- (djm) AIX login{success,failed} changes. Move loginsuccess call to

   do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others

diff --git a/ChangeLog b/ChangeLog
index 803a911bea5ef5000d61edfe462bd84828314398..8c4c0c466321564be8b2b7ca2c1e2f0226383287 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
 20011113
  - (djm) Fix early (and double) free of remote user when using Kerberos. 
    Patch from Simon Wilkinson <simon@sxw.org.uk>
+ - (djm) AIX login{success,failed} changes. Move loginsuccess call to 
+   do_authenticated. Call loginfailed for protocol 2 failures > MAX like 
+   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
+   K.Wolkersdorfer@fz-juelich.de and others
 
 20011112
  - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>

diff --git a/auth1.c b/auth1.c
index 6d40219be0c56375a7a778ae7081b578d014465d..1fbfad90ae8c0da76590e57724e58b5164898052 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -29,10 +29,6 @@ RCSID("$OpenBSD: auth1.c,v 1.25 2001/06/26 16:15:23 dugsong Exp $");
 /* import */
 extern ServerOptions options;
 
-#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
-
 /*
  * convert ssh auth msg type into description
  */
@@ -428,14 +424,6 @@ do_authentication()
        packet_send();
        packet_write_wait();
 
-#ifdef WITH_AIXAUTHENTICATE
-       /* We don't have a pty yet, so just label the line as "ssh" */
-       if (loginsuccess(authctxt->user,
-           get_canonical_hostname(options.reverse_mapping_check),
-           "ssh", &aixloginmsg) < 0)
-               aixloginmsg = NULL;
-#endif /* WITH_AIXAUTHENTICATE */
-
        /* Perform session preparation. */
        do_authenticated(authctxt);
 }

diff --git a/auth2.c b/auth2.c
index eb04ae75be1a6115a97bfe79a150af223c4ce947..1920eb32e0ad9e14e842201348681ec6d8efaabb 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -57,10 +57,6 @@ extern ServerOptions options;
 extern u_char *session_id2;
 extern int session_id2_len;
 
-#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
-#endif
-
 static Authctxt        *x_authctxt = NULL;
 static int one = 1;
 
@@ -282,8 +278,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
                /* now we can break out */
                authctxt->success = 1;
        } else {
-               if (authctxt->failures++ > AUTH_FAIL_MAX)
+               if (authctxt->failures++ > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+                       loginfailed(authctxt->user,
+                           get_canonical_hostname(options.reverse_mapping_check),
+                           "ssh");
+#endif /* WITH_AIXAUTHENTICATE */
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+               }
                methods = authmethods_get();
                packet_start(SSH2_MSG_USERAUTH_FAILURE);
                packet_put_cstring(methods);

diff --git a/session.c b/session.c
index 10cefdb4421beac6970779c1028c0507c4da88ec..d0f9072f39fe93a79da7dd650b82fdb54228b79f 100644 (file)
--- a/session.c
+++ b/session.c
@@ -159,7 +159,6 @@ const char *original_command = NULL;
 Session        sessions[MAX_SESSIONS];
 
 #ifdef WITH_AIXAUTHENTICATE
-/* AIX's lastlogin message, set in auth1.c */
 char *aixloginmsg;
 #endif /* WITH_AIXAUTHENTICATE */
 
@@ -191,6 +190,14 @@ do_authenticated(Authctxt *authctxt)
        }
 #endif
 #endif
+#ifdef WITH_AIXAUTHENTICATE
+       /* We don't have a pty yet, so just label the line as "ssh" */
+       if (loginsuccess(authctxt->user,
+           get_canonical_hostname(options.reverse_mapping_check),
+           "ssh", &aixloginmsg) < 0)
+               aixloginmsg = NULL;
+#endif /* WITH_AIXAUTHENTICATE */
+
        /* setup the channel layer */
        if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
                channel_permit_all_opens();