diff options
author | Darren Tucker <dtucker@zip.com.au> | 2006-08-30 22:33:09 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2006-08-30 22:33:09 +1000 |
commit | 26d4e19caa3013f57dc3c1462847eceaac6a1d7d (patch) | |
tree | 0ef89a92e02a33a1681ebdf4e667f86bb6e15059 /openbsd-compat/port-aix.c | |
parent | 8ff1da81ec5e3032befb98349ec6ceba84dab706 (diff) |
- (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed
login count. Previously this would only happen when an interactive
session starts (ie when a pty is allocated) but this means that accounts
that have primarily non-interactive sessions (eg scp's) may gradually
accumulate enough failures to lock out an account. This change may have
a side effect of creating two audit records, one with a tty of "ssh"
corresponding to the authentication and one with the allocated pty per
interactive session.
Diffstat (limited to 'openbsd-compat/port-aix.c')
-rw-r--r-- | openbsd-compat/port-aix.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index a7ced57e9..13a73e873 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -265,15 +265,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm, | |||
265 | Buffer *loginmsg) | 265 | Buffer *loginmsg) |
266 | { | 266 | { |
267 | char *msg = NULL; | 267 | char *msg = NULL; |
268 | static int msg_done = 0; | ||
268 | int success = 0; | 269 | int success = 0; |
269 | 270 | ||
270 | aix_setauthdb(user); | 271 | aix_setauthdb(user); |
271 | if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { | 272 | if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { |
272 | success = 1; | 273 | success = 1; |
273 | if (msg != NULL) { | 274 | if (msg != NULL && loginmsg != NULL && !msg_done) { |
274 | debug("AIX/loginsuccess: msg %s", msg); | 275 | debug("AIX/loginsuccess: msg %s", msg); |
275 | buffer_append(loginmsg, msg, strlen(msg)); | 276 | buffer_append(loginmsg, msg, strlen(msg)); |
276 | xfree(msg); | 277 | xfree(msg); |
278 | msg_done = 1; | ||
277 | } | 279 | } |
278 | } | 280 | } |
279 | aix_restoreauthdb(); | 281 | aix_restoreauthdb(); |