andersk Git - openssh.git/blame_incremental

... / ...

Commit	Line	Data
	1	/*
	2	*
	3	* Copyright (c) 2001 Gert Doering. All rights reserved.
	4	* Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved.
	5	*
	6	* Redistribution and use in source and binary forms, with or without
	7	* modification, are permitted provided that the following conditions
	8	* are met:
	9	* 1. Redistributions of source code must retain the above copyright
	10	* notice, this list of conditions and the following disclaimer.
	11	* 2. Redistributions in binary form must reproduce the above copyright
	12	* notice, this list of conditions and the following disclaimer in the
	13	* documentation and/or other materials provided with the distribution.
	14	*
	15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	25	*
	26	*/
	27	#include "includes.h"
	28
	29	#include "xmalloc.h"
	30	#include "buffer.h"
	31	#include "key.h"
	32	#include "hostfile.h"
	33	#include "auth.h"
	34	#include "ssh.h"
	35	#include "log.h"
	36
	37	#ifdef _AIX
	38
	39	#include <errno.h>
	40	#if defined(HAVE_NETDB_H)
	41	# include <netdb.h>
	42	#endif
	43	#include <uinfo.h>
	44	#include <stdarg.h>
	45	#include <string.h>
	46	#include <unistd.h>
	47	#include <sys/socket.h>
	48	#include "port-aix.h"
	49
	50	# ifdef HAVE_SETAUTHDB
	51	static char old_registry[REGISTRY_SIZE] = "";
	52	# endif
	53
	54	/*
	55	* AIX has a "usrinfo" area where logname and other stuff is stored -
	56	* a few applications actually use this and die if it's not set
	57	*
	58	* NOTE: TTY= should be set, but since no one uses it and it's hard to
	59	* acquire due to privsep code. We will just drop support.
	60	*/
	61	void
	62	aix_usrinfo(struct passwd *pw)
	63	{
	64	u_int i;
	65	size_t len;
	66	char *cp;
	67
	68	len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
	69	cp = xmalloc(len);
	70
	71	i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
	72	pw->pw_name, '\0');
	73	if (usrinfo(SETUINFO, cp, i) == -1)
	74	fatal("Couldn't set usrinfo: %s", strerror(errno));
	75	debug3("AIX/UsrInfo: set len %d", i);
	76
	77	xfree(cp);
	78	}
	79
	80	# ifdef WITH_AIXAUTHENTICATE
	81	/*
	82	* Remove embedded newlines in string (if any).
	83	* Used before logging messages returned by AIX authentication functions
	84	* so the message is logged on one line.
	85	*/
	86	void
	87	aix_remove_embedded_newlines(char *p)
	88	{
	89	if (p == NULL)
	90	return;
	91
	92	for (; *p; p++) {
	93	if (*p == '\n')
	94	*p = ' ';
	95	}
	96	/* Remove trailing whitespace */
	97	if (*--p == ' ')
	98	*p = '\0';
	99	}
	100
	101	/*
	102	* Test specifically for the case where SYSTEM == NONE and AUTH1 contains
	103	* anything other than NONE or SYSTEM, which indicates that the admin has
	104	* configured the account for purely AUTH1-type authentication.
	105	*
	106	* Since authenticate() doesn't check AUTH1, and sshd can't sanely support
	107	* AUTH1 itself, in such a case authenticate() will allow access without
	108	* authentation, which is almost certainly not what the admin intends.
	109	*
	110	* (The native tools, eg login, will process the AUTH1 list in addition to
	111	* the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods
	112	* have been deprecated since AIX 4.2.x and would be very difficult for sshd
	113	* to support.
	114	*
	115	* Returns 0 if an unsupportable combination is found, 1 otherwise.
	116	*/
	117	static int
	118	aix_valid_authentications(const char *user)
	119	{
	120	char auth1, sys, *p;
	121	int valid = 1;
	122
	123	if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) {
	124	logit("Can't retrieve attribute SYSTEM for %s: %.100s",
	125	user, strerror(errno));
	126	return 0;
	127	}
	128
	129	debug3("AIX SYSTEM attribute %s", sys);
	130	if (strcmp(sys, "NONE") != 0)
	131	return 1; /* not "NONE", so is OK */
	132
	133	if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) {
	134	logit("Can't retrieve attribute auth1 for %s: %.100s",
	135	user, strerror(errno));
	136	return 0;
	137	}
	138
	139	p = auth1;
	140	/* A SEC_LIST is concatenated strings, ending with two NULs. */
	141	while (p[0] != '\0' && p[1] != '\0') {
	142	debug3("AIX auth1 attribute list member %s", p);
	143	if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) {
	144	logit("Account %s has unsupported auth1 value '%s'",
	145	user, p);
	146	valid = 0;
	147	}
	148	p += strlen(p) + 1;
	149	}
	150
	151	return (valid);
	152	}
	153
	154	/*
	155	* Do authentication via AIX's authenticate routine. We loop until the
	156	* reenter parameter is 0, but normally authenticate is called only once.
	157	*
	158	* Note: this function returns 1 on success, whereas AIX's authenticate()
	159	* returns 0.
	160	*/
	161	int
	162	sys_auth_passwd(Authctxt ctxt, const char password)
	163	{
	164	char authmsg = NULL, msg = NULL, *name = ctxt->pw->pw_name;
	165	int authsuccess = 0, expired, reenter, result;
	166
	167	do {
	168	result = authenticate((char )name, (char )password, &reenter,
	169	&authmsg);
	170	aix_remove_embedded_newlines(authmsg);
	171	debug3("AIX/authenticate result %d, authmsg %.100s", result,
	172	authmsg);
	173	} while (reenter);
	174
	175	if (!aix_valid_authentications(name))
	176	result = -1;
	177
	178	if (result == 0) {
	179	authsuccess = 1;
	180
	181	/*
	182	* Record successful login. We don't have a pty yet, so just
	183	* label the line as "ssh"
	184	*/
	185	aix_setauthdb(name);
	186
	187	/*
	188	* Check if the user's password is expired.
	189	*/
	190	expired = passwdexpired(name, &msg);
	191	if (msg && *msg) {
	192	buffer_append(ctxt->loginmsg, msg, strlen(msg));
	193	aix_remove_embedded_newlines(msg);
	194	}
	195	debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
	196
	197	switch (expired) {
	198	case 0: /* password not expired */
	199	break;
	200	case 1: /* expired, password change required */
	201	ctxt->force_pwchange = 1;
	202	break;
	203	default: /* user can't change(2) or other error (-1) */
	204	logit("Password can't be changed for user %s: %.100s",
	205	name, msg);
	206	if (msg)
	207	xfree(msg);
	208	authsuccess = 0;
	209	}
	210
	211	aix_restoreauthdb();
	212	}
	213
	214	if (authmsg != NULL)
	215	xfree(authmsg);
	216
	217	return authsuccess;
	218	}
	219
	220	/*
	221	* Check if specified account is permitted to log in.
	222	* Returns 1 if login is allowed, 0 if not allowed.
	223	*/
	224	int
	225	sys_auth_allowed_user(struct passwd pw, Buffer loginmsg)
	226	{
	227	char *msg = NULL;
	228	int result, permitted = 0;
	229	struct stat st;
	230
	231	/*
	232	* Don't perform checks for root account (PermitRootLogin controls
	233	* logins via * ssh) or if running as non-root user (since
	234	* loginrestrictions will always fail due to insufficient privilege).
	235	*/
	236	if (pw->pw_uid == 0 \|\| geteuid() != 0) {
	237	debug3("%s: not checking", __func__);
	238	return 1;
	239	}
	240
	241	result = loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg);
	242	if (result == 0)
	243	permitted = 1;
	244	/*
	245	* If restricted because /etc/nologin exists, the login will be denied
	246	* in session.c after the nologin message is sent, so allow for now
	247	* and do not append the returned message.
	248	*/
	249	if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0)
	250	permitted = 1;
	251	else if (msg != NULL)
	252	buffer_append(loginmsg, msg, strlen(msg));
	253	if (msg == NULL)
	254	msg = xstrdup("(none)");
	255	aix_remove_embedded_newlines(msg);
	256	debug3("AIX/loginrestrictions returned %d msg %.100s", result, msg);
	257
	258	if (!permitted)
	259	logit("Login restricted for %s: %.100s", pw->pw_name, msg);
	260	xfree(msg);
	261	return permitted;
	262	}
	263
	264	int
	265	sys_auth_record_login(const char user, const char host, const char *ttynm,
	266	Buffer *loginmsg)
	267	{
	268	char *msg = NULL;
	269	static int msg_done = 0;
	270	int success = 0;
	271
	272	aix_setauthdb(user);
	273	if (loginsuccess((char )user, (char )host, (char *)ttynm, &msg) == 0) {
	274	success = 1;
	275	if (msg != NULL && loginmsg != NULL && !msg_done) {
	276	debug("AIX/loginsuccess: msg %s", msg);
	277	buffer_append(loginmsg, msg, strlen(msg));
	278	xfree(msg);
	279	msg_done = 1;
	280	}
	281	}
	282	aix_restoreauthdb();
	283	return (success);
	284	}
	285
	286	# ifdef CUSTOM_FAILED_LOGIN
	287	/*
	288	* record_failed_login: generic "login failed" interface function
	289	*/
	290	void
	291	record_failed_login(const char user, const char hostname, const char *ttyname)
	292	{
	293	if (geteuid() != 0)
	294	return;
	295
	296	aix_setauthdb(user);
	297	# ifdef AIX_LOGINFAILED_4ARG
	298	loginfailed((char )user, (char )hostname, (char *)ttyname,
	299	AUDIT_FAIL_AUTH);
	300	# else
	301	loginfailed((char )user, (char )hostname, (char *)ttyname);
	302	# endif
	303	aix_restoreauthdb();
	304	}
	305	# endif /* CUSTOM_FAILED_LOGIN */
	306
	307	/*
	308	* If we have setauthdb, retrieve the password registry for the user's
	309	* account then feed it to setauthdb. This will mean that subsequent AIX auth
	310	* functions will only use the specified loadable module. If we don't have
	311	* setauthdb this is a no-op.
	312	*/
	313	void
	314	aix_setauthdb(const char *user)
	315	{
	316	# ifdef HAVE_SETAUTHDB
	317	char *registry;
	318
	319	if (setuserdb(S_READ) == -1) {
	320	debug3("%s: Could not open userdb to read", __func__);
	321	return;
	322	}
	323
	324	if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
	325	if (setauthdb(registry, old_registry) == 0)
	326	debug3("AIX/setauthdb set registry '%s'", registry);
	327	else
	328	debug3("AIX/setauthdb set registry '%s' failed: %s",
	329	registry, strerror(errno));
	330	} else
	331	debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
	332	strerror(errno));
	333	enduserdb();
	334	# endif /* HAVE_SETAUTHDB */
	335	}
	336
	337	/*
	338	* Restore the user's registry settings from old_registry.
	339	* Note that if the first aix_setauthdb fails, setauthdb("") is still safe
	340	* (it restores the system default behaviour). If we don't have setauthdb,
	341	* this is a no-op.
	342	*/
	343	void
	344	aix_restoreauthdb(void)
	345	{
	346	# ifdef HAVE_SETAUTHDB
	347	if (setauthdb(old_registry, NULL) == 0)
	348	debug3("%s: restoring old registry '%s'", __func__,
	349	old_registry);
	350	else
	351	debug3("%s: failed to restore old registry %s", __func__,
	352	old_registry);
	353	# endif /* HAVE_SETAUTHDB */
	354	}
	355
	356	# endif /* WITH_AIXAUTHENTICATE */
	357
	358	# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO)
	359	# undef getnameinfo
	360	/*
	361	* For some reason, AIX's getnameinfo will refuse to resolve the all-zeros
	362	* IPv6 address into its textual representation ("::"), so we wrap it
	363	* with a function that will.
	364	*/
	365	int
	366	sshaix_getnameinfo(const struct sockaddr sa, size_t salen, char host,
	367	size_t hostlen, char *serv, size_t servlen, int flags)
	368	{
	369	struct sockaddr_in6 *sa6;
	370	u_int32_t *a6;
	371
	372	if (flags & (NI_NUMERICHOST\|NI_NUMERICSERV) &&
	373	sa->sa_family == AF_INET6) {
	374	sa6 = (struct sockaddr_in6 *)sa;
	375	a6 = sa6->sin6_addr.u6_addr.u6_addr32;
	376
	377	if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) {
	378	strlcpy(host, "::", hostlen);
	379	snprintf(serv, servlen, "%d", sa6->sin6_port);
	380	return 0;
	381	}
	382	}
	383	return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
	384	}
	385	# endif /* AIX_GETNAMEINFO_HACK */
	386
	387	#endif /* _AIX */