- (dtucker) Move handling of bad password authentications into a platform
specific record_failed_login() function (affects AIX & Unicos).
This commit is contained in:
Darren Tucker
parent
3c01654deb
commit
97363a8b24
|
|
@ -1,6 +1,8 @@
|
|||
20030502
|
||||
- (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
|
||||
privsep should now work.
|
||||
- (dtucker) Move handling of bad password authentications into a platform
|
||||
specific record_failed_login() function (affects AIX & Unicos).
|
||||
|
||||
20030429
|
||||
- (djm) Add back radix.o (used by AFS support), after it went missing from
|
||||
|
|
@ -1360,4 +1362,4 @@
|
|||
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
||||
ok provos@
|
||||
|
||||
$Id: ChangeLog,v 1.2665 2003/05/02 10:48:21 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.2666 2003/05/02 13:42:25 dtucker Exp $
|
||||
|
|
|
|||
15
auth.c
15
auth.c
|
|
@ -268,13 +268,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
|
|||
get_remote_port(),
|
||||
info);
|
||||
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
#ifdef CUSTOM_FAILED_LOGIN
|
||||
if (authenticated == 0 && strcmp(method, "password") == 0)
|
||||
loginfailed(authctxt->user,
|
||||
get_canonical_hostname(options.verify_reverse_mapping),
|
||||
"ssh");
|
||||
#endif /* WITH_AIXAUTHENTICATE */
|
||||
|
||||
record_failed_login(authctxt->user, "ssh");
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -496,10 +493,8 @@ getpwnamallow(const char *user)
|
|||
if (pw == NULL) {
|
||||
logit("Illegal user %.100s from %.100s",
|
||||
user, get_remote_ipaddr());
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
loginfailed(user,
|
||||
get_canonical_hostname(options.verify_reverse_mapping),
|
||||
"ssh");
|
||||
#ifdef CUSTOM_FAILED_LOGIN
|
||||
record_failed_login(user, "ssh");
|
||||
#endif
|
||||
return (NULL);
|
||||
}
|
||||
|
|
|
|||
2
auth1.c
2
auth1.c
|
|
@ -311,8 +311,6 @@ do_authloop(Authctxt *authctxt)
|
|||
authctxt->user);
|
||||
|
||||
#ifdef _UNICOS
|
||||
if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
|
||||
cray_login_failure(authctxt->user, IA_UDBERR);
|
||||
if (authenticated && cray_access_denied(authctxt->user)) {
|
||||
authenticated = 0;
|
||||
fatal("Access denied for user %s.",authctxt->user);
|
||||
|
|
|
|||
4
auth2.c
4
auth2.c
|
|
@ -240,10 +240,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
|
|||
} else {
|
||||
if (authctxt->failures++ > AUTH_FAIL_MAX)
|
||||
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
|
||||
#ifdef _UNICOS
|
||||
if (strcmp(method, "password") == 0)
|
||||
cray_login_failure(authctxt->user, IA_UDBERR);
|
||||
#endif /* _UNICOS */
|
||||
methods = authmethods_get();
|
||||
packet_start(SSH2_MSG_USERAUTH_FAILURE);
|
||||
packet_put_cstring(methods);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
|
||||
* $Id: bsd-cray.c,v 1.9 2003/05/02 13:42:25 dtucker Exp $
|
||||
*
|
||||
* bsd-cray.c
|
||||
*
|
||||
|
|
@ -143,6 +143,14 @@ cray_access_denied(char *username)
|
|||
return (errcode);
|
||||
}
|
||||
|
||||
/*
|
||||
* record_failed_login: generic "login failed" interface function
|
||||
*/
|
||||
record_failed_login(const char *user, const char *ttyname)
|
||||
{
|
||||
cray_login_failure((char *)user, IA_UDBERR);
|
||||
}
|
||||
|
||||
int
|
||||
cray_setup (uid_t uid, char *username, const char *command)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $
|
||||
* $Id: bsd-cray.h,v 1.8 2003/05/02 13:42:25 dtucker Exp $
|
||||
*
|
||||
* bsd-cray.h
|
||||
*
|
||||
|
|
@ -42,6 +42,8 @@ void cray_init_job(struct passwd *); /* init cray job */
|
|||
void cray_job_termination_handler(int); /* process end of job signal */
|
||||
void cray_login_failure(char *username, int errcode);
|
||||
int cray_access_denied(char *username);
|
||||
#define CUSTOM_FAILED_LOGIN 1
|
||||
void record_failed_login(const char *user, const char *ttyname);
|
||||
extern char cray_tmpdir[]; /* cray tmpdir */
|
||||
#ifndef IA_SSHD
|
||||
#define IA_SSHD IA_LOGIN
|
||||
|
|
|
|||
|
|
@ -24,12 +24,17 @@
|
|||
*
|
||||
*/
|
||||
#include "includes.h"
|
||||
#include "ssh.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
|
||||
#ifdef _AIX
|
||||
|
||||
#include <uinfo.h>
|
||||
#include <../xmalloc.h>
|
||||
|
||||
extern ServerOptions options;
|
||||
|
||||
/*
|
||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||
* a few applications actually use this and die if it's not set
|
||||
|
|
@ -52,5 +57,16 @@ aix_usrinfo(struct passwd *pw)
|
|||
xfree(cp);
|
||||
}
|
||||
|
||||
# ifdef CUSTOM_FAILED_LOGIN
|
||||
/*
|
||||
* record_failed_login: generic "login failed" interface function
|
||||
*/
|
||||
void
|
||||
record_failed_login(const char *user, const char *ttyname)
|
||||
{
|
||||
loginfailed(user,
|
||||
get_canonical_hostname(options.verify_reverse_mapping), ttyname);
|
||||
}
|
||||
# endif /* CUSTOM_FAILED_LOGIN */
|
||||
#endif /* _AIX */
|
||||
|
||||
|
|
|
|||
|
|
@ -36,5 +36,10 @@
|
|||
# include <sys/timers.h>
|
||||
#endif
|
||||
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
# define CUSTOM_FAILED_LOGIN 1
|
||||
void record_failed_login(const char *user, const char *ttyname);
|
||||
#endif
|
||||
|
||||
void aix_usrinfo(struct passwd *pw);
|
||||
#endif /* _AIX */
|
||||
|
|
|
|||
Loading…
Reference in New Issue