port-aix.c revision 124208 
1106121Sdes/*
2106121Sdes *
3106121Sdes * Copyright (c) 2001 Gert Doering.  All rights reserved.
4106121Sdes *
5106121Sdes * Redistribution and use in source and binary forms, with or without
6106121Sdes * modification, are permitted provided that the following conditions
7106121Sdes * are met:
8106121Sdes * 1. Redistributions of source code must retain the above copyright
9106121Sdes *    notice, this list of conditions and the following disclaimer.
10106121Sdes * 2. Redistributions in binary form must reproduce the above copyright
11106121Sdes *    notice, this list of conditions and the following disclaimer in the
12106121Sdes *    documentation and/or other materials provided with the distribution.
13106121Sdes *
14106121Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15106121Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16106121Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17106121Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18106121Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19106121Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20106121Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21106121Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22106121Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23106121Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24106121Sdes *
25106121Sdes */
2698937Sdes#include "includes.h"
27124208Sdes#include "ssh.h"
28124208Sdes#include "log.h"
29124208Sdes#include "servconf.h"
30124208Sdes#include "canohost.h"
31124208Sdes#include "xmalloc.h"
3298937Sdes
3398937Sdes#ifdef _AIX
3498937Sdes
3598937Sdes#include <uinfo.h>
36124208Sdes#include "port-aix.h"
3798937Sdes
38124208Sdesextern ServerOptions options;
39124208Sdes
4098937Sdes/*
41106121Sdes * AIX has a "usrinfo" area where logname and other stuff is stored -
42106121Sdes * a few applications actually use this and die if it's not set
43106121Sdes *
44106121Sdes * NOTE: TTY= should be set, but since no one uses it and it's hard to
45106121Sdes * acquire due to privsep code.  We will just drop support.
4698937Sdes */
4798937Sdesvoid
48106121Sdesaix_usrinfo(struct passwd *pw)
4998937Sdes{
5098937Sdes	u_int i;
51124208Sdes	size_t len;
52106121Sdes	char *cp;
5398937Sdes
54124208Sdes	len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
55124208Sdes	cp = xmalloc(len);
56124208Sdes
57124208Sdes	i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
58124208Sdes	    pw->pw_name, '\0');
5998937Sdes	if (usrinfo(SETUINFO, cp, i) == -1)
6098937Sdes		fatal("Couldn't set usrinfo: %s", strerror(errno));
6198937Sdes	debug3("AIX/UsrInfo: set len %d", i);
62124208Sdes
6398937Sdes	xfree(cp);
6498937Sdes}
6598937Sdes
66124208Sdes#ifdef WITH_AIXAUTHENTICATE
67124208Sdes/*
68124208Sdes * Remove embedded newlines in string (if any).
69124208Sdes * Used before logging messages returned by AIX authentication functions
70124208Sdes * so the message is logged on one line.
71124208Sdes */
72124208Sdesvoid
73124208Sdesaix_remove_embedded_newlines(char *p)
74124208Sdes{
75124208Sdes	if (p == NULL)
76124208Sdes		return;
77124208Sdes
78124208Sdes	for (; *p; p++) {
79124208Sdes		if (*p == '\n')
80124208Sdes			*p = ' ';
81124208Sdes	}
82124208Sdes	/* Remove trailing whitespace */
83124208Sdes	if (*--p == ' ')
84124208Sdes		*p = '\0';
85124208Sdes}
86124208Sdes#endif /* WITH_AIXAUTHENTICATE */
87124208Sdes
88124208Sdes# ifdef CUSTOM_FAILED_LOGIN
89124208Sdes/*
90124208Sdes * record_failed_login: generic "login failed" interface function
91124208Sdes */
92124208Sdesvoid
93124208Sdesrecord_failed_login(const char *user, const char *ttyname)
94124208Sdes{
95124208Sdes	char *hostname = get_canonical_hostname(options.use_dns);
96124208Sdes
97124208Sdes	if (geteuid() != 0)
98124208Sdes		return;
99124208Sdes
100124208Sdes	aix_setauthdb(user);
101124208Sdes#  ifdef AIX_LOGINFAILED_4ARG
102124208Sdes	loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
103124208Sdes#  else
104124208Sdes	loginfailed((char *)user, hostname, (char *)ttyname);
105124208Sdes#  endif
106124208Sdes}
107124208Sdes
108124208Sdes/*
109124208Sdes * If we have setauthdb, retrieve the password registry for the user's
110124208Sdes * account then feed it to setauthdb.  This may load registry-specific method
111124208Sdes * code.  If we don't have setauthdb or have already called it this is a no-op.
112124208Sdes */
113124208Sdesvoid
114124208Sdesaix_setauthdb(const char *user)
115124208Sdes{
116124208Sdes#  ifdef HAVE_SETAUTHDB
117124208Sdes	static char *registry = NULL;
118124208Sdes
119124208Sdes	if (registry != NULL)	/* have already done setauthdb */
120124208Sdes		return;
121124208Sdes
122124208Sdes	if (setuserdb(S_READ) == -1) {
123124208Sdes		debug3("%s: Could not open userdb to read", __func__);
124124208Sdes		return;
125124208Sdes	}
126124208Sdes
127124208Sdes	if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
128124208Sdes		if (setauthdb(registry, NULL) == 0)
129124208Sdes			debug3("%s: AIX/setauthdb set registry %s", __func__,
130124208Sdes			    registry);
131124208Sdes		else
132124208Sdes			debug3("%s: AIX/setauthdb set registry %s failed: %s",
133124208Sdes			    __func__, registry, strerror(errno));
134124208Sdes	} else
135124208Sdes		debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
136124208Sdes		    strerror(errno));
137124208Sdes	enduserdb();
138124208Sdes#  endif
139124208Sdes}
140124208Sdes# endif /* CUSTOM_FAILED_LOGIN */
14198937Sdes#endif /* _AIX */
14298937Sdes
143