Hi. There's a couple of minor problems with the way port-aix.c handles the messages returned by AIX's authentication routines. I think we handle the native ones OK, but third-party modules might behave differently. It tests OK for me, I would appreciate testing by anyone using AIX (esp. anyone using something other than the standard password auth modules). a) The message from a successful authenticate() is not sent to the user. (The native password modules don't return anything). b) There is one code path where the message is not free()ed. (It only leaks a few bytes on a successful authentication if passwordexpired() returns a warning message, but it should be fixed.) c) The auth routines *may* return a NULL pointer rather than a pointer to a message. Most don't, and I think we handle all of the ones that might, but we should handle all of them. d) The debug message from loginsuccess() was inconsistent with the rest. e) There were some spaces instead of tabs. I've already commited that change since I didn't want to mix code and whitespace changes. To fix a)-c), I used the following construct: result = function(...); if (msg != NULL) buffer_append(&loginmsg, msg, strlen(msg)); else msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); debug("AIX/function returned %d msg %s", result, msg); xfree(msg); The message needs to be appended to loginmsg before we trash the newlines, otherwise they'll look funny. It seemed simpler to xstrdup the "none" message for the NULL case and then print and free it unconditionally. I think this is tidier (but marginally less efficient) than my first attempt which looked roughly like: debug("AIX/function returned %d msg %s", result, msg != NULL ? msg : "(none)"); if (msg != NULL) xfree(msg) The loginrestrictions() code in auth.c should probably get similar treatment (and be moved to port-aix.c too). Comments? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openssh-aixmsg.patch Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040616/dd3e62e0/attachment.ksh