search for: aixloginmsg

Hi, I noticed that the AIX specific loginsuccess call uses char *aixloginmsg to retrieve login information. Later this message is printed in session.c (around line 753). Loginsuccess mallocs space for this message and according to the aix docs it's the responsibility of the calling program to free this message. I didn't notice any code in openssh that would free th...

...ENTICATE */ packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); + } /* Send a message indicating that the authentication attempt failed. */ packet_start(SSH_SMSG_FAILURE); @@ -430,7 +432,7 @@ unsigned int ulen; char *user; #ifdef WITH_AIXAUTHENTICATE - char *loginmsg; + extern char *aixloginmsg; #endif /* WITH_AIXAUTHENTICATE */ /* Get the name of the user that we wish to log in as. */ @@ -501,7 +503,9 @@ /* The user has been authenticated and accepted. */ #ifdef WITH_AIXAUTHENTICATE - loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg); + /* We don't h...

...22 diff -u -r1.222 session.c --- session.c 26 Sep 2002 00:38:50 -0000 1.222 +++ session.c 13 Oct 2002 11:06:28 -0000 @@ -104,7 +104,10 @@ Session sessions[MAX_SESSIONS]; #ifdef WITH_AIXAUTHENTICATE +int is_aix_password_change_required(void); +void do_aix_change_password(struct passwd *); char *aixloginmsg; +char *aixexpiremsg; #endif /* WITH_AIXAUTHENTICATE */ #ifdef HAVE_LOGIN_CAP @@ -461,6 +464,12 @@ "TTY available"); #endif /* USE_PAM */ +#ifdef WITH_AIXAUTHENTICATE + if (is_aix_password_change_required()) + packet_disconnect("Password change required but no " +...

Hi All. I've decided to try to merge the -Portable parts of the password expiry patch (see bug #14) that do not depend on the OpenBSD change in bug #463. The attached patch is the first step in this process. It removes the AIX-specific "char *aixloginmsg" and replaces it with a platform-neutral "Buffer loginmsg". I think this is worth having in -Portable even if it does not make it to OpenBSD. Does anyone see any problems with or have any objections to this patch? -Daz. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69...

...efined(HAVE_OSF_SIA) /* Don't need any of these headers for the PAM or SIA cases */ @@ -81,8 +83,10 @@ #endif /* !USE_PAM && !HAVE_OSF_SIA */ extern ServerOptions options; +extern Buffer login_message; +extern int password_change_required; #ifdef WITH_AIXAUTHENTICATE -extern char *aixloginmsg; +void aix_remove_embedded_newlines(char *); #endif /* @@ -149,13 +153,23 @@ #endif #ifdef WITH_AIXAUTHENTICATE authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + aix_remove_embedded_newlines(authmsg); - if (authsuccess) + if (authsuccess) { + char *m...

...MAXHOSTNAMELEN]; socklen_t fromlen; struct sockaddr_storage from; time_t last_login_time; struct passwd * pw = s->pw; pid_t pid = getpid(); + int retval; /* * Get IP address of client. If the connection is not a socket, let @@ -730,6 +735,44 @@ #ifdef WITH_AIXAUTHENTICATE if (aixloginmsg && *aixloginmsg) printf("%s\n", aixloginmsg); +#endif /* WITH_AIXAUTHENTICATE */ + +#ifdef WITH_AIXAUTHENTICATE + + retval = passwdexpired(pw->pw_name,&msg); + + if (msg && *msg) + printf("%s\n",msg); + + if (retval == 1) { + + pid_t pid; + int stat...

...icated == 1) { + #ifdef WITH_AIXAUTHENTICATE + /* We don't have a pty yet, so just label the line as "ssh" */ + if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", + get_canonical_hostname(options.reverse_mapping_check), + "ssh", &aixloginmsg) < 0) + aixloginmsg = NULL; + #endif /* WITH_AIXAUTHENTICATE */ /* turn off userauth */ dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &protocol_error); packet_start(SSH2_MSG_USERAUTH_SUCCESS);

Using openssh-SNAP-20001016 all of our problems with hanging connections have gone away (woohoo!), and it seems to be working flawlessly, but I am seeing messages like this in syslog: Oct 24 16:57:48 dhumb301 sshd[17752]: error: channel 0: internal error: we do not read, but chan_read_failed for istate 8 Oct 24 16:57:59 dhumb301 sshd[17771]: error: select: Bad file descriptor Oct 24 16:58:30

...revision 1.1 diff -u -r1.1 session.c --- session.c 2000/09/12 00:43:22 1.1 +++ session.c 2000/09/12 23:58:44 @@ -674,6 +674,8 @@ #ifdef USE_PAM print_pam_messages(); + /* If password change is needed, do it now. */ + do_pam_chauthtok(); #endif /* USE_PAM */ #ifdef WITH_AIXAUTHENTICATE if (aixloginmsg && *aixloginmsg)

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

.../* NOTREACHED */ } +#ifdef _CRAY + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _CRAY */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -668,6 +686,7 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ +#ifndef _CRAY if (options.print_lastlog && s->last_login_time != 0) { time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) @@ -678,6 +697,7 @@ printf...

http://bugzilla.mindrot.org/show_bug.cgi?id=463 ------- Additional Comments From dtucker at zip.com.au 2003-01-07 23:43 ------- Generate the message earlier in the login process and store for display after session startup? Rather than another variable for this (eg aixloginmsg, maybe __pam_msg), what about using a single Buffer for storing all of the messages to be displayed after login? I've started doing something like this (see http://www.zip.com.au/~dtucker/openssh/openssh-passexpire9.patch) and a (as yet unpublished) update to this makes things neater (eg t...

Compile openssh-3.8p1 with gcc and the following flags --prefix=/tmp/build/sshd --with-ssl-dir=/tmp/build/lib --with-utmpx, no PAM. Everything complies correctly, and I changed sshd_config to use "UseLogin yes" When my client connects (using the newer ssh client too), I do not get the message that my password will expire in xx days, but sshd shows that it is picking up that info (next

.../* NOTREACHED */ } +#ifdef _CRAY + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _CRAY */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -743,6 +760,7 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ +#ifndef _CRAY if (options.print_lastlog && last_login_time != 0) { time_string = ctime(&last_login_time); if (strchr(time_string, '\n')) @@ -752,6 +770,7 @@ else...

..._time(pw->pw_uid, pw->pw_name, hostname, sizeof(hostname)); + #endif /* Record that there was a login on that tty from the remote host. */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, *************** *** 751,756 **** --- 786,792 ---- printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ + #ifndef BOIS_DIRTY_PATCH if (last_login_time != 0) { time_string = ctime(&last_login_time); if (strchr(time_string, '\n')) *************** *** 760,765 **** --- 796,803 ---- else printf("Last login: %s from %s\r\n",...

...); - } - /* Record that there was a login on that tty from the remote host. */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, get_remote_name_or_ip(utmp_len, options.reverse_mapping_check), @@ -741,14 +738,14 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ - if (options.print_lastlog && last_login_time != 0) { - time_string = ctime(&last_login_time); + if (options.print_lastlog && found_last_login_time != 0) { + time_string = ctime(&found_last_login...

...get_last_login_time(pw->pw_uid, pw->pw_name, - hostname, sizeof(hostname)); - } + &hostname); /* Record that there was a login on that tty from the remote host. */ record_login(pid, s->tty, pw->pw_name, pw->pw_uid, @@ -715,14 +714,17 @@ printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ - if (options.print_lastlog && last_login_time != 0) { - time_string = ctime(&last_login_time); - if (strchr(time_string, '\n')) - *strchr(time_string, '\n') = 0; - if (strcmp(hostname, "") == 0) - printf("Last...

OpenBSD tree is heading into a lock and this includes OpenSSH. So we are winding up for a 3.5 release. If we can get people to test the current snapshots and report any problems that would improve the odds that your platform won't be broke for 3.5. Issues I know off of right now. 1. I can't test NeXT. So I TRULY need someone in that community to test for me. Last I heard there was