|
Lines 99-104
Link Here
|
| 99 |
char *authmsg = NULL, *msg; |
99 |
char *authmsg = NULL, *msg; |
| 100 |
int authsuccess = 0, reenter, result; |
100 |
int authsuccess = 0, reenter, result; |
| 101 |
|
101 |
|
|
|
102 |
if (!aix_valid_authentications(name)) |
| 103 |
return 0; |
| 104 |
|
| 102 |
do { |
105 |
do { |
| 103 |
result = authenticate((char *)name, (char *)password, &reenter, |
106 |
result = authenticate((char *)name, (char *)password, &reenter, |
| 104 |
&authmsg); |
107 |
&authmsg); |
|
Lines 181-186
Link Here
|
| 181 |
# endif /* HAVE_SETAUTHDB */ |
184 |
# endif /* HAVE_SETAUTHDB */ |
| 182 |
} |
185 |
} |
| 183 |
|
186 |
|
|
|
187 |
/* XXX: rewrite comment |
| 188 |
* Since we can't sanely support accounts using non=SYSTEM authentication |
| 189 |
* settings (ie auth1 != "SYSTEM") then deny the login. Otherwise, you may |
| 190 |
* get a nasty surprise if you set an account to SYSTEM=NONE and |
| 191 |
* auth1=[something] as only SYSTEM is checked. |
| 192 |
* |
| 193 |
* Returns 0 if non-SYSTEM auth found, 1 otherwise. |
| 194 |
*/ |
| 195 |
int |
| 196 |
aix_valid_authentications(const char *user) |
| 197 |
{ |
| 198 |
char *auth1, *sys, *p; |
| 199 |
int valid = 1; |
| 200 |
|
| 201 |
if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { |
| 202 |
logit("Can't retrieve attribute SYSTEM for %s: %.100s", |
| 203 |
user, strerror(errno)); |
| 204 |
return 0; |
| 205 |
} |
| 206 |
|
| 207 |
debug3("AIX SYSTEM attribute %s", sys); |
| 208 |
if (strcmp(sys, "NONE") != 0) |
| 209 |
return 1; |
| 210 |
|
| 211 |
if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { |
| 212 |
logit("Can't retrieve attribute auth1 for %s: %.100s", |
| 213 |
user, strerror(errno)); |
| 214 |
return 0; |
| 215 |
} |
| 216 |
|
| 217 |
p = auth1; |
| 218 |
/* A SEC_LIST is concatenated strings, ending with two NULs. */ |
| 219 |
while (p[0] != '\0' && p[1] != '\0') { |
| 220 |
debug3("AIX auth1 attribute list member %s", p); |
| 221 |
if (strcmp(p, "NONE") != 0) { |
| 222 |
logit("Account %s has unsupported auth1 value '%s'", |
| 223 |
user, p); |
| 224 |
valid = 0; |
| 225 |
} |
| 226 |
p += strlen(p) + 1; |
| 227 |
} |
| 228 |
|
| 229 |
return (valid); |
| 230 |
} |
| 231 |
|
| 184 |
# endif /* WITH_AIXAUTHENTICATE */ |
232 |
# endif /* WITH_AIXAUTHENTICATE */ |
| 185 |
|
233 |
|
| 186 |
#endif /* _AIX */ |
234 |
#endif /* _AIX */ |