diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth.c | 15 | ||||
| -rw-r--r-- | auth1.c | 2 | ||||
| -rw-r--r-- | auth2.c | 4 | ||||
| -rw-r--r-- | openbsd-compat/bsd-cray.c | 10 | ||||
| -rw-r--r-- | openbsd-compat/bsd-cray.h | 4 | ||||
| -rw-r--r-- | openbsd-compat/port-aix.c | 16 | ||||
| -rw-r--r-- | openbsd-compat/port-aix.h | 5 |
8 files changed, 41 insertions, 19 deletions
@@ -1,6 +1,8 @@ 20030502 - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels, privsep should now work. + - (dtucker) Move handling of bad password authentications into a platform + specific record_failed_login() function (affects AIX & Unicos). 20030429 - (djm) Add back radix.o (used by AFS support), after it went missing from @@ -1360,4 +1362,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2665 2003/05/02 10:48:21 dtucker Exp $ +$Id: ChangeLog,v 1.2666 2003/05/02 13:42:25 dtucker Exp $ @@ -268,13 +268,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) get_remote_port(), info); -#ifdef WITH_AIXAUTHENTICATE +#ifdef CUSTOM_FAILED_LOGIN if (authenticated == 0 && strcmp(method, "password") == 0) - loginfailed(authctxt->user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); -#endif /* WITH_AIXAUTHENTICATE */ - + record_failed_login(authctxt->user, "ssh"); +#endif } /* @@ -496,10 +493,8 @@ getpwnamallow(const char *user) if (pw == NULL) { logit("Illegal user %.100s from %.100s", user, get_remote_ipaddr()); -#ifdef WITH_AIXAUTHENTICATE - loginfailed(user, - get_canonical_hostname(options.verify_reverse_mapping), - "ssh"); +#ifdef CUSTOM_FAILED_LOGIN + record_failed_login(user, "ssh"); #endif return (NULL); } @@ -311,8 +311,6 @@ do_authloop(Authctxt *authctxt) authctxt->user); #ifdef _UNICOS - if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) - cray_login_failure(authctxt->user, IA_UDBERR); if (authenticated && cray_access_denied(authctxt->user)) { authenticated = 0; fatal("Access denied for user %s.",authctxt->user); @@ -240,10 +240,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) } else { if (authctxt->failures++ > AUTH_FAIL_MAX) packet_disconnect(AUTH_FAIL_MSG, authctxt->user); -#ifdef _UNICOS - if (strcmp(method, "password") == 0) - cray_login_failure(authctxt->user, IA_UDBERR); -#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index edb3112b..4875af86 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ + * $Id: bsd-cray.c,v 1.9 2003/05/02 13:42:25 dtucker Exp $ * * bsd-cray.c * @@ -143,6 +143,14 @@ cray_access_denied(char *username) return (errcode); } +/* + * record_failed_login: generic "login failed" interface function + */ +record_failed_login(const char *user, const char *ttyname) +{ + cray_login_failure((char *)user, IA_UDBERR); +} + int cray_setup (uid_t uid, char *username, const char *command) { diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index a09954f2..d2489f4b 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $ + * $Id: bsd-cray.h,v 1.8 2003/05/02 13:42:25 dtucker Exp $ * * bsd-cray.h * @@ -42,6 +42,8 @@ void cray_init_job(struct passwd *); /* init cray job */ void cray_job_termination_handler(int); /* process end of job signal */ void cray_login_failure(char *username, int errcode); int cray_access_denied(char *username); +#define CUSTOM_FAILED_LOGIN 1 +void record_failed_login(const char *user, const char *ttyname); extern char cray_tmpdir[]; /* cray tmpdir */ #ifndef IA_SSHD #define IA_SSHD IA_LOGIN diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 4c96a317..cddc0907 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -24,12 +24,17 @@ * */ #include "includes.h" +#include "ssh.h" +#include "log.h" +#include "servconf.h" #ifdef _AIX #include <uinfo.h> #include <../xmalloc.h> +extern ServerOptions options; + /* * AIX has a "usrinfo" area where logname and other stuff is stored - * a few applications actually use this and die if it's not set @@ -52,5 +57,16 @@ aix_usrinfo(struct passwd *pw) xfree(cp); } +# ifdef CUSTOM_FAILED_LOGIN +/* + * record_failed_login: generic "login failed" interface function + */ +void +record_failed_login(const char *user, const char *ttyname) +{ + loginfailed(user, + get_canonical_hostname(options.verify_reverse_mapping), ttyname); +} +# endif /* CUSTOM_FAILED_LOGIN */ #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 4abe0031..2254e746 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -36,5 +36,10 @@ # include <sys/timers.h> #endif +#ifdef WITH_AIXAUTHENTICATE +# define CUSTOM_FAILED_LOGIN 1 +void record_failed_login(const char *user, const char *ttyname); +#endif + void aix_usrinfo(struct passwd *pw); #endif /* _AIX */ |