- (dtucker) [auth.c openbsd-compat/port-aix.c] Bug #1207: always call

loginsuccess on AIX immediately after authentication to clear the failed login count. Previously this would only happen when an interactive session starts (ie when a pty is allocated) but this means that accounts that have primarily non-interactive sessions (eg scp's) may gradually accumulate enough failures to lock out an account. This change may have a side effect of creating two audit records, one with a tty of "ssh" corresponding to the authentication and one with the allocated pty per interactive session.
author: Darren Tucker <dtucker@zip.com.au> 2006-08-30 22:33:09 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2006-08-30 22:33:09 +1000
commit: 26d4e19caa3013f57dc3c1462847eceaac6a1d7d (patch)
tree: 0ef89a92e02a33a1681ebdf4e667f86bb6e15059 /auth.c
parent: 8ff1da81ec5e3032befb98349ec6ceba84dab706 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/auth.c b/auth.c
index 5a02a436..5da140b0 100644
--- a/auth.c
+++ b/auth.c
@@ -279,6 +279,11 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info)
 	    strcmp(method, "challenge-response") == 0))
 		record_failed_login(authctxt->user,
 		    get_canonical_hostname(options.use_dns), "ssh");
+# ifdef WITH_AIXAUTHENTICATE
+	if (authenticated)
+		sys_auth_record_login(authctxt->user,
+		    get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
+# endif
 #endif
 #ifdef SSH_AUDIT_EVENTS
 	if (authenticated == 0 && !authctxt->postponed)
author	Darren Tucker <dtucker@zip.com.au>	2006-08-30 22:33:09 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2006-08-30 22:33:09 +1000
commit	26d4e19caa3013f57dc3c1462847eceaac6a1d7d (patch)
tree	0ef89a92e02a33a1681ebdf4e667f86bb6e15059 /auth.c
parent	8ff1da81ec5e3032befb98349ec6ceba84dab706 (diff)