AIX cleanups: includes and arguments

Darren Tucker dtucker at zip.com.au
Thu Jul 3 14:42:07 EST 2003 

Hi All.

	First the questions:
Is there anything objectionable in this patch?
Is AUDIT_FAIL_AUTH appropriate for the "Reason" field?

	Now the details: attached is a patch that changes some of the #includes
for AIX.  It moves the AIX-specific includes to port-aix.h and adds
includes that contain the prototypes for many of the authentication
functions.  The idea isto fix some warnings.

	Unfortunately this exposes a couple of problems:
* setpcred call does not match prototype
* loginfailed on AIX 5.2 takes an (optional?) extra argument: Reason

	The patch changes the setpcred call to:
setpcred(pw->pw_name, (char **)NULL);

	It also adds configure magic to detect a 4-arg loginfailed and #defines
to use the appropriate call (hidden in port-aix.c, fortunately):
loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);

	There are still a couple of warnings left which I hope to address in
other patches.

		-Daz.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
Index: acconfig.h
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/acconfig.h,v
retrieving revision 1.157
diff -u -r1.157 acconfig.h
--- acconfig.h	11 Jun 2003 12:51:32 -0000	1.157
+++ acconfig.h	1 Jul 2003 12:22:40 -0000
@@ -110,6 +110,9 @@
 /* Define if you want to enable AIX4's authenticate function */
 #undef WITH_AIXAUTHENTICATE
 
+/* Define if your AIX loginfailed() function takes 4 arguments */
+#undef AIX_LOGINFAILED_4ARG
+
 /* Define if you have/want arrays (cluster-wide session managment, not C arrays) */
 #undef WITH_IRIX_ARRAY
 
Index: auth-passwd.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v
retrieving revision 1.54
diff -u -r1.54 auth-passwd.c
--- auth-passwd.c	3 Jun 2003 00:25:48 -0000	1.54
+++ auth-passwd.c	2 Jul 2003 04:57:12 -0000
@@ -42,15 +42,13 @@
 #include "log.h"
 #include "servconf.h"
 #include "auth.h"
+#include "canohost.h"
 
 #if !defined(HAVE_OSF_SIA)
 /* Don't need any of these headers for the SIA cases */
 # ifdef HAVE_CRYPT_H
 #  include <crypt.h>
 # endif
-# ifdef WITH_AIXAUTHENTICATE
-#  include <login.h>
-# endif
 # ifdef __hpux
 #  include <hpsecurity.h>
 #  include <prot.h>
@@ -150,7 +148,7 @@
 	}
 # endif
 # ifdef WITH_AIXAUTHENTICATE
-	authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
+	authsuccess = (authenticate((char *)pw->pw_name,password,&reenter,&authmsg) == 0);
 
 	if (authsuccess) {
 	        /* We don't have a pty yet, so just label the line as "ssh" */
Index: configure.ac
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/configure.ac,v
retrieving revision 1.130
diff -u -r1.130 configure.ac
--- configure.ac	30 Jun 2003 09:21:36 -0000	1.130
+++ configure.ac	2 Jul 2003 03:57:23 -0000
@@ -75,12 +75,25 @@
 		AC_MSG_RESULT($blibflags)
 	fi
 	LDFLAGS="$saved_LDFLAGS"
-	AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)],
+	dnl Check for authenticate.  Might be in libs.a on older AIXes
+	AC_CHECK_FUNC(authenticate, [with_aixauthenticate=1],
 		[AC_CHECK_LIB(s,authenticate,
-			[ AC_DEFINE(WITH_AIXAUTHENTICATE)
+			[ 	with_aixaixauthenticate=1
 				LIBS="$LIBS -ls"
 			])
 		])
+	dnl Check if loginfailed takes 4 arguments
+	if (test "x$with_aixauthenticate" = "x1" ); then
+		AC_DEFINE(WITH_AIXAUTHENTICATE)
+		AC_MSG_CHECKING(if loginfailed takes 4 arguments)
+		AC_TRY_COMPILE(
+			[#include <usersec.h>],
+			[(void)loginfailed("user","host","tty",0);],
+ 			[AC_MSG_RESULT(yes)
+			 AC_DEFINE(AIX_LOGINFAILED_4ARG)],
+			[AC_MSG_RESULT(no)]
+		)
+	fi
 	AC_DEFINE(BROKEN_GETADDRINFO)
 	AC_DEFINE(BROKEN_REALPATH)
 	dnl AIX handles lastlog as part of its login message
@@ -456,8 +469,8 @@
 	login_cap.h maillock.h netdb.h netgroup.h \
 	netinet/in_systm.h paths.h pty.h readpassphrase.h \
 	rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
-	strings.h sys/strtio.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
-	sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
+	strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \
+	sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
 	sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
 	sys/un.h time.h tmpdir.h ttyent.h usersec.h \
 	util.h utime.h utmp.h utmpx.h)
Index: session.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v
retrieving revision 1.238
diff -u -r1.238 session.c
--- session.c	3 Jun 2003 00:25:48 -0000	1.238
+++ session.c	2 Jul 2003 04:37:09 -0000
@@ -1215,7 +1215,7 @@
 	{
 
 #ifdef HAVE_SETPCRED
-		setpcred(pw->pw_name);
+		setpcred(pw->pw_name, (char **)NULL);
 #endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 # ifdef __bsdi__
Index: openbsd-compat/port-aix.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v
retrieving revision 1.10
diff -u -r1.10 port-aix.c
--- openbsd-compat/port-aix.c	3 Jun 2003 02:45:27 -0000	1.10
+++ openbsd-compat/port-aix.c	2 Jul 2003 05:01:34 -0000
@@ -68,9 +68,13 @@
 void
 record_failed_login(const char *user, const char *ttyname)
 {
-	char *hostname = get_canonical_hostname(options.use_dns);
+	char *hostname = (char *)get_canonical_hostname(options.use_dns);
 
-	loginfailed(user, hostname, ttyname);
+#  ifdef AIX_LOGINFAILED_4ARG
+	loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
+#  else
+	loginfailed((char *)user, hostname, (char *)ttyname);
+#  endif
 }
 # endif /* CUSTOM_FAILED_LOGIN */
 #endif /* _AIX */
Index: openbsd-compat/port-aix.h
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v
retrieving revision 1.8
diff -u -r1.8 port-aix.h
--- openbsd-compat/port-aix.h	2 May 2003 13:42:25 -0000	1.8
+++ openbsd-compat/port-aix.h	2 Jul 2003 01:17:06 -0000
@@ -26,6 +26,15 @@
 
 #ifdef _AIX
 
+#ifdef WITH_AIXAUTHENTICATE
+# include <login.h>
+# include <userpw.h>
+# include <usersec.h>
+# ifdef HAVE_SYS_AUDIT_H
+#  include <sys/audit.h>
+# endif
+#endif
+
 /* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
 #if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
 # define nanosleep(a,b) nsleep(a,b)

More information about the openssh-unix-dev mailing list