From a0c0b6311210e0cddfb1b038bd7b37f5a298ef3e Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 8 Jul 2003 20:52:12 +1000 Subject: [PATCH] - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] Include AIX headers for authentication functions and make calls match prototypes. Test for and handle 3-args and 4-arg variants of loginfailed. --- ChangeLog | 7 ++++++- acconfig.h | 5 ++++- auth-passwd.c | 4 +--- configure.ac | 23 ++++++++++++++++++----- openbsd-compat/port-aix.c | 6 +++++- openbsd-compat/port-aix.h | 9 +++++++++ session.c | 2 +- 7 files changed, 44 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 266756fe3..ea4d4ac20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20030708 + - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] + Include AIX headers for authentication functions and make calls match + prototypes. Test for and handle 3-args and 4-arg variants of loginfailed. + 20030707 - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before searching libraries for it. Fixes build errors on NCR MP-RAS. @@ -662,4 +667,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2846 2003/07/07 09:44:01 dtucker Exp $ +$Id: ChangeLog,v 1.2847 2003/07/08 10:52:12 dtucker Exp $ diff --git a/acconfig.h b/acconfig.h index e6f5ebbbd..23cc9c817 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.157 2003/06/11 12:51:32 djm Exp $ */ +/* $Id: acconfig.h,v 1.158 2003/07/08 10:52:13 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -110,6 +110,9 @@ /* Define if you want to enable AIX4's authenticate function */ #undef WITH_AIXAUTHENTICATE +/* Define if your AIX loginfailed() function takes 3 arguments (AIX <= 5.1) */ +#undef AIX_LOGINFAILED_3ARG + /* Define if you have/want arrays (cluster-wide session managment, not C arrays) */ #undef WITH_IRIX_ARRAY diff --git a/auth-passwd.c b/auth-passwd.c index 9a94c373f..ea65a0125 100644 --- a/auth-passwd.c +++ b/auth-passwd.c @@ -42,15 +42,13 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $"); #include "log.h" #include "servconf.h" #include "auth.h" +#include "canohost.h" #if !defined(HAVE_OSF_SIA) /* Don't need any of these headers for the SIA cases */ # ifdef HAVE_CRYPT_H # include # endif -# ifdef WITH_AIXAUTHENTICATE -# include -# endif # ifdef __hpux # include # include diff --git a/configure.ac b/configure.ac index 8d9143e6c..431c6446b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.131 2003/07/07 09:44:01 dtucker Exp $ +# $Id: configure.ac,v 1.132 2003/07/08 10:52:13 dtucker Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -75,12 +75,25 @@ case "$host" in AC_MSG_RESULT($blibflags) fi LDFLAGS="$saved_LDFLAGS" - AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], + # Check for authenticate. Might be in libs.a on older AIXes + AC_CHECK_FUNC(authenticate, [with_aixauthenticate=1], [AC_CHECK_LIB(s,authenticate, - [ AC_DEFINE(WITH_AIXAUTHENTICATE) + [ with_aixaixauthenticate=1 LIBS="$LIBS -ls" ]) ]) + # Check if loginfailed takes 3 arguments (AIX <= 5.1) + if (test "x$with_aixauthenticate" = "x1" ); then + AC_DEFINE(WITH_AIXAUTHENTICATE) + AC_MSG_CHECKING(if loginfailed takes 3 arguments) + AC_TRY_COMPILE( + [#include ], + [(void)loginfailed("user","host","tty");], + [AC_MSG_RESULT(yes) + AC_DEFINE(AIX_LOGINFAILED_3ARG)], + [AC_MSG_RESULT(no)] + ) + fi AC_DEFINE(BROKEN_GETADDRINFO) AC_DEFINE(BROKEN_REALPATH) dnl AIX handles lastlog as part of its login message @@ -456,8 +469,8 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \ login_cap.h maillock.h netdb.h netgroup.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ - strings.h sys/strtio.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ - sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ + strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \ + sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index b4c9454a1..c8d9517b6 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -70,7 +70,11 @@ record_failed_login(const char *user, const char *ttyname) { char *hostname = get_canonical_hostname(options.use_dns); - loginfailed(user, hostname, ttyname); +# ifdef AIX_LOGINFAILED_3ARG + loginfailed((char *)user, hostname, (char *)ttyname); +# else + loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); +# endif } # endif /* CUSTOM_FAILED_LOGIN */ #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 2254e7462..2787d919d 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -26,6 +26,15 @@ #ifdef _AIX +#ifdef WITH_AIXAUTHENTICATE +# include +# include +# include +# ifdef HAVE_SYS_AUDIT_H +# include +# endif +#endif + /* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */ #if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP) # define nanosleep(a,b) nsleep(a,b) diff --git a/session.c b/session.c index dc9777de9..ac57c3d0f 100644 --- a/session.c +++ b/session.c @@ -1215,7 +1215,7 @@ do_setusercontext(struct passwd *pw) { #ifdef HAVE_SETPCRED - setpcred(pw->pw_name); + setpcred(pw->pw_name, (char **)NULL); #endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP # ifdef __bsdi__