- (djm) AIX login{success,failed} changes. Move loginsuccess call to

do_authenticated. Call loginfailed for protocol 2 failures > MAX like
   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
   K.Wolkersdorfer@fz-juelich.de and others

ChangeLog

@@ -1,6 +1,10 @@
 20011113
  - (djm) Fix early (and double) free of remote user when using Kerberos. 
    Patch from Simon Wilkinson <simon@sxw.org.uk>
+ - (djm) AIX login{success,failed} changes. Move loginsuccess call to 
+   do_authenticated. Call loginfailed for protocol 2 failures > MAX like 
+   we do for protocol 1. Reports from Ralf Wenk <wera0003@fh-karlsruhe.de>,
+   K.Wolkersdorfer@fz-juelich.de and others
 
 20011112
  - (djm) Makefile correctness fix from Mark D. Baushke <mdb@juniper.net>
@@ -6891,4 +6895,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1658 2001/11/13 00:20:07 djm Exp $
+$Id: ChangeLog,v 1.1659 2001/11/13 12:46:18 djm Exp $

auth1.c

@@ -29,10 +29,6 @@ RCSID("$OpenBSD: auth1.c,v 1.25 2001/06/26 16:15:23 dugsong Exp $");
 /* import */
 extern ServerOptions options;
 
-#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
-
 /*
  * convert ssh auth msg type into description
  */
@@ -428,14 +424,6 @@ do_authentication()
 	packet_send();
 	packet_write_wait();
 
-#ifdef WITH_AIXAUTHENTICATE
-	/* We don't have a pty yet, so just label the line as "ssh" */
-	if (loginsuccess(authctxt->user,
-	    get_canonical_hostname(options.reverse_mapping_check),
-	    "ssh", &aixloginmsg) < 0)
-		aixloginmsg = NULL;
-#endif /* WITH_AIXAUTHENTICATE */
-
 	/* Perform session preparation. */
 	do_authenticated(authctxt);
 }

auth2.c

@@ -57,10 +57,6 @@ extern ServerOptions options;
 extern u_char *session_id2;
 extern int session_id2_len;
 
-#ifdef WITH_AIXAUTHENTICATE
-extern char *aixloginmsg;
-#endif
-
 static Authctxt	*x_authctxt = NULL;
 static int one = 1;
 
@@ -282,8 +278,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 		/* now we can break out */
 		authctxt->success = 1;
 	} else {
-		if (authctxt->failures++ > AUTH_FAIL_MAX)
+		if (authctxt->failures++ > AUTH_FAIL_MAX) {
+#ifdef WITH_AIXAUTHENTICATE
+			loginfailed(authctxt->user,
+			    get_canonical_hostname(options.reverse_mapping_check),
+			    "ssh");
+#endif /* WITH_AIXAUTHENTICATE */
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+		}
 		methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
 		packet_put_cstring(methods);

session.c

@@ -159,7 +159,6 @@ const char *original_command = NULL;
 Session	sessions[MAX_SESSIONS];
 
 #ifdef WITH_AIXAUTHENTICATE
-/* AIX's lastlogin message, set in auth1.c */
 char *aixloginmsg;
 #endif /* WITH_AIXAUTHENTICATE */
 
@@ -191,6 +190,14 @@ do_authenticated(Authctxt *authctxt)
 	}
 #endif
 #endif
+#ifdef WITH_AIXAUTHENTICATE
+	/* We don't have a pty yet, so just label the line as "ssh" */
+	if (loginsuccess(authctxt->user,
+	    get_canonical_hostname(options.reverse_mapping_check),
+	    "ssh", &aixloginmsg) < 0)
+		aixloginmsg = NULL;
+#endif /* WITH_AIXAUTHENTICATE */
+
 	/* setup the channel layer */
 	if (!no_port_forwarding_flag && options.allow_tcp_forwarding)
 		channel_permit_all_opens();