summaryrefslogtreecommitdiff
path: root/openbsd-compat/port-aix.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2006-08-30 22:33:09 +1000
committerDarren Tucker <dtucker@zip.com.au>2006-08-30 22:33:09 +1000
commit26d4e19caa3013f57dc3c1462847eceaac6a1d7d (patch)
tree0ef89a92e02a33a1681ebdf4e667f86bb6e15059 /openbsd-compat/port-aix.c
parent8ff1da81ec5e3032befb98349ec6ceba84dab706 (diff)
- (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call
loginsuccess on AIX immediately after authentication to clear the failed login count. Previously this would only happen when an interactive session starts (ie when a pty is allocated) but this means that accounts that have primarily non-interactive sessions (eg scp's) may gradually accumulate enough failures to lock out an account. This change may have a side effect of creating two audit records, one with a tty of "ssh" corresponding to the authentication and one with the allocated pty per interactive session.
Diffstat (limited to 'openbsd-compat/port-aix.c')
-rw-r--r--openbsd-compat/port-aix.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index a7ced57e..13a73e87 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -265,15 +265,17 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm,
Buffer *loginmsg)
{
char *msg = NULL;
+ static int msg_done = 0;
int success = 0;
aix_setauthdb(user);
if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
success = 1;
- if (msg != NULL) {
+ if (msg != NULL && loginmsg != NULL && !msg_done) {
debug("AIX/loginsuccess: msg %s", msg);
buffer_append(loginmsg, msg, strlen(msg));
xfree(msg);
+ msg_done = 1;
}
}
aix_restoreauthdb();