Commit Graph

58 Commits

Author SHA1 Message Date
Darren Tucker acb2887a76 Handle GIDs > 2^31 in getgrouplist.
When compiled in 32bit mode, the getgrouplist implementation may fail
for GIDs greater than LONG_MAX.  Analysis and change from ralf.winkel
at tui.com.
2021-06-17 21:03:19 +10:00
Darren Tucker 31c9348c5e Constify aix_krb5_get_principal_name.
Prevents warning about discarding type qualifiers on AIX.
2020-02-17 22:53:24 +11:00
Darren Tucker 245dcbdca5 Put headers inside ifdef _AIX.
Prevents compile errors due to missing definitions (eg va_list) on
non-AIX platforms.
2019-11-13 11:19:26 +11:00
Darren Tucker 79a87d3278 Remove "struct ssh" from sys_auth_record_login.
It's not needed, and is not available from the call site in loginrec.c
Should only affect AIX, spotted by Kevin Brott.
2019-04-03 06:27:45 +11:00
Darren Tucker 138c0d52cd Adapt custom_failed_login to new prototype.
Spotted by Kevin Brott.
2019-04-02 18:21:35 +11:00
Damien Miller 08f66d9f17 remove vestiges of old packet API from loginrec.c 2019-01-20 09:58:45 +11:00
Damien Miller e36a5f61b0 Some AIX fixes; report from Michael Felt 2018-08-11 18:08:45 -07:00
markus@openbsd.org 5467fbcb09 upstream: remove legacy key emulation layer; ok djm@
OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d
2018-07-12 13:18:25 +10:00
Damien Miller 120a1ec74e Adapt portable to legacy buffer API removal 2018-07-10 19:39:52 +10:00
Darren Tucker 6b5a17bc14 Include ssh_api.h for struct ssh.
struct ssh is needed by implementations of sys_auth_passwd() that were
converted in commit bba02a50.  Needed to fix build on AIX, I assume for
the other platforms too (although it should be harmless if not needed).
2018-03-26 13:24:41 +11:00
Tim Rice bba02a5094 modified: auth-sia.c
modified:   openbsd-compat/port-aix.c
	modified:   openbsd-compat/port-uw.c

	propogate changes to auth-passwd.c in commit
	7c85685760 to other providers
	of sys_auth_passwd()
2018-03-25 09:17:33 -07:00
Darren Tucker c20dccb561 Strip trailing whitespace.
Mechanically strip trailing whitespace on files not synced with OpenBSD
(or in the case of bsd-snprint.c, rsync).
2016-08-02 09:44:25 +10:00
Darren Tucker f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
Darren Tucker 1bf3503c9d - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
Bug #1583: Use system's kerberos principal name on AIX if it's available.
   Based on a patch from and tested by Miguel Sanders.
2009-12-21 10:49:21 +11:00
Darren Tucker b5d5ee1ab0 - (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make
PrintLastLog work on AIX.  Based in part on a patch from Miguel Sanders.
2009-08-17 09:40:00 +10:00
Darren Tucker 16ba6a8ea2 - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
implementation.  It's not needed to fix bug #1081 and breaks the build
   on some AIX configurations.
2008-03-09 16:36:55 +11:00
Darren Tucker 0f26b1386a - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
   This allows, eg, Match and AllowGroups directives to work with NIS and
   LDAP groups.
2008-02-28 23:16:04 +11:00
Darren Tucker 863cfa0e6f - (dtucker) [openbsd-compat/port-aix.c] Comment typo. 2007-08-09 14:29:47 +10:00
Darren Tucker c70ce7b09d - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
Prevents macro redefinition warnings of "RDONLY".
2006-09-18 23:54:32 +10:00
Damien Miller ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Darren Tucker 26d4e19caa - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed
   login count.  Previously this would only happen when an interactive
   session starts (ie when a pty is allocated) but this means that accounts
   that have primarily non-interactive sessions (eg scp's) may gradually
   accumulate enough failures to lock out an account.  This change may have
   a side effect of creating two audit records, one with a tty of "ssh"
   corresponding to the authentication and one with the allocated pty per
   interactive session.
2006-08-30 22:33:09 +10:00
Damien Miller d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller 62da44f064 - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
   [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
   [openbsd-compat/rresvport.c]
   These look to need string.h and/or unistd.h (based on a grep for function
   names)
2006-07-24 15:08:35 +10:00
Damien Miller be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Darren Tucker 2eaea99054 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
Darren Tucker f9fea65ba9 - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
spotted by tim@.
2005-05-29 10:54:27 +10:00
Darren Tucker 6b2fe31def - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. 2005-05-29 10:32:47 +10:00
Darren Tucker 782727ac61 20050529
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
   argument to passwdexpired to be initialized to NULL.  Suggested by tim@
   While at it, initialize the other arguments to auth functions in case they
   ever acquire this behaviour.
2005-05-29 10:28:48 +10:00
Darren Tucker f3bb434177 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
handling of password expiry messages returned by AIX's authentication
   routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
Darren Tucker 3c774c52f3 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
compiler warnings on AIX.
2005-02-16 22:49:31 +11:00
Darren Tucker 691d5235ca - (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
   on AIX where possible (see README.platform for details) and work around
   a misfeature of AIX's getnameinfo.  ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker 92170a8626 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
disable_forwarding() from compat library. Prevent linker errrors trying
   to resolve it for binaries other than sshd.  ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker b4d3012d2e - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. 2005-02-08 21:06:55 +11:00
Darren Tucker 42d9dc75ed - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
Make record_failed_login() call provide hostname rather than having the
   implementations having to do lookups themselves.  Only affects AIX and
   UNICOS (the latter only uses the "user" parameter anyway).  ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker 5a88d00349 - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
accounts with authentication configs that sshd can't support (ie
   SYSTEM=NONE and AUTH1=something).
2004-08-29 21:43:33 +10:00
Darren Tucker 397a2f2612 - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Plug AIX login recording into login_write so logins will be recorded for
   all auth types.
2004-08-15 00:09:11 +10:00
Darren Tucker 5288cb242a - (dtucker) [openbsd-compat/port-aix.c] Missing __func__. 2004-06-28 18:11:19 +10:00
Darren Tucker 0a9d43d726 - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move loginrestrictions test to port-aix.c, replace with a generic hook.
2004-06-23 13:45:24 +10:00
Darren Tucker a7ea546f1b - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
code changes.
2004-06-16 12:01:15 +10:00
Darren Tucker cfea2063e5 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
include from port-aix.h to port-aix.c and remove unnecessary function
   definition.  Fixes build errors on AIX.

#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c.  Sigh.
2004-02-10 15:27:34 +11:00
Darren Tucker e3dba82dd4 - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
    native password expiry.
2004-02-10 12:50:19 +11:00
Darren Tucker e45674ae80 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls.  Fixes problems with setpcred
   failing on accounts that use AFS or NIS password registries.
2004-02-06 16:17:51 +11:00
Darren Tucker d76341616d - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call
   authenticate() until reenter flag is clear.
2003-11-22 14:16:56 +11:00
Darren Tucker 051c270f88 - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h,
add canohost.h to stop warning.  Based on patch from openssh-unix-dev at
   thewrittenword.com
2003-09-22 13:05:26 +10:00
Darren Tucker fc3454ee67 - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
Call setauthdb() before loginfailed(), which may load password registry-
   specific functions.  Based on patch by cawlfiel@us.ibm.com.
2003-07-14 16:41:55 +10:00
Darren Tucker 5c6a91a39d - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
loginfailed at all, so assume 3-arg loginfailed if not declared.
2003-07-14 16:21:44 +10:00
Darren Tucker b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker a0c0b63112 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Darren Tucker eb28cbc399 - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping. 2003-06-03 12:45:27 +10:00
Damien Miller 3867bf3e7a unfuck 2003-05-19 09:33:15 +10:00