RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-26 03:42:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call

Browse Source 
loginsuccess on AIX immediately after authentication to clear the failed
   login count.  Previously this would only happen when an interactive
   session starts (ie when a pty is allocated) but this means that accounts
   that have primarily non-interactive sessions (eg scp's) may gradually
   accumulate enough failures to lock out an account.  This change may have
   a side effect of creating two audit records, one with a tty of "ssh"
   corresponding to the authentication and one with the allocated pty per
   interactive session.
This commit is contained in:
Darren Tucker 2006-08-30 22:33:09 +10:00
parent 8ff1da81ec
commit 26d4e19caa
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ChangeLog
View File

@ -27,6 +27,15 @@
[version.h]
crank to 4.4
- (djm) [openbsd-compat/xcrypt.c] needs unistd.h
- (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed
login count. Previously this would only happen when an interactive
session starts (ie when a pty is allocated) but this means that accounts
that have primarily non-interactive sessions (eg scp's) may gradually
accumulate enough failures to lock out an account. This change may have
a side effect of creating two audit records, one with a tty of "ssh"
corresponding to the authentication and one with the allocated pty per
interactive session.
20060824
- (dtucker) [openbsd-compat/basename.c] Include errno.h.
@ -5329,4 +5338,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4517 2006/08/30 07:52:03 djm Exp $
$Id: ChangeLog,v 1.4518 2006/08/30 12:33:09 dtucker Exp $

5
auth.c
View File

@ -279,6 +279,11 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
strcmp(method, "challenge-response") == 0))
record_failed_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh");
# ifdef WITH_AIXAUTHENTICATE
if (authenticated)
sys_auth_record_login(authctxt->user,
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
#endif
#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed)

4
openbsd-compat/port-aix.c
View File

@ -265,15 +265,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm,
Buffer *loginmsg)
{
char *msg = NULL;
static int msg_done = 0;
int success = 0;
aix_setauthdb(user);
if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
success = 1;
if (msg != NULL) {
if (msg != NULL && loginmsg != NULL && !msg_done) {
debug("AIX/loginsuccess: msg %s", msg);
buffer_append(loginmsg, msg, strlen(msg));
xfree(msg);
msg_done = 1;
}
}
aix_restoreauthdb();