tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore 

previous authdb setting after auth calls.  Fixes problems with setpcred
   failing on accounts that use AFS or NIS password registries.
This commit is contained in:
Darren Tucker 2004-02-06 16:17:51 +11:00
parent ecc9d46dc5
commit e45674ae80
3 changed files with 47 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -9,6 +9,9 @@
required, please report them. ok djm@ required, please report them. ok djm@
- (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent - (dtucker) [sshd.c] Bug #757: Clear child's environment to prevent
accidentally inheriting from root's environment. ok djm@ accidentally inheriting from root's environment. ok djm@
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
20040129 20040129
- (dtucker) OpenBSD CVS Sync regress/ - (dtucker) OpenBSD CVS Sync regress/
@ -1794,4 +1797,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3209 2004/02/06 05:04:08 dtucker Exp $ $Id: ChangeLog,v 1.3210 2004/02/06 05:17:51 dtucker Exp $

44
openbsd-compat/port-aix.c
View File

@ -39,6 +39,10 @@
extern ServerOptions options; extern ServerOptions options;
extern Buffer loginmsg; extern Buffer loginmsg;
# ifdef HAVE_SETAUTHDB
static char old_registry[REGISTRY_SIZE] = "";
# endif
/* /*
* AIX has a "usrinfo" area where logname and other stuff is stored - * AIX has a "usrinfo" area where logname and other stuff is stored -
* a few applications actually use this and die if it's not set * a few applications actually use this and die if it's not set
@ -119,6 +123,7 @@ aix_authenticate(const char *name, const char *password, const char *host)
xfree(msg); xfree(msg);
} }
} }
aix_restoreauthdb();
} }
if (authmsg != NULL) if (authmsg != NULL)
@ -145,22 +150,21 @@ record_failed_login(const char *user, const char *ttyname)
# else # else
loginfailed((char *)user, hostname, (char *)ttyname); loginfailed((char *)user, hostname, (char *)ttyname);
# endif # endif
aix_restoreauthdb();
} }
# endif /* CUSTOM_FAILED_LOGIN */ # endif /* CUSTOM_FAILED_LOGIN */
/* /*
* If we have setauthdb, retrieve the password registry for the user's * If we have setauthdb, retrieve the password registry for the user's
* account then feed it to setauthdb. This may load registry-specific method * account then feed it to setauthdb. This will mean that subsequent AIX auth
* code. If we don't have setauthdb or have already called it this is a no-op. * functions will only use the specified loadable module. If we don't have
* setauthdb this is a no-op.
*/ */
void void
aix_setauthdb(const char *user) aix_setauthdb(const char *user)
{ {
# ifdef HAVE_SETAUTHDB # ifdef HAVE_SETAUTHDB
static char *registry = NULL; char *registry;
if (registry != NULL) /* have already done setauthdb */
return;
if (setuserdb(S_READ) == -1) { if (setuserdb(S_READ) == -1) {
debug3("%s: Could not open userdb to read", __func__); debug3("%s: Could not open userdb to read", __func__);
@ -168,12 +172,11 @@ aix_setauthdb(const char *user)
} }
if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) { if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
if (setauthdb(registry, NULL) == 0) if (setauthdb(registry, old_registry) == 0)
debug3("%s: AIX/setauthdb set registry %s", __func__, debug3("AIX/setauthdb set registry '%s'", registry);
registry);
else else
debug3("%s: AIX/setauthdb set registry %s failed: %s", debug3("AIX/setauthdb set registry '%s' failed: %s",
__func__, registry, strerror(errno)); registry, strerror(errno));
} else } else
debug3("%s: Could not read S_REGISTRY for user: %s", __func__, debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
strerror(errno)); strerror(errno));
@ -181,6 +184,25 @@ aix_setauthdb(const char *user)
# endif /* HAVE_SETAUTHDB */ # endif /* HAVE_SETAUTHDB */
} }
/*
* Restore the user's registry settings from old_registry.
* Note that if the first aix_setauthdb fails, setauthdb("") is still safe
* (it restores the system default behaviour). If we don't have setauthdb,
* this is a no-op.
*/
void
aix_restoreauthdb(void)
{
# ifdef HAVE_SETAUTHDB
if (setauthdb(old_registry, NULL) == 0)
debug3("%s: restoring old registry '%s'", __func__,
old_registry);
else
debug3("%s: failed to restore old registry %s", __func__,
old_registry);
# endif /* HAVE_SETAUTHDB */
}
# endif /* WITH_AIXAUTHENTICATE */ # endif /* WITH_AIXAUTHENTICATE */
#endif /* _AIX */ #endif /* _AIX */

11
openbsd-compat/port-aix.h
View File

@ -1,4 +1,4 @@
/* $Id: port-aix.h,v 1.16 2003/11/22 03:16:57 dtucker Exp $ */ /* $Id: port-aix.h,v 1.17 2004/02/06 05:17:52 dtucker Exp $ */
/* /*
* *
@ -51,6 +51,14 @@
# include <sys/timers.h> # include <sys/timers.h>
#endif #endif
/*
* According to the setauthdb man page, AIX password registries must be 15
* chars or less plus terminating NUL.
*/
#ifdef HAVE_SETAUTHDB
# define REGISTRY_SIZE 16
#endif
void aix_usrinfo(struct passwd *); void aix_usrinfo(struct passwd *);
#ifdef WITH_AIXAUTHENTICATE #ifdef WITH_AIXAUTHENTICATE
@ -60,5 +68,6 @@ void record_failed_login(const char *, const char *);
int aix_authenticate(const char *, const char *, const char *); int aix_authenticate(const char *, const char *, const char *);
void aix_setauthdb(const char *); void aix_setauthdb(const char *);
void aix_restoreauthdb(void);
void aix_remove_embedded_newlines(char *); void aix_remove_embedded_newlines(char *);
#endif /* _AIX */ #endif /* _AIX */