From 2aa3a16c150d3a1cc32eb08db01ef6a7217edf3e Mon Sep 17 00:00:00 2001 From: dtucker Date: Mon, 14 Jul 2003 06:41:55 +0000 Subject: [PATCH] - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h] Call setauthdb() before loginfailed(), which may load password registry- specific functions. Based on patch by cawlfiel@us.ibm.com. --- CREDITS | 1 + ChangeLog | 3 +++ configure.ac | 1 + openbsd-compat/port-aix.c | 38 ++++++++++++++++++++++++++++++++++++++ openbsd-compat/port-aix.h | 1 + 5 files changed, 44 insertions(+) diff --git a/CREDITS b/CREDITS index 672e32ce..936d25ed 100644 --- a/CREDITS +++ b/CREDITS @@ -49,6 +49,7 @@ Juergen Keil - scp bugfixing KAMAHARA Junzo - Configure fixes Kees Cook - scp fixes Kenji Miyake - Configure fixes +Kevin Cawlfield - AIX fixes. Kevin O'Connor - RSAless operation Kevin Steves - HP support, bugfixes, improvements Kiyokazu SUTO - Bugfixes diff --git a/ChangeLog b/ChangeLog index ce12eaeb..9713c7cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ loginfailed at all, so assume 3-arg loginfailed if not declared. - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by undef'ing it. + - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h] + Call setauthdb() before loginfailed(), which may load password registry- + specific functions. Based on patch by cawlfiel@us.ibm.com. 20030708 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] diff --git a/configure.ac b/configure.ac index 206e8ebb..15711762 100644 --- a/configure.ac +++ b/configure.ac @@ -95,6 +95,7 @@ case "$host" in [], [#include ] ) + AC_CHECK_FUNCS(setauthdb) AC_DEFINE(BROKEN_GETADDRINFO) AC_DEFINE(BROKEN_REALPATH) dnl AIX handles lastlog as part of its login message diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 56292372..7a981634 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -32,6 +32,7 @@ #include #include <../xmalloc.h> +#include "port-aix.h" extern ServerOptions options; @@ -92,12 +93,49 @@ record_failed_login(const char *user, const char *ttyname) { char *hostname = get_canonical_hostname(options.use_dns); + if (geteuid() != 0) + return; + + aix_setauthdb(user); # ifdef AIX_LOGINFAILED_4ARG loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); # else loginfailed((char *)user, hostname, (char *)ttyname); # endif } + +/* + * If we have setauthdb, retrieve the password registry for the user's + * account then feed it to setauthdb. This may load registry-specific method + * code. If we don't have setauthdb or have already called it this is a no-op. + */ +void +aix_setauthdb(const char *user) +{ +# ifdef HAVE_SETAUTHDB + static char *registry = NULL; + + if (registry != NULL) /* have already done setauthdb */ + return; + + if (setuserdb(S_READ) == -1) { + debug3("%s: Could not open userdb to read", __func__); + return; + } + + if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { + if (setauthdb(registry, NULL) == 0) + debug3("%s: AIX/setauthdb set registry %s", __func__, + registry); + else + debug3("%s: AIX/setauthdb set registry %s failed: %s", + __func__, registry, strerror(errno)); + } else + debug3("%s: Could not read S_REGISTRY for user: %s", __func__, + strerror(errno)); + enduserdb(); +# endif +} # endif /* CUSTOM_FAILED_LOGIN */ #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 2e5def54..25ceb5b1 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -53,6 +53,7 @@ #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_FAILED_LOGIN 1 void record_failed_login(const char *user, const char *ttyname); +void aix_setauthdb(const char *); #endif void aix_usrinfo(struct passwd *pw); -- 2.45.1