Created attachment 1787 [details] A patch fixing this issue We are using a bunch of diffrent LAMs to authenticate users, and while qualifying openSSH5.3p1 on aix 5.3 and 6.1 we discovered a small bug. In auth.c inside the function getpwnamallow(const char *user) getpwnam(user) is called w/o setting the authdb first. This results in the wrong authdb being used to retrieve the user's passwd structure: it uses the default LAM. (ie: the first one it finds in /usr/lib/security/methods.cfg) setauthdb() is called during the authentication phase (which is very good), but it is also necessary to make the call before using getpwnam/getpwuid/etc. This is easly fixed by wrapping aix_setauthdb()/aix_restoredb [from port-aix.c] around the getpwnam(user) call [in auth.c] I attached a patch, that I tested on aix 5.3 and aix 6.1, fixing this issue.
Created attachment 1788 [details] Level 3 debug logs showing the problem
Thanks, I'll look at this.
is it still planned to be included in 5.4? I saw that some bugs that were previously blocks for 5.4 were moved to 5.5 We would really appreciate that this fix could be included in 5.4
Patch applied, thanks. It will be in 5.4p1. I think that after the release we should put a getpwnam() wrapper in port-aix.c that does this to keep the diffs out of the mainline code.
Thanks, yes it would be much cleaner that way. I could work on it.
With the release of 5.4p1, this bug is now considered closed.