Attachment #465 for bug #712




#include "log.h"
#include "servconf.h"
#include "auth.h"
#include "buffer.h"
# include "buffer.h"
# include "canohost.h"
extern Buffer loginmsg;
#endif

extern Buffer loginmsg;
extern ServerOptions options;

/*

	}
# endif
# ifdef WITH_AIXAUTHENTICATE
	return aix_authenticate(pw->pw_name, password);
		char *authmsg = NULL;
		int reenter = 1;
		int authsuccess = 0;

		if (authenticate(pw->pw_name, password, &reenter,
		    &authmsg) == 0 && ok) {
			char *msg;
			char *host = 
			    (char *)get_canonical_hostname(options.use_dns);

			authsuccess = 1;
			aix_remove_embedded_newlines(authmsg);	

			debug3("AIX/authenticate succeeded for user %s: %.100s",
				pw->pw_name, authmsg);

	        	/* No pty yet, so just label the line as "ssh" */
			aix_setauthdb(authctxt->user);
	        	if (loginsuccess(authctxt->user, host, "ssh", 
			    &msg) == 0) {
				if (msg != NULL) {
					debug("%s: msg %s", __func__, msg);
					buffer_append(&loginmsg, msg, 
					    strlen(msg));
					xfree(msg);
				}
			}
		} else {
			debug3("AIX/authenticate failed for user %s: %.100s",
			    pw->pw_name, authmsg);
		}

		if (authmsg != NULL)
			xfree(authmsg);

		return authsuccess;
	}
# endif
# ifdef BSD_AUTH
	if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",

Lines 239-244 allowed_user(struct passwd * pw) Link Here

(-)auth.c (+1 lines)
239	* PermitRootLogin to control logins via ssh), or if running as	239	* PermitRootLogin to control logins via ssh), or if running as
240	* non-root user (since loginrestrictions will always fail).	240	* non-root user (since loginrestrictions will always fail).
241	*/	241	*/
		242	aix_setauthdb(pw->pw_name);
242	if ((pw->pw_uid != 0) && (geteuid() == 0)) {	243	if ((pw->pw_uid != 0) && (geteuid() == 0)) {
243	char *msg;	244	char *msg;
244		245




#include "servconf.h"
#include "canohost.h"
#include "xmalloc.h"
#include "buffer.h"

#ifdef _AIX


#include "port-aix.h"

extern ServerOptions options;
extern Buffer loginmsg;

/*
 * AIX has a "usrinfo" area where logname and other stuff is stored - 

}

#ifdef WITH_AIXAUTHENTICATE
int
aix_authenticate(const char *user, const char *password)
{
	char *authmsg;
	int success, reenter = 1;

	aix_setauthdb(user);

	/* XXX: should really loop until reenter == 0 */
	while (reenter) 
		success = (authenticate((char *)user, (char *)password,
		    &reenter, &authmsg) == 0);
	aix_remove_embedded_newlines(authmsg);	
	debug3("AIX/authenticate %s for user %s, reenter %d: %.100s",
	    success ? "succeeded" : "failed", user, reenter, authmsg);

	if (success) {
		char *msg, *host;

		host = (char *)get_canonical_hostname(options.use_dns);

        	/* No pty yet, so just label the line as "ssh" */
        	if (loginsuccess((char *)user, host, "ssh", &msg) == 0 &&
		    msg != NULL) {
			debug3("AIX/loginsuccess: %s", msg);
			buffer_append(&loginmsg, msg, strlen(msg));
			xfree(msg);
		}
	}

	if (authmsg != NULL)
		xfree(authmsg);

	return (success);
}

/*
 * Remove embedded newlines in string (if any).
 * Used before logging messages returned by AIX authentication functions

		*p = '\0';
}
#endif /* WITH_AIXAUTHENTICATE */
 
# ifdef CUSTOM_FAILED_LOGIN
/*
 * record_failed_login: generic "login failed" interface function

void
record_failed_login(const char *user, const char *ttyname)
{
	char *hostname = (char *)get_canonical_hostname(options.use_dns);

	if (geteuid() != 0)
		return;

Lines 55-60 Link Here

(-)openbsd-compat/port-aix.h (+1 lines)
55	# define CUSTOM_FAILED_LOGIN 1	55	# define CUSTOM_FAILED_LOGIN 1
56	void record_failed_login(const char , const char );	56	void record_failed_login(const char , const char );
57	void aix_setauthdb(const char *);	57	void aix_setauthdb(const char *);
		58	int aix_authenticate(const char , const char );
58	#endif	59	#endif
59		60
60	void aix_usrinfo(struct passwd *);	61	void aix_usrinfo(struct passwd *);

Return to bug 712

Lines 29-34 Link Here

(-)openbsd-compat/port-aix.c (-2 / +40 lines)
29	#include "servconf.h"	29	#include "servconf.h"
30	#include "canohost.h"	30	#include "canohost.h"
31	#include "xmalloc.h"	31	#include "xmalloc.h"
		32	#include "buffer.h"
32		33
33	#ifdef _AIX	34	#ifdef _AIX
34		35
Lines 36-41 Link Here
36	#include "port-aix.h"	37	#include "port-aix.h"
37		38
38	extern ServerOptions options;	39	extern ServerOptions options;
		40	extern Buffer loginmsg;
39		41
40	/*	42	/*
41	* AIX has a "usrinfo" area where logname and other stuff is stored -	43	* AIX has a "usrinfo" area where logname and other stuff is stored -
Lines 64-69 aix_usrinfo(struct passwd *pw) Link Here
64	}	66	}
65		67
66	#ifdef WITH_AIXAUTHENTICATE	68	#ifdef WITH_AIXAUTHENTICATE
		69	int
		70	aix_authenticate(const char user, const char password)
		71	{
		72	char *authmsg;
		73	int success, reenter = 1;
		74
		75	aix_setauthdb(user);
		76
		77	/* XXX: should really loop until reenter == 0 */
		78	while (reenter)
		79	success = (authenticate((char )user, (char )password,
		80	&reenter, &authmsg) == 0);
		81	aix_remove_embedded_newlines(authmsg);
		82	debug3("AIX/authenticate %s for user %s, reenter %d: %.100s",
		83	success ? "succeeded" : "failed", user, reenter, authmsg);
		84
		85	if (success) {
		86	char msg, host;
		87
		88	host = (char *)get_canonical_hostname(options.use_dns);
		89
		90	/* No pty yet, so just label the line as "ssh" */
		91	if (loginsuccess((char *)user, host, "ssh", &msg) == 0 &&
		92	msg != NULL) {
		93	debug3("AIX/loginsuccess: %s", msg);
		94	buffer_append(&loginmsg, msg, strlen(msg));
		95	xfree(msg);
		96	}
		97	}
		98
		99	if (authmsg != NULL)
		100	xfree(authmsg);
		101
		102	return (success);
		103	}
		104
67	/*	105	/*
68	* Remove embedded newlines in string (if any).	106	* Remove embedded newlines in string (if any).
69	* Used before logging messages returned by AIX authentication functions	107	* Used before logging messages returned by AIX authentication functions
Lines 84-90 aix_remove_embedded_newlines(char *p) Link Here
84	*p = '\0';	122	*p = '\0';
85	}	123	}
86	#endif /* WITH_AIXAUTHENTICATE */	124	#endif /* WITH_AIXAUTHENTICATE */
87		125
88	# ifdef CUSTOM_FAILED_LOGIN	126	# ifdef CUSTOM_FAILED_LOGIN
89	/*	127	/*
90	* record_failed_login: generic "login failed" interface function	128	* record_failed_login: generic "login failed" interface function
Lines 92-98 aix_remove_embedded_newlines(char *p) Link Here
92	void	130	void
93	record_failed_login(const char user, const char ttyname)	131	record_failed_login(const char user, const char ttyname)
94	{	132	{
95	char *hostname = get_canonical_hostname(options.use_dns);	133	char hostname = (char )get_canonical_hostname(options.use_dns);
96		134
97	if (geteuid() != 0)	135	if (geteuid() != 0)
98	return;	136	return;

Lines 42-53 RCSID("$OpenBSD: auth-passwd.c,v 1.29 20 Link Here

(-)auth-passwd.c (-43 / +3 lines)
42	#include "log.h"	42	#include "log.h"
43	#include "servconf.h"	43	#include "servconf.h"
44	#include "auth.h"	44	#include "auth.h"
45	#ifdef WITH_AIXAUTHENTICATE	45	#include "buffer.h"
46	# include "buffer.h"
47	# include "canohost.h"
48	extern Buffer loginmsg;
49	#endif
50		46
		47	extern Buffer loginmsg;
51	extern ServerOptions options;	48	extern ServerOptions options;
52		49
53	/*	50	/*
Lines 92-135 auth_password(Authctxt *authctxt, const Link Here
92	}	89	}
93	# endif	90	# endif
94	# ifdef WITH_AIXAUTHENTICATE	91	# ifdef WITH_AIXAUTHENTICATE
95	{	92	return aix_authenticate(pw->pw_name, password);
96	char *authmsg = NULL;
97	int reenter = 1;
98	int authsuccess = 0;
99
100	if (authenticate(pw->pw_name, password, &reenter,
101	&authmsg) == 0 && ok) {
102	char *msg;
103	char *host =
104	(char *)get_canonical_hostname(options.use_dns);
105
106	authsuccess = 1;
107	aix_remove_embedded_newlines(authmsg);
108
109	debug3("AIX/authenticate succeeded for user %s: %.100s",
110	pw->pw_name, authmsg);
111
112	/* No pty yet, so just label the line as "ssh" */
113	aix_setauthdb(authctxt->user);
114	if (loginsuccess(authctxt->user, host, "ssh",
115	&msg) == 0) {
116	if (msg != NULL) {
117	debug("%s: msg %s", __func__, msg);
118	buffer_append(&loginmsg, msg,
119	strlen(msg));
120	xfree(msg);
121	}
122	}
123	} else {
124	debug3("AIX/authenticate failed for user %s: %.100s",
125	pw->pw_name, authmsg);
126	}
127
128	if (authmsg != NULL)
129	xfree(authmsg);
130
131	return authsuccess;
132	}
133	# endif	93	# endif
134	# ifdef BSD_AUTH	94	# ifdef BSD_AUTH
135	if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",	95	if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",