openssh-2.9p1 bug: loginfailed() with AIX 4.3.3
K.Wolkersdorfer at fz-juelich.de
K.Wolkersdorfer at fz-juelich.de
Tue May 22 00:08:00 EST 2001
Hi,
first let me thank you for all the excellent work with openssh!
Bug-Description (for AIX - current release 4.3.3 - only):
During password-authentication if a user enters a wrong
password, the failed attempt is not at all recorded in
/etc/security/lastlog, although the loginfailed()
subroutine in auth1.c is supposed to do that.
Suggestion:
In AIX the loginfailed() subroutine should be called
if and only if
the user enters a wrong password:
From man loginfailed:
..."A login failure audit record is cut to indicate that
an unsuccessful login attempt occurred. A utmp entry
is appended to /etc/security/failedlogin file,
which tracks all failed login attempts." ...
So it seems that in auth1.c the loginfailed() subroutine
is on the wrong place. It should be immediately after
the password-authentication.
Bug-Fix:
The following fix works for us:
------------------------------------------------------------------------
diff auth-passwd.c.orig auth-passwd.c
151c151,160
< return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
---
> { int iau;
> iau = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
> debug("auth-passwd (FZJ-authenticate): rc: %d msg: %s", iau,
authmsg);
> if (iau)
> return 1;
> loginfailed(authctxt->user,
> get_canonical_hostname(options.reverse_mapping_check),
> "ssh");
> return 0;
> }
-------------------------------------------------------------------------
Many thanks for your attention and best regards from Germany
Klaus
--
Klaus Wolkersdorfer (K.Wolkersdorfer at fz-juelich.de)
Zentralinstitut fuer Angewandte Mathematik (ZAM) Tel: +49-2461-61-6579
John von Neumann - Institute for Computing (NIC) Fax: -6656
Forschungszentrum Juelich GmbH, D-52425 Juelich, Germany
More information about the openssh-unix-dev
mailing list