Index: auth-passwd.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v retrieving revision 1.61.2.1 diff -u -p -r1.61.2.1 auth-passwd.c --- auth-passwd.c 18 Sep 2003 08:26:48 -0000 1.61.2.1 +++ auth-passwd.c 28 Jan 2004 19:56:11 -0000 @@ -120,6 +120,7 @@ auth_password(Authctxt *authctxt, const xfree(msg); } } + aix_restoreauthdb(); } else { debug3("AIX/authenticate failed for user %s: %.100s", pw->pw_name, authmsg); Index: openbsd-compat/port-aix.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v retrieving revision 1.14.2.1 diff -u -p -r1.14.2.1 port-aix.c --- openbsd-compat/port-aix.c 22 Sep 2003 03:05:49 -0000 1.14.2.1 +++ openbsd-compat/port-aix.c 28 Jan 2004 20:04:35 -0000 @@ -37,6 +37,10 @@ extern ServerOptions options; +# ifdef HAVE_SETAUTHDB +static char old_registry[REGISTRY_SIZE] = ""; +# endif + /* * AIX has a "usrinfo" area where logname and other stuff is stored - * a few applications actually use this and die if it's not set @@ -103,6 +107,7 @@ record_failed_login(const char *user, co # else loginfailed((char *)user, hostname, (char *)ttyname); # endif + aix_restoreauthdb(); } /* @@ -114,10 +119,7 @@ void aix_setauthdb(const char *user) { # ifdef HAVE_SETAUTHDB - static char *registry = NULL; - - if (registry != NULL) /* have already done setauthdb */ - return; + char *registry; if (setuserdb(S_READ) == -1) { debug3("%s: Could not open userdb to read", __func__); @@ -125,7 +127,7 @@ aix_setauthdb(const char *user) } if (getuserattr((char *)user, S_REGISTRY, ®istry, SEC_CHAR) == 0) { - if (setauthdb(registry, NULL) == 0) + if (setauthdb(registry, old_registry) == 0) debug3("%s: AIX/setauthdb set registry %s", __func__, registry); else @@ -137,6 +139,24 @@ aix_setauthdb(const char *user) enduserdb(); # endif } +/* + * Restore the user's registry settings from old_registry. + * Note that if the first aix_setauthdb fails, setauthdb("") is still safe + * (it restores the system default behaviour). If we don't have setauthdb, + * this is a no-op. + */ +void +aix_restoreauthdb(void) +{ +# ifdef HAVE_SETAUTHDB + if (setauthdb(old_registry, NULL) == 0) + debug3("%s: restoring old registry '%s'", __func__, + old_registry); + else + debug3("%s: failed to restore old registry %s", __func__, + old_registry); + # endif /* HAVE_SETAUTHDB */ + } # endif /* CUSTOM_FAILED_LOGIN */ #endif /* _AIX */ Index: openbsd-compat/port-aix.h =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v retrieving revision 1.14.2.1 diff -u -p -r1.14.2.1 port-aix.h --- openbsd-compat/port-aix.h 19 Sep 2003 10:46:22 -0000 1.14.2.1 +++ openbsd-compat/port-aix.h 28 Jan 2004 19:49:47 -0000 @@ -51,10 +51,19 @@ # include #endif +/* + * According to the setauthdb man page, AIX password registries must be 15 + * chars or less plus terminating NUL. + */ +#ifdef HAVE_SETAUTHDB +# define REGISTRY_SIZE 16 +#endif + #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_FAILED_LOGIN 1 void record_failed_login(const char *, const char *); void aix_setauthdb(const char *); +void aix_restoreauthdb(void); #endif void aix_usrinfo(struct passwd *);