Bugzilla – Attachment 536 Details for
Bug 796
sshd should restore previous authdb setting
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Restore old authdb setting after aix auth calls.
openssh-aix-restoreauthdb.patch (text/plain), 3.81 KB, created by
Darren Tucker
on 2004-01-27 18:35:27 AEDT
(
hide
)
Description:
Restore old authdb setting after aix auth calls.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-01-27 18:35:27 AEDT
Size:
3.81 KB
patch
obsolete
>Index: openbsd-compat/port-aix.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v >retrieving revision 1.16 >diff -u -p -r1.16 port-aix.c >--- openbsd-compat/port-aix.c 22 Nov 2003 03:16:57 -0000 1.16 >+++ openbsd-compat/port-aix.c 28 Jan 2004 01:12:50 -0000 >@@ -39,6 +39,10 @@ > extern ServerOptions options; > extern Buffer loginmsg; > >+# ifdef HAVE_SETAUTHDB >+static char old_registry[REGISTRY_SIZE] = ""; >+# endif >+ > /* > * AIX has a "usrinfo" area where logname and other stuff is stored - > * a few applications actually use this and die if it's not set >@@ -119,6 +123,7 @@ aix_authenticate(const char *name, const > xfree(msg); > } > } >+ aix_restoreauthdb(); > } > > if (authmsg != NULL) >@@ -145,22 +150,21 @@ record_failed_login(const char *user, co > # else > loginfailed((char *)user, hostname, (char *)ttyname); > # endif >+ aix_restoreauthdb(); > } > # endif /* CUSTOM_FAILED_LOGIN */ > > /* > * If we have setauthdb, retrieve the password registry for the user's >- * account then feed it to setauthdb. This may load registry-specific method >- * code. If we don't have setauthdb or have already called it this is a no-op. >+ * account then feed it to setauthdb. This will mean that subsequent AIX auth >+ * functions will only use the specified loadable module. If we don't have >+ * setauthdb this is a no-op. > */ > void > aix_setauthdb(const char *user) > { > # ifdef HAVE_SETAUTHDB >- static char *registry = NULL; >- >- if (registry != NULL) /* have already done setauthdb */ >- return; >+ char *registry; > > if (setuserdb(S_READ) == -1) { > debug3("%s: Could not open userdb to read", __func__); >@@ -168,16 +172,34 @@ aix_setauthdb(const char *user) > } > > if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { >- if (setauthdb(registry, NULL) == 0) >- debug3("%s: AIX/setauthdb set registry %s", __func__, >- registry); >+ if (setauthdb(registry, old_registry) == 0) >+ debug3("AIX/setauthdb set registry '%s'", registry); > else >- debug3("%s: AIX/setauthdb set registry %s failed: %s", >- __func__, registry, strerror(errno)); >+ debug3("AIX/setauthdb set registry '%s' failed: %s", >+ registry, strerror(errno)); > } else > debug3("%s: Could not read S_REGISTRY for user: %s", __func__, > strerror(errno)); > enduserdb(); >+# endif /* HAVE_SETAUTHDB */ >+} >+ >+/* >+ * Restore the user's registry settings from old_registry. >+ * Note that if the first aix_setauthdb fails, setauthdb("") is still safe >+ * (it restores the system default behaviour). If we don't have setauthdb, >+ * this is a no-op. >+ */ >+void >+aix_restoreauthdb(void) >+{ >+# ifdef HAVE_SETAUTHDB >+ if (setauthdb(old_registry, NULL) == 0) >+ debug3("%s: restoring old registry '%s'", __func__, >+ old_registry); >+ else >+ debug3("%s: failed to restore old registry %s", __func__, >+ old_registry); > # endif /* HAVE_SETAUTHDB */ > } > >Index: openbsd-compat/port-aix.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v >retrieving revision 1.16 >diff -u -p -r1.16 port-aix.h >--- openbsd-compat/port-aix.h 22 Nov 2003 03:16:57 -0000 1.16 >+++ openbsd-compat/port-aix.h 28 Jan 2004 01:17:38 -0000 >@@ -51,6 +51,14 @@ > # include <sys/timers.h> > #endif > >+/* >+ * According to the setauthdb man page, AIX password registries must be 15 >+ * chars or less plus terminating NUL. >+ */ >+#ifdef HAVE_SETAUTHDB >+# define REGISTRY_SIZE 16 >+#endif >+ > void aix_usrinfo(struct passwd *); > > #ifdef WITH_AIXAUTHENTICATE >@@ -60,5 +68,6 @@ void record_failed_login(const char *, c > > int aix_authenticate(const char *, const char *, const char *); > void aix_setauthdb(const char *); >+void aix_restoreauthdb(void); > void aix_remove_embedded_newlines(char *); > #endif /* _AIX */
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 796
: 536