Darren Tucker
2003-Jul-05 03:08 UTC
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
Hi All.
I've decided to try to merge the -Portable parts of the password expiry
patch (see bug #14) that do not depend on the OpenBSD change in bug #463.
The attached patch is the first step in this process. It removes the
AIX-specific "char *aixloginmsg" and replaces it with a
platform-neutral
"Buffer loginmsg". I think this is worth having in -Portable even if
it
does not make it to OpenBSD.
Does anyone see any problems with or have any objections to this patch?
-Daz.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: auth-passwd.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v
retrieving revision 1.54
diff -u -r1.54 auth-passwd.c
--- auth-passwd.c 3 Jun 2003 00:25:48 -0000 1.54
+++ auth-passwd.c 5 Jul 2003 02:17:59 -0000
@@ -42,6 +42,9 @@
#include "log.h"
#include "servconf.h"
#include "auth.h"
+#include "buffer.h"
+#include "xmalloc.h"
+#include "canohost.h"
#if !defined(HAVE_OSF_SIA)
/* Don't need any of these headers for the SIA cases */
@@ -81,9 +84,7 @@
#endif /* !HAVE_OSF_SIA */
extern ServerOptions options;
-#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
-#endif
+extern Buffer loginmsg;
/*
* Tries to authenticate the user using password. Returns true if
@@ -151,15 +152,28 @@
# endif
# ifdef WITH_AIXAUTHENTICATE
authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg)
== 0);
+ aix_remove_embedded_newlines(authmsg);
if (authsuccess) {
+ char *msg;
+
+ debug3("AIX/authenticate succeeded for user %s: %.100s",
+ pw->pw_name, authmsg);
+
/* We don't have a pty yet, so just label the line as
"ssh" */
if (loginsuccess(authctxt->user,
- get_canonical_hostname(options.use_dns),
- "ssh", &aixloginmsg) < 0) {
- aixloginmsg = NULL;
+ get_canonical_hostname(options.use_dns), "ssh", &msg) ==
0){
+ if (msg != NULL) {
+ buffer_append(&loginmsg, msg, strlen(msg));
+ xfree(msg);
+ }
}
+ } else {
+ debug3("AIX/authenticate failed for user %s: %.100s",
+ pw->pw_name, authmsg);
}
+ if (authmsg != NULL)
+ xfree(authmsg);
return (authsuccess);
# endif
Index: auth.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/auth.c,v
retrieving revision 1.73
diff -u -r1.73 auth.c
--- auth.c 3 Jun 2003 00:25:48 -0000 1.73
+++ auth.c 5 Jul 2003 01:30:52 -0000
@@ -206,26 +206,23 @@
* PermitRootLogin to control logins via ssh), or if running as
* non-root user (since loginrestrictions will always fail).
*/
- if ((pw->pw_uid != 0) && (geteuid() == 0) &&
- loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
- int loginrestrict_errno = errno;
+ if ((pw->pw_uid != 0) && (geteuid() == 0)) {
+ char *msg;
- if (loginmsg && *loginmsg) {
- /* Remove embedded newlines (if any) */
- char *p;
- for (p = loginmsg; *p; p++) {
- if (*p == '\n')
- *p = ' ';
+ if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) {
+ int loginrestrict_errno = errno;
+
+ if (msg && *msg) {
+ buffer_append(&loginmsg, msg, strlen(msg));
+ aix_remove_embedded_newlines(msg);
+ logit("Login restricted for %s: %.100s",
+ pw->pw_name, msg);
}
- /* Remove trailing newline */
- *--p = '\0';
- logit("Login restricted for %s: %.100s", pw->pw_name,
- loginmsg);
+ /* Don't fail if /etc/nologin set */
+ if (!(loginrestrict_errno == EPERM &&
+ stat(_PATH_NOLOGIN, &st) == 0))
+ return 0;
}
- /* Don't fail if /etc/nologin set */
- if (!(loginrestrict_errno == EPERM &&
- stat(_PATH_NOLOGIN, &st) == 0))
- return 0;
}
#endif /* WITH_AIXAUTHENTICATE */
Index: session.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v
retrieving revision 1.238
diff -u -r1.238 session.c
--- session.c 3 Jun 2003 00:25:48 -0000 1.238
+++ session.c 5 Jul 2003 02:21:49 -0000
@@ -95,6 +95,7 @@
extern u_int utmp_len;
extern int startup_pipe;
extern void destroy_sensitive_data(void);
+extern Buffer loginmsg;
/* original command from peer. */
const char *original_command = NULL;
@@ -103,10 +104,6 @@
#define MAX_SESSIONS 10
Session sessions[MAX_SESSIONS];
-#ifdef WITH_AIXAUTHENTICATE
-char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
-
#ifdef HAVE_LOGIN_CAP
login_cap_t *lc;
#endif
@@ -770,10 +767,13 @@
if (options.use_pam && !is_pam_password_change_required())
print_pam_messages();
#endif /* USE_PAM */
-#ifdef WITH_AIXAUTHENTICATE
- if (aixloginmsg && *aixloginmsg)
- printf("%s\n", aixloginmsg);
-#endif /* WITH_AIXAUTHENTICATE */
+
+ /* display post-login message */
+ if (buffer_len(&loginmsg) > 0) {
+ buffer_append(&loginmsg, "\0", 1);
+ printf("%s\n", (char *)buffer_ptr(&loginmsg));
+ }
+ buffer_free(&loginmsg);
#ifndef NO_SSH_LASTLOG
if (options.print_lastlog && s->last_login_time != 0) {
Index: sshd.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/sshd.c,v
retrieving revision 1.252
diff -u -r1.252 sshd.c
--- sshd.c 3 Jul 2003 03:46:57 -0000 1.252
+++ sshd.c 5 Jul 2003 01:57:47 -0000
@@ -201,6 +201,9 @@
int use_privsep;
struct monitor *pmonitor;
+/* message to be displayed after login */
+Buffer loginmsg;
+
/* Prototypes for various functions defined later in this file. */
void destroy_sensitive_data(void);
void demote_sensitive_data(void);
@@ -1500,6 +1503,9 @@
#endif /* AFS */
packet_set_nonblocking();
+
+ /* prepare buffers to collect authentication messages */
+ buffer_init(&loginmsg);
if (use_privsep)
if ((authctxt = privsep_preauth()) != NULL)
Index: openbsd-compat/port-aix.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v
retrieving revision 1.10
diff -u -r1.10 port-aix.c
--- openbsd-compat/port-aix.c 3 Jun 2003 02:45:27 -0000 1.10
+++ openbsd-compat/port-aix.c 5 Jul 2003 01:35:21 -0000
@@ -61,6 +61,28 @@
xfree(cp);
}
+#ifdef WITH_AIXAUTHENTICATE
+/*
+ * Remove embedded newlines in string (if any).
+ * Used before logging messages returned by AIX authentication functions
+ * so the message is logged on one line.
+ */
+void
+aix_remove_embedded_newlines(char *p)
+{
+ if (p == NULL)
+ return;
+
+ for (; *p; p++) {
+ if (*p == '\n')
+ *p = ' ';
+ }
+ /* Remove trailing whitespace */
+ if (*--p == ' ')
+ *p = '\0';
+}
+#endif /* WITH_AIXAUTHENTICATE */
+
# ifdef CUSTOM_FAILED_LOGIN
/*
* record_failed_login: generic "login failed" interface function
Index: openbsd-compat/port-aix.h
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v
retrieving revision 1.8
diff -u -r1.8 port-aix.h
--- openbsd-compat/port-aix.h 2 May 2003 13:42:25 -0000 1.8
+++ openbsd-compat/port-aix.h 5 Jul 2003 01:30:18 -0000
@@ -42,4 +42,5 @@
#endif
void aix_usrinfo(struct passwd *pw);
+void aix_remove_embedded_newlines(char *);
#endif /* _AIX */
Reasonably Related Threads
Wisdom of the Ancients
