Convert aixloginmsg into platform-independant Buffer loginmsg.
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
- - (dtucker) Check return value of setpcred().
+ - (dtucker) [session.c] Check return value of setpcred().
+ - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
+ Convert aixloginmsg into platform-independant Buffer loginmsg.
20030707
- (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
#include "log.h"
#include "servconf.h"
#include "auth.h"
+#include "buffer.h"
+#include "xmalloc.h"
#include "canohost.h"
#if !defined(HAVE_OSF_SIA)
#endif /* !HAVE_OSF_SIA */
extern ServerOptions options;
-#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
-#endif
+extern Buffer loginmsg;
/*
* Tries to authenticate the user using password. Returns true if
# endif
# ifdef WITH_AIXAUTHENTICATE
authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
+ aix_remove_embedded_newlines(authmsg);
if (authsuccess) {
+ char *msg;
+ char *host = (char *)get_canonical_hostname(options.use_dns);
+
+ debug3("AIX/authenticate succeeded for user %s: %.100s",
+ pw->pw_name, authmsg);
+
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user,
- get_canonical_hostname(options.use_dns),
- "ssh", &aixloginmsg) < 0) {
- aixloginmsg = NULL;
+ if (loginsuccess(authctxt->user, host, "ssh", &msg) == 0){
+ if (msg != NULL) {
+ debug("%s: msg %s", __func__, msg);
+ buffer_append(&loginmsg, msg, strlen(msg));
+ xfree(msg);
+ }
}
+ } else {
+ debug3("AIX/authenticate failed for user %s: %.100s",
+ pw->pw_name, authmsg);
}
+ if (authmsg != NULL)
+ xfree(authmsg);
return (authsuccess);
# endif
/* import */
extern ServerOptions options;
+extern Buffer loginmsg;
/* Debugging messages */
Buffer auth_debug;
const char *hostname = NULL, *ipaddr = NULL;
char *shell;
int i;
-#ifdef WITH_AIXAUTHENTICATE
- char *loginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) && \
defined(HAS_SHADOW_EXPIRE)
struct spwd *spw;
* PermitRootLogin to control logins via ssh), or if running as
* non-root user (since loginrestrictions will always fail).
*/
- if ((pw->pw_uid != 0) && (geteuid() == 0) &&
- loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
- int loginrestrict_errno = errno;
-
- if (loginmsg && *loginmsg) {
- /* Remove embedded newlines (if any) */
- char *p;
- for (p = loginmsg; *p; p++) {
- if (*p == '\n')
- *p = ' ';
+ if ((pw->pw_uid != 0) && (geteuid() == 0)) {
+ char *msg;
+
+ if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
+ int loginrestrict_errno = errno;
+
+ if (msg && *msg) {
+ buffer_append(&loginmsg, msg, strlen(msg));
+ aix_remove_embedded_newlines(msg);
+ logit("Login restricted for %s: %.100s",
+ pw->pw_name, msg);
}
- /* Remove trailing newline */
- *--p = '\0';
- logit("Login restricted for %s: %.100s", pw->pw_name,
- loginmsg);
+ /* Don't fail if /etc/nologin set */
+ if (!(loginrestrict_errno == EPERM &&
+ stat(_PATH_NOLOGIN, &st) == 0))
+ return 0;
}
- /* Don't fail if /etc/nologin set */
- if (!(loginrestrict_errno == EPERM &&
- stat(_PATH_NOLOGIN, &st) == 0))
- return 0;
}
#endif /* WITH_AIXAUTHENTICATE */
xfree(cp);
}
+#ifdef WITH_AIXAUTHENTICATE
+/*
+ * Remove embedded newlines in string (if any).
+ * Used before logging messages returned by AIX authentication functions
+ * so the message is logged on one line.
+ */
+void
+aix_remove_embedded_newlines(char *p)
+{
+ if (p == NULL)
+ return;
+
+ for (; *p; p++) {
+ if (*p == '\n')
+ *p = ' ';
+ }
+ /* Remove trailing whitespace */
+ if (*--p == ' ')
+ *p = '\0';
+}
+#endif /* WITH_AIXAUTHENTICATE */
+
# ifdef CUSTOM_FAILED_LOGIN
/*
* record_failed_login: generic "login failed" interface function
#endif
void aix_usrinfo(struct passwd *pw);
+void aix_remove_embedded_newlines(char *);
#endif /* _AIX */
extern u_int utmp_len;
extern int startup_pipe;
extern void destroy_sensitive_data(void);
+extern Buffer loginmsg;
/* original command from peer. */
const char *original_command = NULL;
#define MAX_SESSIONS 10
Session sessions[MAX_SESSIONS];
-#ifdef WITH_AIXAUTHENTICATE
-char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
-
#ifdef HAVE_LOGIN_CAP
login_cap_t *lc;
#endif
if (options.use_pam && !is_pam_password_change_required())
print_pam_messages();
#endif /* USE_PAM */
-#ifdef WITH_AIXAUTHENTICATE
- if (aixloginmsg && *aixloginmsg)
- printf("%s\n", aixloginmsg);
-#endif /* WITH_AIXAUTHENTICATE */
+
+ /* display post-login message */
+ if (buffer_len(&loginmsg) > 0) {
+ buffer_append(&loginmsg, "\0", 1);
+ printf("%s\n", (char *)buffer_ptr(&loginmsg));
+ }
+ buffer_free(&loginmsg);
#ifndef NO_SSH_LASTLOG
if (options.print_lastlog && s->last_login_time != 0) {
int use_privsep;
struct monitor *pmonitor;
+/* message to be displayed after login */
+Buffer loginmsg;
+
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
void demote_sensitive_data(void);
packet_set_nonblocking();
+ /* prepare buffers to collect authentication messages */
+ buffer_init(&loginmsg);
+
if (use_privsep)
if ((authctxt = privsep_preauth()) != NULL)
goto authenticated;
andersk / openssh.git / commitdiff
