summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2001-01-19 15:46:38 +1100
committerDamien Miller <djm@mindrot.org>2001-01-19 15:46:38 +1100
commit22e22bf9bab94862c860ad4ed652f308dda63f81 (patch)
treeb4d1a83f4ea81c3b1c82a3a5a28de21bbd5d4c2c
parentf569241db2e79b0bd7d1be6e288f2bd25e9c7ab4 (diff)
- (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
to fix NULL pointer deref and fake authloop breakage in PAM code.
-rw-r--r--ChangeLog2
-rw-r--r--auth-pam.c8
-rw-r--r--auth-pam.h2
-rw-r--r--auth1.c2
-rw-r--r--auth2-pam.c8
-rw-r--r--auth2.c5
6 files changed, 15 insertions, 12 deletions
diff --git a/ChangeLog b/ChangeLog
index 8b5df6fde..261ca19ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,8 @@
17 - markus@cvs.openbsd.org 2001/01/18 17:12:43 17 - markus@cvs.openbsd.org 2001/01/18 17:12:43
18 [auth-chall.c auth2-chall.c] 18 [auth-chall.c auth2-chall.c]
19 rename *-skey.c *-chall.c since the files are not skey specific 19 rename *-skey.c *-chall.c since the files are not skey specific
20 - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
21 to fix NULL pointer deref and fake authloop breakage in PAM code.
20 22
2120010118 2320010118
22 - (bal) Super Sized OpenBSD Resync 24 - (bal) Super Sized OpenBSD Resync
diff --git a/auth-pam.c b/auth-pam.c
index 07847cb9d..befb84c08 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -29,7 +29,7 @@
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "servconf.h" 30#include "servconf.h"
31 31
32RCSID("$Id: auth-pam.c,v 1.20 2000/12/20 02:34:49 djm Exp $"); 32RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
33 33
34#define NEW_AUTHTOK_MSG \ 34#define NEW_AUTHTOK_MSG \
35 "Warning: Your password has expired, please change it now" 35 "Warning: Your password has expired, please change it now"
@@ -323,13 +323,13 @@ void finish_pam(void)
323} 323}
324 324
325/* Start PAM authentication for specified account */ 325/* Start PAM authentication for specified account */
326void start_pam(struct passwd *pw) 326void start_pam(const char *user)
327{ 327{
328 int pam_retval; 328 int pam_retval;
329 329
330 debug("Starting up PAM with username \"%.200s\"", pw->pw_name); 330 debug("Starting up PAM with username \"%.200s\"", user);
331 331
332 pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh); 332 pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
333 333
334 if (pam_retval != PAM_SUCCESS) { 334 if (pam_retval != PAM_SUCCESS) {
335 fatal("PAM initialisation failed[%d]: %.200s", 335 fatal("PAM initialisation failed[%d]: %.200s",
diff --git a/auth-pam.h b/auth-pam.h
index ca261afeb..68d446592 100644
--- a/auth-pam.h
+++ b/auth-pam.h
@@ -3,7 +3,7 @@
3 3
4#include <pwd.h> /* For struct passwd */ 4#include <pwd.h> /* For struct passwd */
5 5
6void start_pam(struct passwd *pw); 6void start_pam(const char *user);
7void finish_pam(void); 7void finish_pam(void);
8int auth_pam_password(struct passwd *pw, const char *password); 8int auth_pam_password(struct passwd *pw, const char *password);
9char **fetch_pam_environment(void); 9char **fetch_pam_environment(void);
diff --git a/auth1.c b/auth1.c
index 0f21c4c7c..ee165a442 100644
--- a/auth1.c
+++ b/auth1.c
@@ -414,7 +414,7 @@ do_authentication()
414 414
415#ifdef USE_PAM 415#ifdef USE_PAM
416 if (pw) 416 if (pw)
417 start_pam(pw); 417 start_pam(user);
418#endif 418#endif
419 419
420 /* 420 /*
diff --git a/auth2-pam.c b/auth2-pam.c
index 498cc7461..d1d840972 100644
--- a/auth2-pam.c
+++ b/auth2-pam.c
@@ -1,5 +1,5 @@
1#include "includes.h" 1#include "includes.h"
2RCSID("$Id: auth2-pam.c,v 1.3 2001/01/19 04:26:52 mouring Exp $"); 2RCSID("$Id: auth2-pam.c,v 1.4 2001/01/19 04:46:38 djm Exp $");
3 3
4#ifdef USE_PAM 4#ifdef USE_PAM
5#include "ssh.h" 5#include "ssh.h"
@@ -36,10 +36,8 @@ auth2_pam(Authctxt *authctxt)
36 if (authctxt->user == NULL) 36 if (authctxt->user == NULL)
37 fatal("auth2_pam: internal error: no user"); 37 fatal("auth2_pam: internal error: no user");
38 38
39 if (authctxt->valid) { 39 conv2.appdata_ptr = authctxt;
40 conv2.appdata_ptr = authctxt; 40 pam_set_conv(&conv2);
41 pam_set_conv(&conv2);
42 }
43 41
44 dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, 42 dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
45 &input_userauth_info_response_pam); 43 &input_userauth_info_response_pam);
diff --git a/auth2.c b/auth2.c
index 348c2f3a4..bab1c2ed8 100644
--- a/auth2.c
+++ b/auth2.c
@@ -210,10 +210,13 @@ input_userauth_request(int type, int plen, void *ctxt)
210 authctxt->valid = 1; 210 authctxt->valid = 1;
211 debug2("input_userauth_request: setting up authctxt for %s", user); 211 debug2("input_userauth_request: setting up authctxt for %s", user);
212#ifdef USE_PAM 212#ifdef USE_PAM
213 start_pam(pw); 213 start_pam(pw->pw_name);
214#endif 214#endif
215 } else { 215 } else {
216 log("input_userauth_request: illegal user %s", user); 216 log("input_userauth_request: illegal user %s", user);
217#ifdef USE_PAM
218 start_pam("NOUSER");
219#endif
217 } 220 }
218 authctxt->user = xstrdup(user); 221 authctxt->user = xstrdup(user);
219 authctxt->service = xstrdup(service); 222 authctxt->service = xstrdup(service);