- (bal) Failed password attempts don't increment counter on AIX. Bug #145

diff --git a/ChangeLog b/ChangeLog
index ccc21527c78138f441e6d11213fdc0a3a39dbbe2..b9b03ffbab44711be0367e54d64d0bbd828a130d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -56,7 +56,8 @@
      /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled 
      globally. based on discussions with deraadt, itojun and sommerfeld; 
      ok itojun@
-
+ - (bal) Failed password attempts don't increment counter on AIX. Bug #145
+  
 20020702
  - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & 
    friends consistently. Spotted by Solar Designer <solar@openwall.com>

diff --git a/auth.c b/auth.c
index 066b50d6ba1dcc132182cd8d57c166988242ffab..693826a93f61015f2a038e7611a642705ecef3ed 100644 (file)
--- a/auth.c
+++ b/auth.c
@@ -256,6 +256,14 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
            get_remote_ipaddr(),
            get_remote_port(),
            info);
+
+#ifdef WITH_AIXAUTHENTICATE
+       if (authenticated == 0 && strcmp(method, "password") == 0)
+           loginfailed(authctxt->user,
+               get_canonical_hostname(options.verify_reverse_mapping),
+               "ssh");
+#endif /* WITH_AIXAUTHENTICATE */
+
 }
 
 /*

diff --git a/auth1.c b/auth1.c
index 2ebc8d039b0d7d76769d4fe7af2587e2a7720b41..769fa306f11deff6719d4fb5638d1bd4c0d5b923 100644 (file)
--- a/auth1.c
+++ b/auth1.c
@@ -323,12 +323,6 @@ do_authloop(Authctxt *authctxt)
                        return;
 
                if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
-                       /* XXX: privsep */
-                       loginfailed(authctxt->user,
-                           get_canonical_hostname(options.verify_reverse_mapping),
-                           "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
                }
 

diff --git a/auth2.c b/auth2.c
index eea381d95b657c17d2572cef28be3b0459d39990..3b47a6d0a57fe769469bfd726730e62d1d0df1f1 100644 (file)
--- a/auth2.c
+++ b/auth2.c
@@ -232,12 +232,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
                authctxt->success = 1;
        } else {
                if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
-                       /* XXX: privsep */
-                       loginfailed(authctxt->user,
-                           get_canonical_hostname(options.verify_reverse_mapping),
-                           "ssh");
-#endif /* WITH_AIXAUTHENTICATE */
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
                }
                methods = authmethods_get();