port-aix.c revision 124208
1106121Sdes/* 2106121Sdes * 3106121Sdes * Copyright (c) 2001 Gert Doering. All rights reserved. 4106121Sdes * 5106121Sdes * Redistribution and use in source and binary forms, with or without 6106121Sdes * modification, are permitted provided that the following conditions 7106121Sdes * are met: 8106121Sdes * 1. Redistributions of source code must retain the above copyright 9106121Sdes * notice, this list of conditions and the following disclaimer. 10106121Sdes * 2. Redistributions in binary form must reproduce the above copyright 11106121Sdes * notice, this list of conditions and the following disclaimer in the 12106121Sdes * documentation and/or other materials provided with the distribution. 13106121Sdes * 14106121Sdes * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15106121Sdes * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16106121Sdes * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17106121Sdes * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18106121Sdes * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19106121Sdes * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20106121Sdes * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21106121Sdes * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22106121Sdes * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23106121Sdes * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24106121Sdes * 25106121Sdes */ 2698937Sdes#include "includes.h" 27124208Sdes#include "ssh.h" 28124208Sdes#include "log.h" 29124208Sdes#include "servconf.h" 30124208Sdes#include "canohost.h" 31124208Sdes#include "xmalloc.h" 3298937Sdes 3398937Sdes#ifdef _AIX 3498937Sdes 3598937Sdes#include <uinfo.h> 36124208Sdes#include "port-aix.h" 3798937Sdes 38124208Sdesextern ServerOptions options; 39124208Sdes 4098937Sdes/* 41106121Sdes * AIX has a "usrinfo" area where logname and other stuff is stored - 42106121Sdes * a few applications actually use this and die if it's not set 43106121Sdes * 44106121Sdes * NOTE: TTY= should be set, but since no one uses it and it's hard to 45106121Sdes * acquire due to privsep code. We will just drop support. 4698937Sdes */ 4798937Sdesvoid 48106121Sdesaix_usrinfo(struct passwd *pw) 4998937Sdes{ 5098937Sdes u_int i; 51124208Sdes size_t len; 52106121Sdes char *cp; 5398937Sdes 54124208Sdes len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); 55124208Sdes cp = xmalloc(len); 56124208Sdes 57124208Sdes i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', 58124208Sdes pw->pw_name, '\0'); 5998937Sdes if (usrinfo(SETUINFO, cp, i) == -1) 6098937Sdes fatal("Couldn't set usrinfo: %s", strerror(errno)); 6198937Sdes debug3("AIX/UsrInfo: set len %d", i); 62124208Sdes 6398937Sdes xfree(cp); 6498937Sdes} 6598937Sdes 66124208Sdes#ifdef WITH_AIXAUTHENTICATE 67124208Sdes/* 68124208Sdes * Remove embedded newlines in string (if any). 69124208Sdes * Used before logging messages returned by AIX authentication functions 70124208Sdes * so the message is logged on one line. 71124208Sdes */ 72124208Sdesvoid 73124208Sdesaix_remove_embedded_newlines(char *p) 74124208Sdes{ 75124208Sdes if (p == NULL) 76124208Sdes return; 77124208Sdes 78124208Sdes for (; *p; p++) { 79124208Sdes if (*p == '\n') 80124208Sdes *p = ' '; 81124208Sdes } 82124208Sdes /* Remove trailing whitespace */ 83124208Sdes if (*--p == ' ') 84124208Sdes *p = '\0'; 85124208Sdes} 86124208Sdes#endif /* WITH_AIXAUTHENTICATE */ 87124208Sdes 88124208Sdes# ifdef CUSTOM_FAILED_LOGIN 89124208Sdes/* 90124208Sdes * record_failed_login: generic "login failed" interface function 91124208Sdes */ 92124208Sdesvoid 93124208Sdesrecord_failed_login(const char *user, const char *ttyname) 94124208Sdes{ 95124208Sdes char *hostname = get_canonical_hostname(options.use_dns); 96124208Sdes 97124208Sdes if (geteuid() != 0) 98124208Sdes return; 99124208Sdes 100124208Sdes aix_setauthdb(user); 101124208Sdes# ifdef AIX_LOGINFAILED_4ARG 102124208Sdes loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); 103124208Sdes# else 104124208Sdes loginfailed((char *)user, hostname, (char *)ttyname); 105124208Sdes# endif 106124208Sdes} 107124208Sdes 108124208Sdes/* 109124208Sdes * If we have setauthdb, retrieve the password registry for the user's 110124208Sdes * account then feed it to setauthdb. This may load registry-specific method 111124208Sdes * code. If we don't have setauthdb or have already called it this is a no-op. 112124208Sdes */ 113124208Sdesvoid 114124208Sdesaix_setauthdb(const char *user) 115124208Sdes{ 116124208Sdes# ifdef HAVE_SETAUTHDB 117124208Sdes static char *registry = NULL; 118124208Sdes 119124208Sdes if (registry != NULL) /* have already done setauthdb */ 120124208Sdes return; 121124208Sdes 122124208Sdes if (setuserdb(S_READ) == -1) { 123124208Sdes debug3("%s: Could not open userdb to read", __func__); 124124208Sdes return; 125124208Sdes } 126124208Sdes 127124208Sdes if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { 128124208Sdes if (setauthdb(registry, NULL) == 0) 129124208Sdes debug3("%s: AIX/setauthdb set registry %s", __func__, 130124208Sdes registry); 131124208Sdes else 132124208Sdes debug3("%s: AIX/setauthdb set registry %s failed: %s", 133124208Sdes __func__, registry, strerror(errno)); 134124208Sdes } else 135124208Sdes debug3("%s: Could not read S_REGISTRY for user: %s", __func__, 136124208Sdes strerror(errno)); 137124208Sdes enduserdb(); 138124208Sdes# endif 139124208Sdes} 140124208Sdes# endif /* CUSTOM_FAILED_LOGIN */ 14198937Sdes#endif /* _AIX */ 14298937Sdes 143