_name, '\0');
 	if (usrinfo(SETUINFO, cp, i) == -1)
 		fatal("Couldn't set usrinfo: %s", strerror(errno));
@@ -153,14 +174,14 @@ aix_valid_authentications(const char *user)
 int
 sys_auth_passwd(Authctxt *ctxt, const char *password)
 {
-	char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
+	char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name;
 	int authsuccess = 0, expired, reenter, result;
 
 	do {
 		result = authenticate((char *)name, (char *)password, &reenter,
 		    &authmsg);
 		aix_remove_embedded_newlines(authmsg);	
-		debug3("AIX/authenticate result %d, msg %.100s", result,
+		debug3("AIX/authenticate result %d, authmsg %.100s", result,
 		    authmsg);
 	} while (reenter);
 
@@ -170,7 +191,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
 	if (result == 0) {
 		authsuccess = 1;
 
-	       	/*
+		/*
 		 * Record successful login.  We don't have a pty yet, so just
 		 * label the line as "ssh"
 		 */
@@ -222,7 +243,7 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg)
 
 	/*
 	 * Don't perform checks for root account (PermitRootLogin controls
-	 * logins via * ssh) or if running as non-root user (since
+	 * logins via ssh) or if running as non-root user (since
 	 * loginrestrictions will always fail due to insufficient privilege).
 	 */
 	if (pw->pw_uid == 0 || geteuid() != 0) {
@@ -257,7 +278,7 @@ int
 sys_auth_record_login(const char *user, const char *host, const char *ttynm,
     Buffer *loginmsg)
 {
-	char *msg;
+	char *msg = NULL;
 	int success = 0;
 
 	aix_setauthdb(user);
@@ -265,14 +286,23 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm,
 		success = 1;
 		if (msg != NULL) {
 			debug("AIX/loginsuccess: msg %s", msg);
-			buffer_append(loginmsg, msg, strlen(msg));
-			xfree(msg);
+			if (lastlogin_msg == NULL)
+				lastlogin_msg = msg;
 		}
 	}
 	aix_restoreauthdb();
 	return (success);
 }
 
+char *
+sys_auth_get_lastlogin_msg(const char *user, uid_t uid)
+{
+	char *msg = lastlogin_msg;
+
+	lastlogin_msg = NULL;
+	return msg;
+}
+
 #  ifdef CUSTOM_FAILED_LOGIN
 /*
  * record_failed_login: generic "login failed" interface function
@@ -374,4 +404,47 @@ sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host,
 }
 # endif /* AIX_GETNAMEINFO_HACK */
 
+# if defined(USE_GETGRSET)
+#  include <stdlib.h>
+int
+getgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt)
+{
+	char *cp, *grplist, *grp;
+	gid_t gid;
+	int ret = 0, ngroups = 0, maxgroups;
+	long l;
+
+	maxgroups = *grpcnt;
+
+	if ((cp = grplist = getgrset(user)) == NULL)
+		return -1;
+
+	/* handle zero-length case */
+	if (maxgroups <= 0) {
+		*grpcnt = 0;
+		return -1;
+	}
+
+	/* copy primary group */
+	groups[ngroups++] = pgid;
+
+	/* copy each entry from getgrset into group list */
+	while ((grp = strsep(&grplist, ",")) != NULL) {
+		l = strtol(grp, NULL, 10);
+		if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) {
+			ret = -1;
+			goto out;
+		}
+		gid = (gid_t)l;
+		if (gid == pgid)
+			continue;	/* we have already added primary gid */
+		groups[ngroups++] = gid;
+	}
+out:
+	free(cp);
+	*grpcnt = ngroups;
+	return ret;
+}
+# endif	/* USE_GETGRSET */
+
 #endif /* _AIX */