Bugzilla – Attachment 464 Details for
Bug 712
ssh does not properly utilize OS specified authentication methods on AIX
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Move AIX password auth to port-aix.c and use authenticate's reenter
openssh-aixpasswd.patch (text/plain), 4.57 KB, created by
Darren Tucker
on 2003-09-24 19:24:52 AEST
(
hide
)
Description:
Move AIX password auth to port-aix.c and use authenticate's reenter
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2003-09-24 19:24:52 AEST
Size:
4.57 KB
patch
obsolete
>Index: auth-passwd.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v >retrieving revision 1.62 >diff -u -p -r1.62 auth-passwd.c >--- auth-passwd.c 18 Sep 2003 08:25:46 -0000 1.62 >+++ auth-passwd.c 24 Sep 2003 09:16:11 -0000 >@@ -42,12 +42,9 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.29 20 > #include "log.h" > #include "servconf.h" > #include "auth.h" >-#ifdef WITH_AIXAUTHENTICATE >-# include "buffer.h" >-# include "canohost.h" >-extern Buffer loginmsg; >-#endif >+#include "buffer.h" > >+extern Buffer loginmsg; > extern ServerOptions options; > > /* >@@ -92,44 +89,7 @@ auth_password(Authctxt *authctxt, const > } > # endif > # ifdef WITH_AIXAUTHENTICATE >- { >- char *authmsg = NULL; >- int reenter = 1; >- int authsuccess = 0; >- >- if (authenticate(pw->pw_name, password, &reenter, >- &authmsg) == 0 && ok) { >- char *msg; >- char *host = >- (char *)get_canonical_hostname(options.use_dns); >- >- authsuccess = 1; >- aix_remove_embedded_newlines(authmsg); >- >- debug3("AIX/authenticate succeeded for user %s: %.100s", >- pw->pw_name, authmsg); >- >- /* No pty yet, so just label the line as "ssh" */ >- aix_setauthdb(authctxt->user); >- if (loginsuccess(authctxt->user, host, "ssh", >- &msg) == 0) { >- if (msg != NULL) { >- debug("%s: msg %s", __func__, msg); >- buffer_append(&loginmsg, msg, >- strlen(msg)); >- xfree(msg); >- } >- } >- } else { >- debug3("AIX/authenticate failed for user %s: %.100s", >- pw->pw_name, authmsg); >- } >- >- if (authmsg != NULL) >- xfree(authmsg); >- >- return authsuccess; >- } >+ return aix_authenticate(pw->pw_name, password); > # endif > # ifdef BSD_AUTH > if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", >Index: openbsd-compat/port-aix.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v >retrieving revision 1.15 >diff -u -p -r1.15 port-aix.c >--- openbsd-compat/port-aix.c 22 Sep 2003 03:05:26 -0000 1.15 >+++ openbsd-compat/port-aix.c 24 Sep 2003 09:07:48 -0000 >@@ -29,6 +29,7 @@ > #include "servconf.h" > #include "canohost.h" > #include "xmalloc.h" >+#include "buffer.h" > > #ifdef _AIX > >@@ -36,6 +37,7 @@ > #include "port-aix.h" > > extern ServerOptions options; >+extern Buffer loginmsg; > > /* > * AIX has a "usrinfo" area where logname and other stuff is stored - >@@ -64,6 +66,42 @@ aix_usrinfo(struct passwd *pw) > } > > #ifdef WITH_AIXAUTHENTICATE >+int >+aix_authenticate(const char *user, const char *password) >+{ >+ char *authmsg; >+ int success, reenter = 1; >+ >+ aix_setauthdb(user); >+ >+ /* XXX: should really loop until reenter == 0 */ >+ while (reenter) >+ success = (authenticate((char *)user, (char *)password, >+ &reenter, &authmsg) == 0); >+ aix_remove_embedded_newlines(authmsg); >+ debug3("AIX/authenticate %s for user %s, reenter %d: %.100s", >+ success ? "succeeded" : "failed", user, reenter, authmsg); >+ >+ if (success) { >+ char *msg, *host; >+ >+ host = (char *)get_canonical_hostname(options.use_dns); >+ >+ /* No pty yet, so just label the line as "ssh" */ >+ if (loginsuccess((char *)user, host, "ssh", &msg) == 0 && >+ msg != NULL) { >+ debug3("AIX/loginsuccess: %s", msg); >+ buffer_append(&loginmsg, msg, strlen(msg)); >+ xfree(msg); >+ } >+ } >+ >+ if (authmsg != NULL) >+ xfree(authmsg); >+ >+ return (success); >+} >+ > /* > * Remove embedded newlines in string (if any). > * Used before logging messages returned by AIX authentication functions >@@ -84,7 +122,7 @@ aix_remove_embedded_newlines(char *p) > *p = '\0'; > } > #endif /* WITH_AIXAUTHENTICATE */ >- >+ > # ifdef CUSTOM_FAILED_LOGIN > /* > * record_failed_login: generic "login failed" interface function >@@ -92,7 +130,7 @@ aix_remove_embedded_newlines(char *p) > void > record_failed_login(const char *user, const char *ttyname) > { >- char *hostname = get_canonical_hostname(options.use_dns); >+ char *hostname = (char *)get_canonical_hostname(options.use_dns); > > if (geteuid() != 0) > return; >Index: openbsd-compat/port-aix.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v >retrieving revision 1.15 >diff -u -p -r1.15 port-aix.h >--- openbsd-compat/port-aix.h 19 Sep 2003 10:43:38 -0000 1.15 >+++ openbsd-compat/port-aix.h 24 Sep 2003 09:17:36 -0000 >@@ -55,6 +55,7 @@ > # define CUSTOM_FAILED_LOGIN 1 > void record_failed_login(const char *, const char *); > void aix_setauthdb(const char *); >+int aix_authenticate(const char *, const char *); > #endif > > void aix_usrinfo(struct passwd *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=464">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 712
:
464
|
465
|
534
|
668