- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls. Fixes problems with setpcred failing on accounts that use AFS or NIS password registries.
This commit is contained in:
Darren Tucker
parent
ecc9d46dc5
commit
e45674ae80
|
|
@ -9,6 +9,9 @@
|
|||
required, please report them. ok djm@
|
||||
- (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
|
||||
accidentally inheriting from root's environment. ok djm@
|
||||
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
|
||||
previous authdb setting after auth calls. Fixes problems with setpcred
|
||||
failing on accounts that use AFS or NIS password registries.
|
||||
|
||||
20040129
|
||||
- (dtucker) OpenBSD CVS Sync regress/
|
||||
|
|
@ -1794,4 +1797,4 @@
|
|||
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
|
||||
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
|
||||
|
||||
$Id: ChangeLog,v 1.3209 2004/02/06 05:04:08 dtucker Exp $
|
||||
$Id: ChangeLog,v 1.3210 2004/02/06 05:17:51 dtucker Exp $
|
||||
|
|
|
|||
|
|
@ -39,6 +39,10 @@
|
|||
extern ServerOptions options;
|
||||
extern Buffer loginmsg;
|
||||
|
||||
# ifdef HAVE_SETAUTHDB
|
||||
static char old_registry[REGISTRY_SIZE] = "";
|
||||
# endif
|
||||
|
||||
/*
|
||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||
* a few applications actually use this and die if it's not set
|
||||
|
|
@ -119,6 +123,7 @@ aix_authenticate(const char *name, const char *password, const char *host)
|
|||
xfree(msg);
|
||||
}
|
||||
}
|
||||
aix_restoreauthdb();
|
||||
}
|
||||
|
||||
if (authmsg != NULL)
|
||||
|
|
@ -145,22 +150,21 @@ record_failed_login(const char *user, const char *ttyname)
|
|||
# else
|
||||
loginfailed((char *)user, hostname, (char *)ttyname);
|
||||
# endif
|
||||
aix_restoreauthdb();
|
||||
}
|
||||
# endif /* CUSTOM_FAILED_LOGIN */
|
||||
|
||||
/*
|
||||
* If we have setauthdb, retrieve the password registry for the user's
|
||||
* account then feed it to setauthdb. This may load registry-specific method
|
||||
* code. If we don't have setauthdb or have already called it this is a no-op.
|
||||
* account then feed it to setauthdb. This will mean that subsequent AIX auth
|
||||
* functions will only use the specified loadable module. If we don't have
|
||||
* setauthdb this is a no-op.
|
||||
*/
|
||||
void
|
||||
aix_setauthdb(const char *user)
|
||||
{
|
||||
# ifdef HAVE_SETAUTHDB
|
||||
static char *registry = NULL;
|
||||
|
||||
if (registry != NULL) /* have already done setauthdb */
|
||||
return;
|
||||
char *registry;
|
||||
|
||||
if (setuserdb(S_READ) == -1) {
|
||||
debug3("%s: Could not open userdb to read", __func__);
|
||||
|
|
@ -168,12 +172,11 @@ aix_setauthdb(const char *user)
|
|||
}
|
||||
|
||||
if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) {
|
||||
if (setauthdb(registry, NULL) == 0)
|
||||
debug3("%s: AIX/setauthdb set registry %s", __func__,
|
||||
registry);
|
||||
if (setauthdb(registry, old_registry) == 0)
|
||||
debug3("AIX/setauthdb set registry '%s'", registry);
|
||||
else
|
||||
debug3("%s: AIX/setauthdb set registry %s failed: %s",
|
||||
__func__, registry, strerror(errno));
|
||||
debug3("AIX/setauthdb set registry '%s' failed: %s",
|
||||
registry, strerror(errno));
|
||||
} else
|
||||
debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
|
||||
strerror(errno));
|
||||
|
|
@ -181,6 +184,25 @@ aix_setauthdb(const char *user)
|
|||
# endif /* HAVE_SETAUTHDB */
|
||||
}
|
||||
|
||||
/*
|
||||
* Restore the user's registry settings from old_registry.
|
||||
* Note that if the first aix_setauthdb fails, setauthdb("") is still safe
|
||||
* (it restores the system default behaviour). If we don't have setauthdb,
|
||||
* this is a no-op.
|
||||
*/
|
||||
void
|
||||
aix_restoreauthdb(void)
|
||||
{
|
||||
# ifdef HAVE_SETAUTHDB
|
||||
if (setauthdb(old_registry, NULL) == 0)
|
||||
debug3("%s: restoring old registry '%s'", __func__,
|
||||
old_registry);
|
||||
else
|
||||
debug3("%s: failed to restore old registry %s", __func__,
|
||||
old_registry);
|
||||
# endif /* HAVE_SETAUTHDB */
|
||||
}
|
||||
|
||||
# endif /* WITH_AIXAUTHENTICATE */
|
||||
|
||||
#endif /* _AIX */
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: port-aix.h,v 1.16 2003/11/22 03:16:57 dtucker Exp $ */
|
||||
/* $Id: port-aix.h,v 1.17 2004/02/06 05:17:52 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
|
|
@ -51,6 +51,14 @@
|
|||
# include <sys/timers.h>
|
||||
#endif
|
||||
|
||||
/*
|
||||
* According to the setauthdb man page, AIX password registries must be 15
|
||||
* chars or less plus terminating NUL.
|
||||
*/
|
||||
#ifdef HAVE_SETAUTHDB
|
||||
# define REGISTRY_SIZE 16
|
||||
#endif
|
||||
|
||||
void aix_usrinfo(struct passwd *);
|
||||
|
||||
#ifdef WITH_AIXAUTHENTICATE
|
||||
|
|
@ -60,5 +68,6 @@ void record_failed_login(const char *, const char *);
|
|||
|
||||
int aix_authenticate(const char *, const char *, const char *);
|
||||
void aix_setauthdb(const char *);
|
||||
void aix_restoreauthdb(void);
|
||||
void aix_remove_embedded_newlines(char *);
|
||||
#endif /* _AIX */
|
||||
|
|
|
|||
Loading…
Reference in New Issue