46 Commits

Author SHA1 Message Date
Darren Tucker
f60845fde2 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free.
2013-06-02 08:07:31 +10:00
Darren Tucker
1bf3503c9d - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
Bug #1583: Use system's kerberos principal name on AIX if it's available.
   Based on a patch from and tested by Miguel Sanders.
2009-12-21 10:49:21 +11:00
Darren Tucker
b5d5ee1ab0 - (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make
PrintLastLog work on AIX.  Based in part on a patch from Miguel Sanders.
2009-08-17 09:40:00 +10:00
Darren Tucker
16ba6a8ea2 - (dtucker) [openbsd-compat/port-aix.{c,h}] Remove AIX specific initgroups
implementation.  It's not needed to fix bug #1081 and breaks the build
   on some AIX configurations.
2008-03-09 16:36:55 +11:00
Darren Tucker
0f26b1386a - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Bug #1081: Implement
getgrouplist via getgrset on AIX, rather than iterating over getgrent.
   This allows, eg, Match and AllowGroups directives to work with NIS and
   LDAP groups.
2008-02-28 23:16:04 +11:00
Darren Tucker
863cfa0e6f - (dtucker) [openbsd-compat/port-aix.c] Comment typo. 2007-08-09 14:29:47 +10:00
Darren Tucker
c70ce7b09d - (dtucker) [openbsd-compat/port-aix.{c,h}] Reduce scope of includes.
Prevents macro redefinition warnings of "RDONLY".
2006-09-18 23:54:32 +10:00
Damien Miller
ded319cca2 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c]
   [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c]
   [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c]
   [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
   [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c]
   [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c]
   [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c]
   [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c]
   [sshconnect1.c sshconnect2.c sshd.c rc4.diff]
   [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c]
   [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c]
   [openbsd-compat/port-uw.c]
   Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h;
   compile problems reported by rac AT tenzing.org
2006-09-01 15:38:36 +10:00
Darren Tucker
26d4e19caa - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed
   login count.  Previously this would only happen when an interactive
   session starts (ie when a pty is allocated) but this means that accounts
   that have primarily non-interactive sessions (eg scp's) may gradually
   accumulate enough failures to lock out an account.  This change may have
   a side effect of creating two audit records, one with a tty of "ssh"
   corresponding to the authentication and one with the allocated pty per
   interactive session.
2006-08-30 22:33:09 +10:00
Damien Miller
d783435315 - deraadt@cvs.openbsd.org 2006/08/03 03:34:42
[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy")
2006-08-05 12:39:39 +10:00
Damien Miller
62da44f064 - (djm) [openbsd-compat/basename.c openbsd-compat/bsd-closefrom.c]
[openbsd-compat/bsd-cray.c openbsd-compat/bsd-openpty.c]
   [openbsd-compat/bsd-snprintf.c openbsd-compat/fake-rfc2553.c]
   [openbsd-compat/port-aix.c openbsd-compat/port-irix.c]
   [openbsd-compat/rresvport.c]
   These look to need string.h and/or unistd.h (based on a grep for function
   names)
2006-07-24 15:08:35 +10:00
Damien Miller
be43ebf975 - stevesk@cvs.openbsd.org 2006/07/12 22:28:52
[auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c]
     move #include <netdb.h> out of includes.h; ok djm@
2006-07-24 13:51:51 +10:00
Darren Tucker
2eaea99054 - (dtucker) [openbsd-compat/bsd-asprintf.c openbsd-compat/port-aix.c
openbsd-compat/rresvport.c] More errno.h.
2006-07-12 23:41:33 +10:00
Darren Tucker
f9fea65ba9 - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
spotted by tim@.
2005-05-29 10:54:27 +10:00
Darren Tucker
6b2fe31def - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there. 2005-05-29 10:32:47 +10:00
Darren Tucker
782727ac61 20050529
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
   argument to passwdexpired to be initialized to NULL.  Suggested by tim@
   While at it, initialize the other arguments to auth functions in case they
   ever acquire this behaviour.
2005-05-29 10:28:48 +10:00
Darren Tucker
f3bb434177 - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
handling of password expiry messages returned by AIX's authentication
   routines, originally reported by robvdwal at sara.nl.
2005-03-31 21:39:25 +10:00
Darren Tucker
3c774c52f3 - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more
compiler warnings on AIX.
2005-02-16 22:49:31 +11:00
Darren Tucker
691d5235ca - (dtucker) [README.platform auth.c configure.ac loginrec.c
openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6
   on AIX where possible (see README.platform for details) and work around
   a misfeature of AIX's getnameinfo.  ok djm@
2005-02-15 21:45:57 +11:00
Darren Tucker
92170a8626 - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call
disable_forwarding() from compat library. Prevent linker errrors trying
   to resolve it for binaries other than sshd.  ok djm@
2005-02-09 17:08:23 +11:00
Darren Tucker
b4d3012d2e - (dtucker) [openbsd-compat/port-aix.c] Silence compiler warnings. 2005-02-08 21:06:55 +11:00
Darren Tucker
42d9dc75ed - (dtucker) [auth.c loginrec.h openbsd-compat/{bsd-cray,port-aix}.{c,h}]
Make record_failed_login() call provide hostname rather than having the
   implementations having to do lookups themselves.  Only affects AIX and
   UNICOS (the latter only uses the "user" parameter anyway).  ok djm@
2005-02-02 17:10:11 +11:00
Darren Tucker
5a88d00349 - (dtucker) [openbsd-compat/port-aix.c] Bug #712: Explicitly check for
accounts with authentication configs that sshd can't support (ie
   SYSTEM=NONE and AUTH1=something).
2004-08-29 21:43:33 +10:00
Darren Tucker
397a2f2612 - (dtucker) [loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Plug AIX login recording into login_write so logins will be recorded for
   all auth types.
2004-08-15 00:09:11 +10:00
Darren Tucker
5288cb242a - (dtucker) [openbsd-compat/port-aix.c] Missing __func__. 2004-06-28 18:11:19 +10:00
Darren Tucker
0a9d43d726 - (dtucker) [auth.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move loginrestrictions test to port-aix.c, replace with a generic hook.
2004-06-23 13:45:24 +10:00
Darren Tucker
a7ea546f1b - (dtucker) [openbsd-compat/port-aix.c] Expand whitespace -> tabs. No
code changes.
2004-06-16 12:01:15 +10:00
Darren Tucker
cfea2063e5 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Move
include from port-aix.h to port-aix.c and remove unnecessary function
   definition.  Fixes build errors on AIX.

#include'ing auth.h in port-aix.h causes conflicting definitions of Authctxt
in sshconnect2.c.  Sigh.
2004-02-10 15:27:34 +11:00
Darren Tucker
e3dba82dd4 - (dtucker) [auth-passwd.c auth.h openbsd-compat/port-aix.c
openbsd-compat/port-aix.h] Bug #14: Use do_pwchange to support AIX's
    native password expiry.
2004-02-10 12:50:19 +11:00
Darren Tucker
e45674ae80 - (dtucker) [openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Restore
previous authdb setting after auth calls.  Fixes problems with setpcred
   failing on accounts that use AFS or NIS password registries.
2004-02-06 16:17:51 +11:00
Darren Tucker
d76341616d - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h]
Move AIX specific password authentication code to port-aix.c, call
   authenticate() until reenter flag is clear.
2003-11-22 14:16:56 +11:00
Darren Tucker
051c270f88 - (dtucker) [openbsd-compat/port-aix.c] Use correct include for xmalloc.h,
add canohost.h to stop warning.  Based on patch from openssh-unix-dev at
   thewrittenword.com
2003-09-22 13:05:26 +10:00
Darren Tucker
fc3454ee67 - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h]
Call setauthdb() before loginfailed(), which may load password registry-
   specific functions.  Based on patch by cawlfiel@us.ibm.com.
2003-07-14 16:41:55 +10:00
Darren Tucker
5c6a91a39d - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare
loginfailed at all, so assume 3-arg loginfailed if not declared.
2003-07-14 16:21:44 +10:00
Darren Tucker
b9aa0a0baa - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h]
Convert aixloginmsg into platform-independant Buffer loginmsg.
2003-07-08 22:59:59 +10:00
Darren Tucker
a0c0b63112 - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
   prototypes.  Test for and handle 3-args and 4-arg variants of loginfailed.
2003-07-08 20:52:12 +10:00
Darren Tucker
eb28cbc399 - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping. 2003-06-03 12:45:27 +10:00
Damien Miller
3867bf3e7a unfuck 2003-05-19 09:33:15 +10:00
Damien Miller
317412502b - (djm) Big KNF on openbsd-compat/ 2003-05-19 00:13:38 +10:00
Darren Tucker
97363a8b24 - (dtucker) Move handling of bad password authentications into a platform
specific record_failed_login() function (affects AIX & Unicos).
2003-05-02 23:42:25 +10:00
Ben Lindstrom
024f08f3f6 Added author to ports-aix.[ch]. 2002-07-07 02:17:36 +00:00
Ben Lindstrom
d00a1a1a03 - (bal) One too many nulls in ports-aix.c 2002-07-04 19:33:49 +00:00
Ben Lindstrom
51b2488aad - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. 2002-07-04 03:08:40 +00:00
Ben Lindstrom
f0bfa839bd - (bal) Fixed AIX environment handling, use setpcred() instead of existing
code.  (Bugzilla Bug 261)
2002-06-21 00:01:18 +00:00
Ben Lindstrom
127398c6ec - (bal) Drop Session *s usage in ports-aix.[ch] and pass just what we
need to do the jobs (AIX still does not fully compile, but that is
   coming).
2002-02-24 20:25:46 +00:00
Ben Lindstrom
a9c039cf04 - (bal) Migrated AIX getuserattr and usrinfo code to
openbsd-compat/port-aix.[c] to improve readilbity of do_child() and
   simplify our diffs against upstream source.
2002-02-19 20:27:55 +00:00