- (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
Include AIX headers for authentication functions and make calls match
prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
diff --git a/ChangeLog b/ChangeLog
index 266756f..ea4d4ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20030708
+ - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]]
+ Include AIX headers for authentication functions and make calls match
+ prototypes. Test for and handle 3-args and 4-arg variants of loginfailed.
+
20030707
- (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before
searching libraries for it. Fixes build errors on NCR MP-RAS.
@@ -662,4 +667,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2846 2003/07/07 09:44:01 dtucker Exp $
+$Id: ChangeLog,v 1.2847 2003/07/08 10:52:12 dtucker Exp $
diff --git a/acconfig.h b/acconfig.h
index e6f5ebb..23cc9c8 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.157 2003/06/11 12:51:32 djm Exp $ */
+/* $Id: acconfig.h,v 1.158 2003/07/08 10:52:13 dtucker Exp $ */
/*
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -110,6 +110,9 @@
/* Define if you want to enable AIX4's authenticate function */
#undef WITH_AIXAUTHENTICATE
+/* Define if your AIX loginfailed() function takes 3 arguments (AIX <= 5.1) */
+#undef AIX_LOGINFAILED_3ARG
+
/* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
#undef WITH_IRIX_ARRAY
diff --git a/auth-passwd.c b/auth-passwd.c
index 9a94c37..ea65a01 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -42,15 +42,13 @@
#include "log.h"
#include "servconf.h"
#include "auth.h"
+#include "canohost.h"
#if !defined(HAVE_OSF_SIA)
/* Don't need any of these headers for the SIA cases */
# ifdef HAVE_CRYPT_H
# include <crypt.h>
# endif
-# ifdef WITH_AIXAUTHENTICATE
-# include <login.h>
-# endif
# ifdef __hpux
# include <hpsecurity.h>
# include <prot.h>
diff --git a/configure.ac b/configure.ac
index 8d9143e..431c644 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.131 2003/07/07 09:44:01 dtucker Exp $
+# $Id: configure.ac,v 1.132 2003/07/08 10:52:13 dtucker Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@@ -75,12 +75,25 @@
AC_MSG_RESULT($blibflags)
fi
LDFLAGS="$saved_LDFLAGS"
- AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
+ # Check for authenticate. Might be in libs.a on older AIXes
+ AC_CHECK_FUNC(authenticate, [with_aixauthenticate=1],
[AC_CHECK_LIB(s,authenticate,
- [ AC_DEFINE(WITH_AIXAUTHENTICATE)
+ [ with_aixaixauthenticate=1
LIBS="$LIBS -ls"
])
])
+ # Check if loginfailed takes 3 arguments (AIX <= 5.1)
+ if (test "x$with_aixauthenticate" = "x1" ); then
+ AC_DEFINE(WITH_AIXAUTHENTICATE)
+ AC_MSG_CHECKING(if loginfailed takes 3 arguments)
+ AC_TRY_COMPILE(
+ [#include <usersec.h>],
+ [(void)loginfailed("user","host","tty");],
+ [AC_MSG_RESULT(yes)
+ AC_DEFINE(AIX_LOGINFAILED_3ARG)],
+ [AC_MSG_RESULT(no)]
+ )
+ fi
AC_DEFINE(BROKEN_GETADDRINFO)
AC_DEFINE(BROKEN_REALPATH)
dnl AIX handles lastlog as part of its login message
@@ -456,8 +469,8 @@
login_cap.h maillock.h netdb.h netgroup.h \
netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
- strings.h sys/strtio.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
- sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
+ strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
+ sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
sys/un.h time.h tmpdir.h ttyent.h usersec.h \
util.h utime.h utmp.h utmpx.h)
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index b4c9454..c8d9517 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -70,7 +70,11 @@
{
char *hostname = get_canonical_hostname(options.use_dns);
- loginfailed(user, hostname, ttyname);
+# ifdef AIX_LOGINFAILED_3ARG
+ loginfailed((char *)user, hostname, (char *)ttyname);
+# else
+ loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
+# endif
}
# endif /* CUSTOM_FAILED_LOGIN */
#endif /* _AIX */
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 2254e74..2787d91 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -26,6 +26,15 @@
#ifdef _AIX
+#ifdef WITH_AIXAUTHENTICATE
+# include <login.h>
+# include <userpw.h>
+# include <usersec.h>
+# ifdef HAVE_SYS_AUDIT_H
+# include <sys/audit.h>
+# endif
+#endif
+
/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
# define nanosleep(a,b) nsleep(a,b)
diff --git a/session.c b/session.c
index dc9777d..ac57c3d 100644
--- a/session.c
+++ b/session.c
@@ -1215,7 +1215,7 @@
{
#ifdef HAVE_SETPCRED
- setpcred(pw->pw_name);
+ setpcred(pw->pw_name, (char **)NULL);
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
# ifdef __bsdi__