aboutsummaryrefslogtreecommitdiff
path: root/crypto/openssh/openbsd-compat/port-aix.c
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2004-01-07 11:10:17 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2004-01-07 11:10:17 +0000
commitd95e11bf7e5a59b5c3f81bd8dfc2918ee7d3bada (patch)
treed7e09b6d73cb37aa875779151439b14df7273b87 /crypto/openssh/openbsd-compat/port-aix.c
parentdcf5581978ae9708715473af978f587c1ad7caf7 (diff)
downloadsrc-d95e11bf7e5a59b5c3f81bd8dfc2918ee7d3bada.tar.gz
src-d95e11bf7e5a59b5c3f81bd8dfc2918ee7d3bada.zip
Notes
Diffstat (limited to 'crypto/openssh/openbsd-compat/port-aix.c')
-rw-r--r--crypto/openssh/openbsd-compat/port-aix.c94
1 files changed, 90 insertions, 4 deletions
diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c
index 4c96a3171b90..9fbcce936d4d 100644
--- a/crypto/openssh/openbsd-compat/port-aix.c
+++ b/crypto/openssh/openbsd-compat/port-aix.c
@@ -24,11 +24,18 @@
*
*/
#include "includes.h"
+#include "ssh.h"
+#include "log.h"
+#include "servconf.h"
+#include "canohost.h"
+#include "xmalloc.h"
#ifdef _AIX
#include <uinfo.h>
-#include <../xmalloc.h>
+#include "port-aix.h"
+
+extern ServerOptions options;
/*
* AIX has a "usrinfo" area where logname and other stuff is stored -
@@ -41,16 +48,95 @@ void
aix_usrinfo(struct passwd *pw)
{
u_int i;
+ size_t len;
char *cp;
- cp = xmalloc(16 + 2 * strlen(pw->pw_name));
- i = sprintf(cp, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, 0,
- pw->pw_name, 0);
+ len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
+ cp = xmalloc(len);
+
+ i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
+ pw->pw_name, '\0');
if (usrinfo(SETUINFO, cp, i) == -1)
fatal("Couldn't set usrinfo: %s", strerror(errno));
debug3("AIX/UsrInfo: set len %d", i);
+
xfree(cp);
}
+#ifdef WITH_AIXAUTHENTICATE
+/*
+ * Remove embedded newlines in string (if any).
+ * Used before logging messages returned by AIX authentication functions
+ * so the message is logged on one line.
+ */
+void
+aix_remove_embedded_newlines(char *p)
+{
+ if (p == NULL)
+ return;
+
+ for (; *p; p++) {
+ if (*p == '\n')
+ *p = ' ';
+ }
+ /* Remove trailing whitespace */
+ if (*--p == ' ')
+ *p = '\0';
+}
+#endif /* WITH_AIXAUTHENTICATE */
+
+# ifdef CUSTOM_FAILED_LOGIN
+/*
+ * record_failed_login: generic "login failed" interface function
+ */
+void
+record_failed_login(const char *user, const char *ttyname)
+{
+ char *hostname = get_canonical_hostname(options.use_dns);
+
+ if (geteuid() != 0)
+ return;
+
+ aix_setauthdb(user);
+# ifdef AIX_LOGINFAILED_4ARG
+ loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
+# else
+ loginfailed((char *)user, hostname, (char *)ttyname);
+# endif
+}
+
+/*
+ * If we have setauthdb, retrieve the password registry for the user's
+ * account then feed it to setauthdb. This may load registry-specific method
+ * code. If we don't have setauthdb or have already called it this is a no-op.
+ */
+void
+aix_setauthdb(const char *user)
+{
+# ifdef HAVE_SETAUTHDB
+ static char *registry = NULL;
+
+ if (registry != NULL) /* have already done setauthdb */
+ return;
+
+ if (setuserdb(S_READ) == -1) {
+ debug3("%s: Could not open userdb to read", __func__);
+ return;
+ }
+
+ if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
+ if (setauthdb(registry, NULL) == 0)
+ debug3("%s: AIX/setauthdb set registry %s", __func__,
+ registry);
+ else
+ debug3("%s: AIX/setauthdb set registry %s failed: %s",
+ __func__, registry, strerror(errno));
+ } else
+ debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
+ strerror(errno));
+ enduserdb();
+# endif
+}
+# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */