diff options
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | auth.c | 5 | ||||
| -rw-r--r-- | openbsd-compat/port-aix.c | 4 |
3 files changed, 18 insertions, 2 deletions
| @@ -27,6 +27,15 @@ | |||
| 27 | [version.h] | 27 | [version.h] |
| 28 | crank to 4.4 | 28 | crank to 4.4 |
| 29 | - (djm) [openbsd-compat/xcrypt.c] needs unistd.h | 29 | - (djm) [openbsd-compat/xcrypt.c] needs unistd.h |
| 30 | - (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call | ||
| 31 | loginsuccess on AIX immediately after authentication to clear the failed | ||
| 32 | login count. Previously this would only happen when an interactive | ||
| 33 | session starts (ie when a pty is allocated) but this means that accounts | ||
| 34 | that have primarily non-interactive sessions (eg scp's) may gradually | ||
| 35 | accumulate enough failures to lock out an account. This change may have | ||
| 36 | a side effect of creating two audit records, one with a tty of "ssh" | ||
| 37 | corresponding to the authentication and one with the allocated pty per | ||
| 38 | interactive session. | ||
| 30 | 39 | ||
| 31 | 20060824 | 40 | 20060824 |
| 32 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. | 41 | - (dtucker) [openbsd-compat/basename.c] Include errno.h. |
| @@ -5329,4 +5338,4 @@ | |||
| 5329 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 5338 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 5330 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 5339 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 5331 | 5340 | ||
| 5332 | $Id: ChangeLog,v 1.4517 2006/08/30 07:52:03 djm Exp $ | 5341 | $Id: ChangeLog,v 1.4518 2006/08/30 12:33:09 dtucker Exp $ |
| @@ -279,6 +279,11 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) | |||
| 279 | strcmp(method, "challenge-response") == 0)) | 279 | strcmp(method, "challenge-response") == 0)) |
| 280 | record_failed_login(authctxt->user, | 280 | record_failed_login(authctxt->user, |
| 281 | get_canonical_hostname(options.use_dns), "ssh"); | 281 | get_canonical_hostname(options.use_dns), "ssh"); |
| 282 | # ifdef WITH_AIXAUTHENTICATE | ||
| 283 | if (authenticated) | ||
| 284 | sys_auth_record_login(authctxt->user, | ||
| 285 | get_canonical_hostname(options.use_dns), "ssh", &loginmsg); | ||
| 286 | # endif | ||
| 282 | #endif | 287 | #endif |
| 283 | #ifdef SSH_AUDIT_EVENTS | 288 | #ifdef SSH_AUDIT_EVENTS |
| 284 | if (authenticated == 0 && !authctxt->postponed) | 289 | if (authenticated == 0 && !authctxt->postponed) |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index a7ced57e9..13a73e873 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
| @@ -265,15 +265,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm, | |||
| 265 | Buffer *loginmsg) | 265 | Buffer *loginmsg) |
| 266 | { | 266 | { |
| 267 | char *msg = NULL; | 267 | char *msg = NULL; |
| 268 | static int msg_done = 0; | ||
| 268 | int success = 0; | 269 | int success = 0; |
| 269 | 270 | ||
| 270 | aix_setauthdb(user); | 271 | aix_setauthdb(user); |
| 271 | if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { | 272 | if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) { |
| 272 | success = 1; | 273 | success = 1; |
| 273 | if (msg != NULL) { | 274 | if (msg != NULL && loginmsg != NULL && !msg_done) { |
| 274 | debug("AIX/loginsuccess: msg %s", msg); | 275 | debug("AIX/loginsuccess: msg %s", msg); |
| 275 | buffer_append(loginmsg, msg, strlen(msg)); | 276 | buffer_append(loginmsg, msg, strlen(msg)); |
| 276 | xfree(msg); | 277 | xfree(msg); |
| 278 | msg_done = 1; | ||
| 277 | } | 279 | } |
| 278 | } | 280 | } |
| 279 | aix_restoreauthdb(); | 281 | aix_restoreauthdb(); |