Attachment #541 for bug #14

View | Details | Raw Unified | Return to bug 14 | Differences between

and this patch




#include "servconf.h"
#include "auth.h"
#include "auth-options.h"
#ifdef WITH_AIXAUTHENTICATE
# include "canohost.h"
#endif

extern ServerOptions options;
int sys_auth_passwd(Authctxt *, const char *);

void
disable_forwarding(void)
{
	no_port_forwarding_flag = 1;

		return (auth_close(as));
	}
}
#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
int
sys_auth_passwd(Authctxt *authctxt, const char *password)
{
	return (aix_authenticate(authctxt->pw->pw_name, password,
	    get_canonical_hostname(options.use_dns)));
}
#else
int
sys_auth_passwd(Authctxt *authctxt, const char *password)
{

Lines 123-128 void krb5_cleanup_proc(Authctxt *authctx Link Here

(-)auth.h (+1 lines)
123	#endif /* KRB5 */	123	#endif /* KRB5 */
124		124
125	#include "auth-pam.h"	125	#include "auth-pam.h"
		126	void disable_forwarding(void);
126		127
127	void do_authentication(Authctxt *);	128	void do_authentication(Authctxt *);
128	void do_authentication2(Authctxt *);	129	void do_authentication2(Authctxt *);

Lines 98-107 aix_remove_embedded_newlines(char *p) Link Here

(-)openbsd-compat/port-aix.c (-4 / +35 lines)
98	* returns 0.	98	* returns 0.
99	*/	99	*/
100	int	100	int
101	aix_authenticate(const char name, const char password, const char *host)	101	sys_auth_passwd(Authctxt ctxt, const char password)
102	{	102	{
103	char authmsg = NULL, msg;	103	char authmsg = NULL, host, msg, name = ctxt->pw->pw_name;
104	int authsuccess = 0, reenter, result;	104	int authsuccess = 0, expired, reenter, result;
105		105
106	do {	106	do {
107	result = authenticate((char )name, (char )password, &reenter,	107	result = authenticate((char )name, (char )password, &reenter,
Lines 114-120 aix_authenticate(const char *name, const Link Here
114	if (result == 0) {	114	if (result == 0) {
115	authsuccess = 1;	115	authsuccess = 1;
116		116
117	/* No pty yet, so just label the line as "ssh" */	117	host = (char *)get_canonical_hostname(options.use_dns);
		118
		119	/*
		120	* Record successful login. We don't have a pty yet, so just
		121	* label the line as "ssh"
		122	*/
118	aix_setauthdb(name);	123	aix_setauthdb(name);
119	if (loginsuccess((char )name, (char )host, "ssh", &msg) == 0) {	124	if (loginsuccess((char )name, (char )host, "ssh", &msg) == 0) {
120	if (msg != NULL) {	125	if (msg != NULL) {
Lines 123-128 aix_authenticate(const char *name, const Link Here
123	xfree(msg);	128	xfree(msg);
124	}	129	}
125	}	130	}
		131
		132	/*
		133	* Check if the user's password is expired.
		134	*/
		135	expired = passwdexpired(name, &msg);
		136	if (msg && *msg) {
		137	buffer_append(&loginmsg, msg, strlen(msg));
		138	aix_remove_embedded_newlines(msg);
		139	}
		140	debug3("AIX/passwdexpired returned %d msg %.100s", result, msg);
		141
		142	switch (expired) {
		143	case 0: /* password not expired */
		144	break;
		145	case 1: /* expired, password change required */
		146	ctxt->force_pwchange = 1;
		147	disable_forwarding();
		148	break;
		149	default: /* user can't change(2) or other error (-1) */
		150	logit("Password can't be changed for user %s: %.100s",
		151	name, msg);
		152	if (msg)
		153	xfree(msg);
		154	authsuccess = 0;
		155	}
		156
126	aix_restoreauthdb();	157	aix_restoreauthdb();
127	}	158	}
128		159

Lines 36-41 Link Here

(-)openbsd-compat/port-aix.h (-1 / +5 lines)
36	# include <usersec.h>	36	# include <usersec.h>
37	#endif	37	#endif
38		38
		39	/* For Authctxt */
		40	#include "auth.h"
		41
39	/* Some versions define r_type in the above headers, which causes a conflict */	42	/* Some versions define r_type in the above headers, which causes a conflict */
40	#ifdef r_type	43	#ifdef r_type
41	# undef r_type	44	# undef r_type
Lines 62-72 Link Here
62	void aix_usrinfo(struct passwd *);	65	void aix_usrinfo(struct passwd *);
63		66
64	#ifdef WITH_AIXAUTHENTICATE	67	#ifdef WITH_AIXAUTHENTICATE
		68	# define CUSTOM_SYS_AUTH_PASSWD 1
		69	int sys_auth_passwd(Authctxt , const char );
65	# define CUSTOM_FAILED_LOGIN 1	70	# define CUSTOM_FAILED_LOGIN 1
66	void record_failed_login(const char , const char );	71	void record_failed_login(const char , const char );
67	#endif	72	#endif
68		73
69	int aix_authenticate(const char , const char , const char *);
70	void aix_setauthdb(const char *);	74	void aix_setauthdb(const char *);
71	void aix_restoreauthdb(void);	75	void aix_restoreauthdb(void);
72	void aix_remove_embedded_newlines(char *);	76	void aix_remove_embedded_newlines(char *);

Return to bug 14

Lines 43-56 RCSID("$OpenBSD: auth-passwd.c,v 1.31 20 Link Here

(-)auth-passwd.c (-12 / +2 lines)
43	#include "servconf.h"	43	#include "servconf.h"
44	#include "auth.h"	44	#include "auth.h"
45	#include "auth-options.h"	45	#include "auth-options.h"
46	#ifdef WITH_AIXAUTHENTICATE
47	# include "canohost.h"
48	#endif
49		46
50	extern ServerOptions options;	47	extern ServerOptions options;
51	int sys_auth_passwd(Authctxt , const char );	48	int sys_auth_passwd(Authctxt , const char );
52		49
53	static void	50	void
54	disable_forwarding(void)	51	disable_forwarding(void)
55	{	52	{
56	no_port_forwarding_flag = 1;	53	no_port_forwarding_flag = 1;
Lines 121-134 sys_auth_passwd(Authctxt *authctxt, cons Link Here
121	return (auth_close(as));	118	return (auth_close(as));
122	}	119	}
123	}	120	}
124	#elif defined(WITH_AIXAUTHENTICATE)	121	#elif !defined(CUSTOM_SYS_AUTH_PASSWD)
125	int
126	sys_auth_passwd(Authctxt authctxt, const char password)
127	{
128	return (aix_authenticate(authctxt->pw->pw_name, password,
129	get_canonical_hostname(options.use_dns)));
130	}
131	#else
132	int	122	int
133	sys_auth_passwd(Authctxt authctxt, const char password)	123	sys_auth_passwd(Authctxt authctxt, const char password)
134	{	124	{