KAMAHARA Junzo <kamahara@cc.kshosen.ac.jp> - Configure fixes
Kees Cook <cook@cpoint.net> - scp fixes
Kenji Miyake <kenji@miyake.org> - Configure fixes
+Kevin Cawlfield <cawlfiel@us.ibm.com> - AIX fixes.
Kevin O'Connor <kevin_oconnor@standardandpoors.com> - RSAless operation
Kevin Steves <stevesk@pobox.com> - HP support, bugfixes, improvements
Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
loginfailed at all, so assume 3-arg loginfailed if not declared.
- (dtucker) [port-aix.h] Work around name collision on AIX for r_type by
undef'ing it.
+ - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
+ Call setauthdb() before loginfailed(), which may load password registry-
+ specific functions. Based on patch by cawlfiel@us.ibm.com.
20030708
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
#include <uinfo.h>
#include <../xmalloc.h>
+#include "port-aix.h"
extern ServerOptions options;
{
char *hostname = get_canonical_hostname(options.use_dns);
+ if (geteuid() != 0)
+ return;
+
+ aix_setauthdb(user);
# ifdef AIX_LOGINFAILED_4ARG
loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
# else
loginfailed((char *)user, hostname, (char *)ttyname);
# endif
}
+
+/*
+ * If we have setauthdb, retrieve the password registry for the user's
+ * account then feed it to setauthdb. This may load registry-specific method
+ * code. If we don't have setauthdb or have already called it this is a no-op.
+ */
+void
+aix_setauthdb(const char *user)
+{
+# ifdef HAVE_SETAUTHDB
+ static char *registry = NULL;
+
+ if (registry != NULL) /* have already done setauthdb */
+ return;
+
+ if (setuserdb(S_READ) == -1) {
+ debug3("%s: Could not open userdb to read", __func__);
+ return;
+ }
+
+ if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
+ if (setauthdb(registry, NULL) == 0)
+ debug3("%s: AIX/setauthdb set registry %s", __func__,
+ registry);
+ else
+ debug3("%s: AIX/setauthdb set registry %s failed: %s",
+ __func__, registry, strerror(errno));
+ } else
+ debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
+ strerror(errno));
+ enduserdb();
+# endif
+}
# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */
#ifdef WITH_AIXAUTHENTICATE
# define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *user, const char *ttyname);
+void aix_setauthdb(const char *);
#endif
void aix_usrinfo(struct passwd *pw);
andersk / openssh.git / commitdiff
