- (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in

   handling of password expiry messages returned by AIX's authentication
   routines, originally reported by robvdwal at sara.nl.

diff --git a/ChangeLog b/ChangeLog
index 1e57a06eab254c8a09a5ca74997e51dacbcbadcf..5b318dc3efa760cbcdae3905205430218e45b209 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,9 @@
    - jmc@cvs.openbsd.org 2005/03/18 17:05:00
      [sshd_config.5]
      typo;
+ - (dtucker) [auth.h sshd.c openbsd-compat/port-aix.c] Bug #1006: fix bug in
+   handling of password expiry messages returned by AIX's authentication
+   routines, originally reported by robvdwal at sara.nl.
 
 20050329
  - (dtucker) [contrib/aix/buildbff.sh] Bug #1005: Look up only the user we're

diff --git a/auth.h b/auth.h
index 8d1f934033ab2c9ca1eb966274502bb871848ca3..471404e4e5ebde0d41f033fb3ab399884bbd454b 100644 (file)
--- a/auth.h
+++ b/auth.h
@@ -30,6 +30,7 @@
 
 #include "key.h"
 #include "hostfile.h"
+#include "buffer.h"
 #include <openssl/rsa.h>
 
 #ifdef HAVE_LOGIN_CAP
@@ -68,6 +69,7 @@ struct Authctxt {
        char            *krb5_ticket_file;
        char            *krb5_ccname;
 #endif
+       Buffer          *loginmsg;
        void            *methoddata;
 };
 /*
@@ -185,6 +187,8 @@ void         auth_debug_reset(void);
 
 struct passwd *fakepw(void);
 
+int     sys_auth_passwd(Authctxt *, const char *);
+
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
 
 #define SKEY_PROMPT "\nS/Key Password: "

diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index fa6a4ff7b45ef2aa2be7ffd8008e2c0190324dd4..cf5d4b9a34e6c9b76146ae6f5e6230252baa378b 100644 (file)
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -151,7 +151,7 @@ aix_valid_authentications(const char *user)
  * returns 0.
  */
 int
-sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
+sys_auth_passwd(Authctxt *ctxt, const char *password)
 {
        char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
        int authsuccess = 0, expired, reenter, result;
@@ -181,7 +181,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg)
                 */
                expired = passwdexpired(name, &msg);
                if (msg && *msg) {
-                       buffer_append(loginmsg, msg, strlen(msg));
+                       buffer_append(ctxt->loginmsg, msg, strlen(msg));
                        aix_remove_embedded_newlines(msg);
                }
                debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);

diff --git a/sshd.c b/sshd.c
index 11d618d11163f9df05ff75ecc4b97f56d8ea561e..b3fcc6964e201a3a3bad7ab1bfdb978aa6ba5dd9 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1673,6 +1673,8 @@ main(int ac, char **av)
        authctxt = xmalloc(sizeof(*authctxt));
        memset(authctxt, 0, sizeof(*authctxt));
 
+       authctxt->loginmsg = &loginmsg;
+
        /* XXX global for cleanup, access from other modules */
        the_authctxt = authctxt;