diff options
| author | Damien Miller <djm@mindrot.org> | 1999-12-07 14:56:27 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-12-07 14:56:27 +1100 |
| commit | eabf3417bc73ca9546a3ed489cd809ffdf303853 (patch) | |
| tree | a3dd5286d2790bdb8e586f9a8e272633251c31e4 | |
| parent | 3bc14dde057f5d1faee1df1d29a6520063102b77 (diff) | |
- Fix PAM account and session being called multiple times. Problem
reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | sshd.c | 43 |
2 files changed, 32 insertions, 13 deletions
| @@ -2,6 +2,8 @@ | |||
| 2 | - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com> | 2 | - sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com> |
| 3 | fixes compatability with 4.x and 5.x | 3 | fixes compatability with 4.x and 5.x |
| 4 | - Fixed default SSH_ASKPASS | 4 | - Fixed default SSH_ASKPASS |
| 5 | - Fix PAM account and session being called multiple times. Problem | ||
| 6 | reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk> | ||
| 5 | 7 | ||
| 6 | 19991204 | 8 | 19991204 |
| 7 | - Small cleanup of PAM code in sshd.c | 9 | - Small cleanup of PAM code in sshd.c |
| @@ -11,7 +11,7 @@ | |||
| 11 | */ | 11 | */ |
| 12 | 12 | ||
| 13 | #include "includes.h" | 13 | #include "includes.h" |
| 14 | RCSID("$Id: sshd.c,v 1.33 1999/12/04 09:24:48 damien Exp $"); | 14 | RCSID("$Id: sshd.c,v 1.34 1999/12/07 03:56:27 damien Exp $"); |
| 15 | 15 | ||
| 16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
| 17 | #include "rsa.h" | 17 | #include "rsa.h" |
| @@ -1551,24 +1551,41 @@ do_authloop(struct passwd * pw) | |||
| 1551 | get_remote_port(), | 1551 | get_remote_port(), |
| 1552 | user); | 1552 | user); |
| 1553 | 1553 | ||
| 1554 | #ifdef HAVE_LIBPAM | 1554 | #ifndef HAVE_LIBPAM |
| 1555 | do_pam_account_and_session(pw->pw_name, client_user); | 1555 | if (authenticated) |
| 1556 | return; | ||
| 1556 | 1557 | ||
| 1557 | /* Clean up */ | 1558 | if (attempt > AUTH_FAIL_MAX) |
| 1558 | if (client_user != NULL) | 1559 | packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); |
| 1559 | xfree(client_user); | 1560 | #else /* HAVE_LIBPAM */ |
| 1561 | if (authenticated) { | ||
| 1562 | do_pam_account_and_session(pw->pw_name, client_user); | ||
| 1560 | 1563 | ||
| 1561 | if (password != NULL) { | 1564 | /* Clean up */ |
| 1562 | memset(password, 0, strlen(password)); | 1565 | if (client_user != NULL) |
| 1563 | xfree(password); | 1566 | xfree(client_user); |
| 1564 | } | ||
| 1565 | #endif /* HAVE_LIBPAM */ | ||
| 1566 | 1567 | ||
| 1567 | if (authenticated) | 1568 | if (password != NULL) { |
| 1569 | memset(password, 0, strlen(password)); | ||
| 1570 | xfree(password); | ||
| 1571 | } | ||
| 1572 | |||
| 1568 | return; | 1573 | return; |
| 1574 | } | ||
| 1569 | 1575 | ||
| 1570 | if (attempt > AUTH_FAIL_MAX) | 1576 | if (attempt > AUTH_FAIL_MAX) { |
| 1577 | /* Clean up */ | ||
| 1578 | if (client_user != NULL) | ||
| 1579 | xfree(client_user); | ||
| 1580 | |||
| 1581 | if (password != NULL) { | ||
| 1582 | memset(password, 0, strlen(password)); | ||
| 1583 | xfree(password); | ||
| 1584 | } | ||
| 1585 | |||
| 1571 | packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); | 1586 | packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); |
| 1587 | } | ||
| 1588 | #endif /* HAVE_LIBPAM */ | ||
| 1572 | 1589 | ||
| 1573 | /* Send a message indicating that the authentication attempt failed. */ | 1590 | /* Send a message indicating that the authentication attempt failed. */ |
| 1574 | packet_start(SSH_SMSG_FAILURE); | 1591 | packet_start(SSH_SMSG_FAILURE); |