Somewhere between 2.9p1 and 2.9.9p2 there was a change to auth2.c that removed the userauth_reply() function. There were a few lines of code in that function, #ifdef'd with WITH_AIXAUTHENTICATE, that handled the AIX method of lastlog type stuff (specifically, a loginsuccess() call). There is a similar call in auth1.c, down in do_authentication(), which is still there in 2.9.9p2. So with 2.9.9p2, the lastlog stuff is handled properly if you connect with protocol version 1, but not with protocol version 2. Looking at the code a little, maybe this can be moved into do_authenticated() in session.c covering both the protocol versions. There's already other WITH_AIXAUTHENTICATE code in there, too. Not being familiar with the "proper" place for various steps, I don't know if this is the correct place, though. If that would be considered the right place for it, I can throw out a quick patch, I guess. =Dave -- Hello World. David Bronder - Systems Admin Segmentation Fault ITS-SPA, Univ. of Iowa Core dumped, disk trashed, quota filled, soda warm. david-bronder at uiowa.edu
On Thu, 27 Sep 2001, David Bronder wrote:> Somewhere between 2.9p1 and 2.9.9p2 there was a change to auth2.c that > removed the userauth_reply() function. There were a few lines of code > in that function, #ifdef'd with WITH_AIXAUTHENTICATE, that handled the > AIX method of lastlog type stuff (specifically, a loginsuccess() call). > There is a similar call in auth1.c, down in do_authentication(), which > is still there in 2.9.9p2. > > So with 2.9.9p2, the lastlog stuff is handled properly if you connect > with protocol version 1, but not with protocol version 2. Looking at > the code a little, maybe this can be moved into do_authenticated() in > session.c covering both the protocol versions. There's already other > WITH_AIXAUTHENTICATE code in there, too. Not being familiar with the > "proper" place for various steps, I don't know if this is the correct > place, though. > > If that would be considered the right place for it, I can throw out a > quick patch, I guess.Yes please :) -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer