Darren Tucker
acb2887a76
Handle GIDs > 2^31 in getgrouplist.
...
When compiled in 32bit mode, the getgrouplist implementation may fail
for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel
at tui.com.
2021-06-17 21:03:19 +10:00
Darren Tucker
31c9348c5e
Constify aix_krb5_get_principal_name.
...
Prevents warning about discarding type qualifiers on AIX.
2020-02-17 22:53:24 +11:00
Darren Tucker
245dcbdca5
Put headers inside ifdef _AIX.
...
Prevents compile errors due to missing definitions (eg va_list) on
non-AIX platforms.
2019-11-13 11:19:26 +11:00
Darren Tucker
79a87d3278
Remove "struct ssh" from sys_auth_record_login.
...
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
2019-04-03 06:27:45 +11:00
Darren Tucker
138c0d52cd
Adapt custom_failed_login to new prototype.
...
Spotted by Kevin Brott.
2019-04-02 18:21:35 +11:00
Damien Miller
08f66d9f17
remove vestiges of old packet API from loginrec.c
2019-01-20 09:58:45 +11:00
Damien Miller
e36a5f61b0
Some AIX fixes; report from Michael Felt
2018-08-11 18:08:45 -07:00
markus@openbsd.org
5467fbcb09
upstream: remove legacy key emulation layer; ok djm@
...
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
Damien Miller
120a1ec74e
Adapt portable to legacy buffer API removal
2018-07-10 19:39:52 +10:00
Darren Tucker
6b5a17bc14
Include ssh_api.h for struct ssh.
...
struct ssh is needed by implementations of sys_auth_passwd() that were
converted in commit bba02a50
. Needed to fix build on AIX, I assume for
the other platforms too (although it should be harmless if not needed).
2018-03-26 13:24:41 +11:00
Tim Rice
bba02a5094
modified: auth-sia.c
...
modified: openbsd-compat/port-aix.c
modified: openbsd-compat/port-uw.c
propogate changes to auth-passwd.c in commit
7c85685760
to other providers
of sys_auth_passwd()
2018-03-25 09:17:33 -07:00
Darren Tucker
c20dccb561
Strip trailing whitespace.
...
Mechanically strip trailing whitespace on files not synced with OpenBSD
(or in the case of bsd-snprint.c, rsync).
2016-08-02 09:44:25 +10:00
Darren Tucker
f60845fde2
- (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
...
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
Darren Tucker
1bf3503c9d
- (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
...
Bug #1583 : Use system's kerberos principal name on AIX if it's available.
Based on a patch from and tested by Miguel Sanders.
2009-12-21 10:49:21 +11:00
Darren Tucker
b5d5ee1ab0
- (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595 : make
...
PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
2009-08-17 09:40:00 +10:00
Darren Tucker
16ba6a8ea2
- (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
...
implementation. It's not needed to fix bug #1081 and breaks the build
on some AIX configurations.
2008-03-09 16:36:55 +11:00
Darren Tucker
0f26b1386a
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081 : Implement
...
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
This allows, eg, Match and AllowGroups directives to work with NIS and
LDAP groups.
2008-02-28 23:16:04 +11:00
Darren Tucker
863cfa0e6f
- (dtucker) [openbsd-compat/port-aix.c] Comment typo.
2007-08-09 14:29:47 +10:00
Darren Tucker
c70ce7b09d
- (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
...
Prevents macro redefinition warnings of "RDONLY".
2006-09-18 23:54:32 +10:00
Damien Miller
ded319cca2
- (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
...
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
[auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
[cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
[dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
[md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
[scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
[ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
[sshconnect1.c sshconnect2.c sshd.c rc4.diff]
[openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
[openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
[openbsd-compat/port-uw.c]
Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Darren Tucker
26d4e19caa
- (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207 : always call
...
loginsuccess on AIX immediately after authentication to clear the failed
login count. Previously this would only happen when an interactive
session starts (ie when a pty is allocated) but this means that accounts
that have primarily non-interactive sessions (eg scp's) may gradually
accumulate enough failures to lock out an account. This change may have
a side effect of creating two audit records, one with a tty of "ssh"
corresponding to the authentication and one with the allocated pty per
interactive session.
2006-08-30 22:33:09 +10:00
Damien Miller
d783435315
- deraadt@cvs.openbsd.org 2006/08/03 03:34:42
...
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
[auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
[auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
[auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
[buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
[cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
[compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
[groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
[kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
[key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
[monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
[monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
[readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
[serverloop.c session.c session.h sftp-client.c sftp-common.c]
[sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
[ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
[ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
[sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
[uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
[loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
almost entirely get rid of the culture of ".h files that include .h files"
ok djm, sort of ok stevesk
makes the pain stop in one easy step
NB. portable commit contains everything *except* removing includes.h, as
that will take a fair bit more work as we move headers that are required
for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
62da44f064
- (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
...
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
[openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
[openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
[openbsd-compat/rresvport.c]
These look to need string.h and/or unistd.h (based on a grep for function
names)
2006-07-24 15:08:35 +10:00
Damien Miller
be43ebf975
- stevesk@cvs.openbsd.org 2006/07/12 22:28:52
...
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Darren Tucker
2eaea99054
- (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
...
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
Darren Tucker
f9fea65ba9
- (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
...
spotted by tim@.
2005-05-29 10:54:27 +10:00
Darren Tucker
6b2fe31def
- (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there.
2005-05-29 10:32:47 +10:00
Darren Tucker
782727ac61
20050529
...
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046 : AIX 5.3 expects the
argument to passwdexpired to be initialized to NULL. Suggested by tim@
While at it, initialize the other arguments to auth functions in case they
ever acquire this behaviour.
2005-05-29 10:28:48 +10:00
Darren Tucker
f3bb434177
- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006 : fix bug in
...
handling of password expiry messages returned by AIX's authentication
routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
Darren Tucker
3c774c52f3
- (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
...
compiler warnings on AIX.
2005-02-16 22:49:31 +11:00
Darren Tucker
691d5235ca
- (dtucker) [README.platform auth.c configure.ac loginrec.c
...
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835 : enable IPv6
on AIX where possible (see README.platform for details) and work around
a misfeature of AIX's getnameinfo. ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker
92170a8626
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
...
disable_forwarding() from compat library. Prevent linker errrors trying
to resolve it for binaries other than sshd. ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker
b4d3012d2e
- (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings.
2005-02-08 21:06:55 +11:00
Darren Tucker
42d9dc75ed
- (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
...
Make record_failed_login() call provide hostname rather than having the
implementations having to do lookups themselves. Only affects AIX and
UNICOS (the latter only uses the "user" parameter anyway). ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker
5a88d00349
- (dtucker) [openbsd-compat/port-aix.c] Bug #712 : Explicitly check for
...
accounts with authentication configs that sshd can't support (ie
SYSTEM=NONE and AUTH1=something).
2004-08-29 21:43:33 +10:00
Darren Tucker
397a2f2612
- (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
...
Plug AIX login recording into login_write so logins will be recorded for
all auth types.
2004-08-15 00:09:11 +10:00
Darren Tucker
5288cb242a
- (dtucker) [openbsd-compat/port-aix.c] Missing __func__.
2004-06-28 18:11:19 +10:00
Darren Tucker
0a9d43d726
- (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
...
Move loginrestrictions test to port-aix.c, replace with a generic hook.
2004-06-23 13:45:24 +10:00
Darren Tucker
a7ea546f1b
- (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
...
code changes.
2004-06-16 12:01:15 +10:00
Darren Tucker
cfea2063e5
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
...
include from port-aix.h to port-aix.c and remove unnecessary function
definition. Fixes build errors on AIX.
#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c. Sigh.
2004-02-10 15:27:34 +11:00
Darren Tucker
e3dba82dd4
- (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
...
openbsd-compat/port-aix.h] Bug #14 : Use do_pwchange to support AIX's
native password expiry.
2004-02-10 12:50:19 +11:00
Darren Tucker
e45674ae80
- (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
...
previous authdb setting after auth calls. Fixes problems with setpcred
failing on accounts that use AFS or NIS password registries.
2004-02-06 16:17:51 +11:00
Darren Tucker
d76341616d
- (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
...
Move AIX specific password authentication code to port-aix.c, call
authenticate() until reenter flag is clear.
2003-11-22 14:16:56 +11:00
Darren Tucker
051c270f88
- (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h,
...
add canohost.h to stop warning. Based on patch from openssh-unix-dev at
thewrittenword.com
2003-09-22 13:05:26 +10:00
Darren Tucker
fc3454ee67
- (dtucker) Bug #543 : [configure.ac port-aix.c port-aix.h]
...
Call setauthdb() before loginfailed(), which may load password registry-
specific functions. Based on patch by cawlfiel@us.ibm.com .
2003-07-14 16:41:55 +10:00
Darren Tucker
5c6a91a39d
- (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
...
loginfailed at all, so assume 3-arg loginfailed if not declared.
2003-07-14 16:21:44 +10:00
Darren Tucker
b9aa0a0baa
- (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
...
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker
a0c0b63112
- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
...
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Darren Tucker
eb28cbc399
- (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping.
2003-06-03 12:45:27 +10:00
Damien Miller
3867bf3e7a
unfuck
2003-05-19 09:33:15 +10:00