Commit 97363a8b authored by Darren Tucker's avatar Darren Tucker

- (dtucker) Move handling of bad password authentications into a platform

   specific record_failed_login() function (affects AIX & Unicos).
parent 3c01654d
20030502
- (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels,
privsep should now work.
- (dtucker) Move handling of bad password authentications into a platform
specific record_failed_login() function (affects AIX & Unicos).
20030429
- (djm) Add back radix.o (used by AFS support), after it went missing from
......@@ -1360,4 +1362,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
$Id: ChangeLog,v 1.2665 2003/05/02 10:48:21 dtucker Exp $
$Id: ChangeLog,v 1.2666 2003/05/02 13:42:25 dtucker Exp $
......@@ -268,13 +268,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
get_remote_port(),
info);
#ifdef WITH_AIXAUTHENTICATE
#ifdef CUSTOM_FAILED_LOGIN
if (authenticated == 0 && strcmp(method, "password") == 0)
loginfailed(authctxt->user,
get_canonical_hostname(options.verify_reverse_mapping),
"ssh");
#endif /* WITH_AIXAUTHENTICATE */
record_failed_login(authctxt->user, "ssh");
#endif
}
/*
......@@ -496,10 +493,8 @@ getpwnamallow(const char *user)
if (pw == NULL) {
logit("Illegal user %.100s from %.100s",
user, get_remote_ipaddr());
#ifdef WITH_AIXAUTHENTICATE
loginfailed(user,
get_canonical_hostname(options.verify_reverse_mapping),
"ssh");
#ifdef CUSTOM_FAILED_LOGIN
record_failed_login(user, "ssh");
#endif
return (NULL);
}
......
......@@ -311,8 +311,6 @@ do_authloop(Authctxt *authctxt)
authctxt->user);
#ifdef _UNICOS
if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
cray_login_failure(authctxt->user, IA_UDBERR);
if (authenticated && cray_access_denied(authctxt->user)) {
authenticated = 0;
fatal("Access denied for user %s.",authctxt->user);
......
......@@ -240,10 +240,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
} else {
if (authctxt->failures++ > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
#ifdef _UNICOS
if (strcmp(method, "password") == 0)
cray_login_failure(authctxt->user, IA_UDBERR);
#endif /* _UNICOS */
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
......
/*
* $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
* $Id: bsd-cray.c,v 1.9 2003/05/02 13:42:25 dtucker Exp $
*
* bsd-cray.c
*
......@@ -143,6 +143,14 @@ cray_access_denied(char *username)
return (errcode);
}
/*
* record_failed_login: generic "login failed" interface function
*/
record_failed_login(const char *user, const char *ttyname)
{
cray_login_failure((char *)user, IA_UDBERR);
}
int
cray_setup (uid_t uid, char *username, const char *command)
{
......
/*
* $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $
* $Id: bsd-cray.h,v 1.8 2003/05/02 13:42:25 dtucker Exp $
*
* bsd-cray.h
*
......@@ -42,6 +42,8 @@ void cray_init_job(struct passwd *); /* init cray job */
void cray_job_termination_handler(int); /* process end of job signal */
void cray_login_failure(char *username, int errcode);
int cray_access_denied(char *username);
#define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *user, const char *ttyname);
extern char cray_tmpdir[]; /* cray tmpdir */
#ifndef IA_SSHD
#define IA_SSHD IA_LOGIN
......
......@@ -24,12 +24,17 @@
*
*/
#include "includes.h"
#include "ssh.h"
#include "log.h"
#include "servconf.h"
#ifdef _AIX
#include <uinfo.h>
#include <../xmalloc.h>
extern ServerOptions options;
/*
* AIX has a "usrinfo" area where logname and other stuff is stored -
* a few applications actually use this and die if it's not set
......@@ -52,5 +57,16 @@ aix_usrinfo(struct passwd *pw)
xfree(cp);
}
# ifdef CUSTOM_FAILED_LOGIN
/*
* record_failed_login: generic "login failed" interface function
*/
void
record_failed_login(const char *user, const char *ttyname)
{
loginfailed(user,
get_canonical_hostname(options.verify_reverse_mapping), ttyname);
}
# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */
......@@ -36,5 +36,10 @@
# include <sys/timers.h>
#endif
#ifdef WITH_AIXAUTHENTICATE
# define CUSTOM_FAILED_LOGIN 1
void record_failed_login(const char *user, const char *ttyname);
#endif
void aix_usrinfo(struct passwd *pw);
#endif /* _AIX */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment