mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-31 01:35:11 +02:00
- (dtucker) Move handling of bad password authentications into a platform
specific record_failed_login() function (affects AIX & Unicos).
This commit is contained in:
Darren Tucker
parent
3c01654deb
commit
97363a8b24
@ -1,6 +1,8 @@
|
|||||||
20030502
|
20030502
|
||||||
- (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
|
- (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
|
||||||
privsep should now work.
|
privsep should now work.
|
||||||
|
- (dtucker) Move handling of bad password authentications into a platform
|
||||||
|
specific record_failed_login() function (affects AIX & Unicos).
|
||||||
|
|
||||||
20030429
|
20030429
|
||||||
- (djm) Add back radix.o (used by AFS support), after it went missing from
|
- (djm) Add back radix.o (used by AFS support), after it went missing from
|
||||||
@ -1360,4 +1362,4 @@
|
|||||||
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
||||||
ok provos@
|
ok provos@
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.2665 2003/05/02 10:48:21 dtucker Exp $
|
$Id: ChangeLog,v 1.2666 2003/05/02 13:42:25 dtucker Exp $
|
||||||
|
|||||||
15
auth.c
15
auth.c
@ -268,13 +268,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
|
|||||||
get_remote_port(),
|
get_remote_port(),
|
||||||
info);
|
info);
|
||||||
|
|
||||||
#ifdef WITH_AIXAUTHENTICATE
|
#ifdef CUSTOM_FAILED_LOGIN
|
||||||
if (authenticated == 0 && strcmp(method, "password") == 0)
|
if (authenticated == 0 && strcmp(method, "password") == 0)
|
||||||
loginfailed(authctxt->user,
|
record_failed_login(authctxt->user, "ssh");
|
||||||
get_canonical_hostname(options.verify_reverse_mapping),
|
#endif
|
||||||
"ssh");
|
|
||||||
#endif /* WITH_AIXAUTHENTICATE */
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -496,10 +493,8 @@ getpwnamallow(const char *user)
|
|||||||
if (pw == NULL) {
|
if (pw == NULL) {
|
||||||
logit("Illegal user %.100s from %.100s",
|
logit("Illegal user %.100s from %.100s",
|
||||||
user, get_remote_ipaddr());
|
user, get_remote_ipaddr());
|
||||||
#ifdef WITH_AIXAUTHENTICATE
|
#ifdef CUSTOM_FAILED_LOGIN
|
||||||
loginfailed(user,
|
record_failed_login(user, "ssh");
|
||||||
get_canonical_hostname(options.verify_reverse_mapping),
|
|
||||||
"ssh");
|
|
||||||
#endif
|
#endif
|
||||||
return (NULL);
|
return (NULL);
|
||||||
}
|
}
|
||||||
|
|||||||
2
auth1.c
2
auth1.c
@ -311,8 +311,6 @@ do_authloop(Authctxt *authctxt)
|
|||||||
authctxt->user);
|
authctxt->user);
|
||||||
|
|
||||||
#ifdef _UNICOS
|
#ifdef _UNICOS
|
||||||
if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
|
|
||||||
cray_login_failure(authctxt->user, IA_UDBERR);
|
|
||||||
if (authenticated && cray_access_denied(authctxt->user)) {
|
if (authenticated && cray_access_denied(authctxt->user)) {
|
||||||
authenticated = 0;
|
authenticated = 0;
|
||||||
fatal("Access denied for user %s.",authctxt->user);
|
fatal("Access denied for user %s.",authctxt->user);
|
||||||
|
|||||||
4
auth2.c
4
auth2.c
@ -240,10 +240,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
|
|||||||
} else {
|
} else {
|
||||||
if (authctxt->failures++ > AUTH_FAIL_MAX)
|
if (authctxt->failures++ > AUTH_FAIL_MAX)
|
||||||
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
|
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
|
||||||
#ifdef _UNICOS
|
|
||||||
if (strcmp(method, "password") == 0)
|
|
||||||
cray_login_failure(authctxt->user, IA_UDBERR);
|
|
||||||
#endif /* _UNICOS */
|
|
||||||
methods = authmethods_get();
|
methods = authmethods_get();
|
||||||
packet_start(SSH2_MSG_USERAUTH_FAILURE);
|
packet_start(SSH2_MSG_USERAUTH_FAILURE);
|
||||||
packet_put_cstring(methods);
|
packet_put_cstring(methods);
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
|
* $Id: bsd-cray.c,v 1.9 2003/05/02 13:42:25 dtucker Exp $
|
||||||
*
|
*
|
||||||
* bsd-cray.c
|
* bsd-cray.c
|
||||||
*
|
*
|
||||||
@ -143,6 +143,14 @@ cray_access_denied(char *username)
|
|||||||
return (errcode);
|
return (errcode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* record_failed_login: generic "login failed" interface function
|
||||||
|
*/
|
||||||
|
record_failed_login(const char *user, const char *ttyname)
|
||||||
|
{
|
||||||
|
cray_login_failure((char *)user, IA_UDBERR);
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
cray_setup (uid_t uid, char *username, const char *command)
|
cray_setup (uid_t uid, char *username, const char *command)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $
|
* $Id: bsd-cray.h,v 1.8 2003/05/02 13:42:25 dtucker Exp $
|
||||||
*
|
*
|
||||||
* bsd-cray.h
|
* bsd-cray.h
|
||||||
*
|
*
|
||||||
@ -42,6 +42,8 @@ void cray_init_job(struct passwd *); /* init cray job */
|
|||||||
void cray_job_termination_handler(int); /* process end of job signal */
|
void cray_job_termination_handler(int); /* process end of job signal */
|
||||||
void cray_login_failure(char *username, int errcode);
|
void cray_login_failure(char *username, int errcode);
|
||||||
int cray_access_denied(char *username);
|
int cray_access_denied(char *username);
|
||||||
|
#define CUSTOM_FAILED_LOGIN 1
|
||||||
|
void record_failed_login(const char *user, const char *ttyname);
|
||||||
extern char cray_tmpdir[]; /* cray tmpdir */
|
extern char cray_tmpdir[]; /* cray tmpdir */
|
||||||
#ifndef IA_SSHD
|
#ifndef IA_SSHD
|
||||||
#define IA_SSHD IA_LOGIN
|
#define IA_SSHD IA_LOGIN
|
||||||
|
|||||||
@ -24,12 +24,17 @@
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
|
#include "ssh.h"
|
||||||
|
#include "log.h"
|
||||||
|
#include "servconf.h"
|
||||||
|
|
||||||
#ifdef _AIX
|
#ifdef _AIX
|
||||||
|
|
||||||
#include <uinfo.h>
|
#include <uinfo.h>
|
||||||
#include <../xmalloc.h>
|
#include <../xmalloc.h>
|
||||||
|
|
||||||
|
extern ServerOptions options;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||||
* a few applications actually use this and die if it's not set
|
* a few applications actually use this and die if it's not set
|
||||||
@ -52,5 +57,16 @@ aix_usrinfo(struct passwd *pw)
|
|||||||
xfree(cp);
|
xfree(cp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# ifdef CUSTOM_FAILED_LOGIN
|
||||||
|
/*
|
||||||
|
* record_failed_login: generic "login failed" interface function
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
record_failed_login(const char *user, const char *ttyname)
|
||||||
|
{
|
||||||
|
loginfailed(user,
|
||||||
|
get_canonical_hostname(options.verify_reverse_mapping), ttyname);
|
||||||
|
}
|
||||||
|
# endif /* CUSTOM_FAILED_LOGIN */
|
||||||
#endif /* _AIX */
|
#endif /* _AIX */
|
||||||
|
|
||||||
|
|||||||
@ -36,5 +36,10 @@
|
|||||||
# include <sys/timers.h>
|
# include <sys/timers.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifdef WITH_AIXAUTHENTICATE
|
||||||
|
# define CUSTOM_FAILED_LOGIN 1
|
||||||
|
void record_failed_login(const char *user, const char *ttyname);
|
||||||
|
#endif
|
||||||
|
|
||||||
void aix_usrinfo(struct passwd *pw);
|
void aix_usrinfo(struct passwd *pw);
|
||||||
#endif /* _AIX */
|
#endif /* _AIX */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user