11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 2001 Gert Doering. All rights reserved. 41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 2003,2004,2005,2006 Darren Tucker. All rights reserved. 51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Redistribution and use in source and binary forms, with or without 71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * modification, are permitted provided that the following conditions 81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * are met: 91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 1. Redistributions of source code must retain the above copyright 101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * notice, this list of conditions and the following disclaimer. 111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 2. Redistributions in binary form must reproduce the above copyright 121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * notice, this list of conditions and the following disclaimer in the 131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * documentation and/or other materials provided with the distribution. 141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "includes.h" 281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "xmalloc.h" 301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "buffer.h" 311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "key.h" 321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "hostfile.h" 331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "auth.h" 341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "ssh.h" 351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "log.h" 361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef _AIX 381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <errno.h> 401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#if defined(HAVE_NETDB_H) 411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# include <netdb.h> 421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <uinfo.h> 441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdarg.h> 451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <string.h> 461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <unistd.h> 471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/socket.h> 481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef WITH_AIXAUTHENTICATE 501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# include <login.h> 511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# include <userpw.h> 521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# if defined(HAVE_SYS_AUDIT_H) && defined(AIX_LOGINFAILED_4ARG) 531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# include <sys/audit.h> 541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif 551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# include <usersec.h> 561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "port-aix.h" 591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic char *lastlogin_msg = NULL; 611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef HAVE_SETAUTHDB 631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic char old_registry[REGISTRY_SIZE] = ""; 641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif 651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * AIX has a "usrinfo" area where logname and other stuff is stored - 681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * a few applications actually use this and die if it's not set 691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * NOTE: TTY= should be set, but since no one uses it and it's hard to 711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * acquire due to privsep code. We will just drop support. 721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodaix_usrinfo(struct passwd *pw) 751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int i; 771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood size_t len; 781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *cp; 791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); 811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cp = xmalloc(len); 821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', 841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pw->pw_name, '\0'); 851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (usrinfo(SETUINFO, cp, i) == -1) 861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("Couldn't set usrinfo: %s", strerror(errno)); 871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX/UsrInfo: set len %d", i); 881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(cp); 901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef WITH_AIXAUTHENTICATE 931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Remove embedded newlines in string (if any). 951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Used before logging messages returned by AIX authentication functions 961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * so the message is logged on one line. 971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodaix_remove_embedded_newlines(char *p) 1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (p == NULL) 1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (; *p; p++) { 1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*p == '\n') 1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *p = ' '; 1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Remove trailing whitespace */ 1091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*--p == ' ') 1101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *p = '\0'; 1111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 1141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Test specifically for the case where SYSTEM == NONE and AUTH1 contains 1151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * anything other than NONE or SYSTEM, which indicates that the admin has 1161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * configured the account for purely AUTH1-type authentication. 1171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 1181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Since authenticate() doesn't check AUTH1, and sshd can't sanely support 1191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * AUTH1 itself, in such a case authenticate() will allow access without 1201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * authentation, which is almost certainly not what the admin intends. 1211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 1221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * (The native tools, eg login, will process the AUTH1 list in addition to 1231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * the SYSTEM list by using ckuserID(), however ckuserID() and AUTH1 methods 1241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * have been deprecated since AIX 4.2.x and would be very difficult for sshd 1251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * to support. 1261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 1271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Returns 0 if an unsupportable combination is found, 1 otherwise. 1281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 1291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstatic int 1301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodaix_valid_authentications(const char *user) 1311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *auth1, *sys, *p; 1331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int valid = 1; 1341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getuserattr((char *)user, S_AUTHSYSTEM, &sys, SEC_CHAR) != 0) { 1361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("Can't retrieve attribute SYSTEM for %s: %.100s", 1371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood user, strerror(errno)); 1381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 1391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX SYSTEM attribute %s", sys); 1421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(sys, "NONE") != 0) 1431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 1; /* not "NONE", so is OK */ 1441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getuserattr((char *)user, S_AUTH1, &auth1, SEC_LIST) != 0) { 1461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("Can't retrieve attribute auth1 for %s: %.100s", 1471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood user, strerror(errno)); 1481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 1491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p = auth1; 1521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* A SEC_LIST is concatenated strings, ending with two NULs. */ 1531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (p[0] != '\0' && p[1] != '\0') { 1541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX auth1 attribute list member %s", p); 1551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (strcmp(p, "NONE") != 0 && strcmp(p, "SYSTEM")) { 1561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("Account %s has unsupported auth1 value '%s'", 1571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood user, p); 1581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood valid = 0; 1591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood p += strlen(p) + 1; 1611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 1621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return (valid); 1641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 1671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Do authentication via AIX's authenticate routine. We loop until the 1681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * reenter parameter is 0, but normally authenticate is called only once. 1691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 1701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Note: this function returns 1 on success, whereas AIX's authenticate() 1711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * returns 0. 1721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 1731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 1741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodsys_auth_passwd(Authctxt *ctxt, const char *password) 1751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name; 1771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int authsuccess = 0, expired, reenter, result; 1781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood do { 1801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = authenticate((char *)name, (char *)password, &reenter, 1811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood &authmsg); 1821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_remove_embedded_newlines(authmsg); 1831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX/authenticate result %d, authmsg %.100s", result, 1841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood authmsg); 1851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } while (reenter); 1861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!aix_valid_authentications(name)) 1881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = -1; 1891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (result == 0) { 1911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood authsuccess = 1; 1921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 1941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Record successful login. We don't have a pty yet, so just 1951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * label the line as "ssh" 1961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 1971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_setauthdb(name); 1981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 2001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Check if the user's password is expired. 2011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 2021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood expired = passwdexpired(name, &msg); 2031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (msg && *msg) { 2041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_append(ctxt->loginmsg, msg, strlen(msg)); 2051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_remove_embedded_newlines(msg); 2061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); 2081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (expired) { 2101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 0: /* password not expired */ 2111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 2121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case 1: /* expired, password change required */ 2131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ctxt->force_pwchange = 1; 2141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 2151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: /* user can't change(2) or other error (-1) */ 2161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("Password can't be changed for user %s: %.100s", 2171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood name, msg); 2181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (msg) 2191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(msg); 2201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood authsuccess = 0; 2211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_restoreauthdb(); 2241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (authmsg != NULL) 2271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(authmsg); 2281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return authsuccess; 2301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 2311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 2331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Check if specified account is permitted to log in. 2341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Returns 1 if login is allowed, 0 if not allowed. 2351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 2361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 2371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodsys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) 2381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 2391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *msg = NULL; 2401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int result, permitted = 0; 2411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct stat st; 2421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 2441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Don't perform checks for root account (PermitRootLogin controls 2451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * logins via ssh) or if running as non-root user (since 2461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * loginrestrictions will always fail due to insufficient privilege). 2471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 2481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (pw->pw_uid == 0 || geteuid() != 0) { 2491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("%s: not checking", __func__); 2501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 1; 2511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg); 2541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (result == 0) 2551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood permitted = 1; 2561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 2571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * If restricted because /etc/nologin exists, the login will be denied 2581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * in session.c after the nologin message is sent, so allow for now 2591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * and do not append the returned message. 2601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 2611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) 2621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood permitted = 1; 2631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if (msg != NULL) 2641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood buffer_append(loginmsg, msg, strlen(msg)); 2651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (msg == NULL) 2661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood msg = xstrdup("(none)"); 2671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_remove_embedded_newlines(msg); 2681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX/loginrestrictions returned %d msg %.100s", result, msg); 2691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!permitted) 2711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood logit("Login restricted for %s: %.100s", pw->pw_name, msg); 2721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xfree(msg); 2731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return permitted; 2741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 2751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 2771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodsys_auth_record_login(const char *user, const char *host, const char *ttynm, 2781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood Buffer *loginmsg) 2791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 2801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *msg = NULL; 2811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int success = 0; 2821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_setauthdb(user); 2841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { 2851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood success = 1; 2861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (msg != NULL) { 2871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("AIX/loginsuccess: msg %s", msg); 2881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (lastlogin_msg == NULL) 2891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood lastlogin_msg = msg; 2901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_restoreauthdb(); 2931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return (success); 2941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 2951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodchar * 2971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodsys_auth_get_lastlogin_msg(const char *user, uid_t uid) 2981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 2991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *msg = lastlogin_msg; 3001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood lastlogin_msg = NULL; 3021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return msg; 3031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 3041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef CUSTOM_FAILED_LOGIN 3061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 3071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * record_failed_login: generic "login failed" interface function 3081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 3101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodrecord_failed_login(const char *user, const char *hostname, const char *ttyname) 3111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 3121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (geteuid() != 0) 3131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 3141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_setauthdb(user); 3161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef AIX_LOGINFAILED_4ARG 3171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood loginfailed((char *)user, (char *)hostname, (char *)ttyname, 3181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood AUDIT_FAIL_AUTH); 3191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# else 3201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood loginfailed((char *)user, (char *)hostname, (char *)ttyname); 3211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif 3221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood aix_restoreauthdb(); 3231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 3241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif /* CUSTOM_FAILED_LOGIN */ 3251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 3271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * If we have setauthdb, retrieve the password registry for the user's 3281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * account then feed it to setauthdb. This will mean that subsequent AIX auth 3291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * functions will only use the specified loadable module. If we don't have 3301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * setauthdb this is a no-op. 3311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 3331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodaix_setauthdb(const char *user) 3341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 3351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef HAVE_SETAUTHDB 3361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *registry; 3371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (setuserdb(S_READ) == -1) { 3391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("%s: Could not open userdb to read", __func__); 3401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 3411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 3421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { 3441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (setauthdb(registry, old_registry) == 0) 3451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX/setauthdb set registry '%s'", registry); 3461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 3471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("AIX/setauthdb set registry '%s' failed: %s", 3481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood registry, strerror(errno)); 3491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else 3501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("%s: Could not read S_REGISTRY for user: %s", __func__, 3511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strerror(errno)); 3521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood enduserdb(); 3531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif /* HAVE_SETAUTHDB */ 3541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 3551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 3571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Restore the user's registry settings from old_registry. 3581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Note that if the first aix_setauthdb fails, setauthdb("") is still safe 3591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * (it restores the system default behaviour). If we don't have setauthdb, 3601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * this is a no-op. 3611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 3631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodaix_restoreauthdb(void) 3641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 3651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef HAVE_SETAUTHDB 3661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (setauthdb(old_registry, NULL) == 0) 3671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("%s: restoring old registry '%s'", __func__, 3681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood old_registry); 3691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 3701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug3("%s: failed to restore old registry %s", __func__, 3711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood old_registry); 3721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif /* HAVE_SETAUTHDB */ 3731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 3741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif /* WITH_AIXAUTHENTICATE */ 3761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ifdef USE_AIX_KRB_NAME 3781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 3791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * aix_krb5_get_principal_name: returns the user's kerberos client principal name if 3801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * configured, otherwise NULL. Caller must free returned string. 3811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodchar * 3831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodaix_krb5_get_principal_name(char *pw_name) 3841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 3851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *authname = NULL, *authdomain = NULL, *principal = NULL; 3861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood setuserdb(S_READ); 3881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getuserattr(pw_name, S_AUTHDOMAIN, &authdomain, SEC_CHAR) != 0) 3891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("AIX getuserattr S_AUTHDOMAIN: %s", strerror(errno)); 3901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getuserattr(pw_name, S_AUTHNAME, &authname, SEC_CHAR) != 0) 3911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("AIX getuserattr S_AUTHNAME: %s", strerror(errno)); 3921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (authdomain != NULL) 3941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood xasprintf(&principal, "%s@%s", authname ? authname : pw_name, authdomain); 3951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else if (authname != NULL) 3961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood principal = xstrdup(authname); 3971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood enduserdb(); 3981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return principal; 3991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 4001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif /* USE_AIX_KRB_NAME */ 4011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) 4031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# undef getnameinfo 4041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 4051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros 4061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * IPv6 address into its textual representation ("::"), so we wrap it 4071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * with a function that will. 4081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 4101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodsshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, 4111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood size_t hostlen, char *serv, size_t servlen, int flags) 4121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 4131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct sockaddr_in6 *sa6; 4141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood u_int32_t *a6; 4151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && 4171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sa->sa_family == AF_INET6) { 4181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sa6 = (struct sockaddr_in6 *)sa; 4191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood a6 = sa6->sin6_addr.u6_addr.u6_addr32; 4201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { 4221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcpy(host, "::", hostlen); 4231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood snprintf(serv, servlen, "%d", sa6->sin6_port); 4241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return 0; 4251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); 4281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 4291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif /* AIX_GETNAMEINFO_HACK */ 4301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# if defined(USE_GETGRSET) 4321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# include <stdlib.h> 4331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 4341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodgetgrouplist(const char *user, gid_t pgid, gid_t *groups, int *grpcnt) 4351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 4361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *cp, *grplist, *grp; 4371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood gid_t gid; 4381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int ret = 0, ngroups = 0, maxgroups; 4391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood long l; 4401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood maxgroups = *grpcnt; 4421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((cp = grplist = getgrset(user)) == NULL) 4441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 4451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* handle zero-length case */ 4471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (maxgroups <= 0) { 4481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *grpcnt = 0; 4491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return -1; 4501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* copy primary group */ 4531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood groups[ngroups++] = pgid; 4541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* copy each entry from getgrset into group list */ 4561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while ((grp = strsep(&grplist, ",")) != NULL) { 4571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood l = strtol(grp, NULL, 10); 4581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) { 4591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ret = -1; 4601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood goto out; 4611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood gid = (gid_t)l; 4631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (gid == pgid) 4641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood continue; /* we have already added primary gid */ 4651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood groups[ngroups++] = gid; 4661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodout: 4681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood free(cp); 4691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood *grpcnt = ngroups; 4701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return ret; 4711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 4721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# endif /* USE_GETGRSET */ 4731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* _AIX */ 475