summaryrefslogtreecommitdiff
path: root/auth-pam.c
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-09-14 23:42:11 +0100
committerColin Watson <cjwatson@debian.org>2013-09-14 23:42:11 +0100
commit327155e6824b3ee13837bdde04e4eb47e147ff46 (patch)
tree8f8743122403c7a2e6ed919156711fb1520c657f /auth-pam.c
parent0334ce32304e9ba2a10ee5ca49ca6e8ff3ba6cf4 (diff)
parent74e339b8f8936bc0d985e053a076d0c9b5e9ea51 (diff)
* New upstream release (http://www.openssh.com/txt/release-6.3).
- sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option (closes: #158590). - ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives (closes: #436052). - sftp(1): update progressmeter when data is acknowledged, not when it's sent (partially addresses #708372). - ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened (closes: #651357).
Diffstat (limited to 'auth-pam.c')
-rw-r--r--auth-pam.c44
1 files changed, 20 insertions, 24 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 675006e6f..d51318b3a 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -412,10 +412,9 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
412 412
413 fail: 413 fail:
414 for(i = 0; i < n; i++) { 414 for(i = 0; i < n; i++) {
415 if (reply[i].resp != NULL) 415 free(reply[i].resp);
416 xfree(reply[i].resp);
417 } 416 }
418 xfree(reply); 417 free(reply);
419 buffer_free(&buffer); 418 buffer_free(&buffer);
420 return (PAM_CONV_ERR); 419 return (PAM_CONV_ERR);
421} 420}
@@ -586,10 +585,9 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
586 585
587 fail: 586 fail:
588 for(i = 0; i < n; i++) { 587 for(i = 0; i < n; i++) {
589 if (reply[i].resp != NULL) 588 free(reply[i].resp);
590 xfree(reply[i].resp);
591 } 589 }
592 xfree(reply); 590 free(reply);
593 return (PAM_CONV_ERR); 591 return (PAM_CONV_ERR);
594} 592}
595 593
@@ -693,7 +691,7 @@ sshpam_init_ctx(Authctxt *authctxt)
693 /* Start the authentication thread */ 691 /* Start the authentication thread */
694 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { 692 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
695 error("PAM: failed create sockets: %s", strerror(errno)); 693 error("PAM: failed create sockets: %s", strerror(errno));
696 xfree(ctxt); 694 free(ctxt);
697 return (NULL); 695 return (NULL);
698 } 696 }
699 ctxt->pam_psock = socks[0]; 697 ctxt->pam_psock = socks[0];
@@ -703,7 +701,7 @@ sshpam_init_ctx(Authctxt *authctxt)
703 strerror(errno)); 701 strerror(errno));
704 close(socks[0]); 702 close(socks[0]);
705 close(socks[1]); 703 close(socks[1]);
706 xfree(ctxt); 704 free(ctxt);
707 return (NULL); 705 return (NULL);
708 } 706 }
709 cleanup_ctxt = ctxt; 707 cleanup_ctxt = ctxt;
@@ -742,7 +740,7 @@ sshpam_query(void *ctx, char **name, char **info,
742 strlcpy(**prompts + plen, msg, len - plen); 740 strlcpy(**prompts + plen, msg, len - plen);
743 plen += mlen; 741 plen += mlen;
744 **echo_on = (type == PAM_PROMPT_ECHO_ON); 742 **echo_on = (type == PAM_PROMPT_ECHO_ON);
745 xfree(msg); 743 free(msg);
746 return (0); 744 return (0);
747 case PAM_ERROR_MSG: 745 case PAM_ERROR_MSG:
748 case PAM_TEXT_INFO: 746 case PAM_TEXT_INFO:
@@ -753,7 +751,7 @@ sshpam_query(void *ctx, char **name, char **info,
753 plen += mlen; 751 plen += mlen;
754 strlcat(**prompts + plen, "\n", len - plen); 752 strlcat(**prompts + plen, "\n", len - plen);
755 plen++; 753 plen++;
756 xfree(msg); 754 free(msg);
757 break; 755 break;
758 case PAM_ACCT_EXPIRED: 756 case PAM_ACCT_EXPIRED:
759 sshpam_account_status = 0; 757 sshpam_account_status = 0;
@@ -766,7 +764,7 @@ sshpam_query(void *ctx, char **name, char **info,
766 *num = 0; 764 *num = 0;
767 **echo_on = 0; 765 **echo_on = 0;
768 ctxt->pam_done = -1; 766 ctxt->pam_done = -1;
769 xfree(msg); 767 free(msg);
770 return 0; 768 return 0;
771 } 769 }
772 /* FALLTHROUGH */ 770 /* FALLTHROUGH */
@@ -776,7 +774,7 @@ sshpam_query(void *ctx, char **name, char **info,
776 debug("PAM: %s", **prompts); 774 debug("PAM: %s", **prompts);
777 buffer_append(&loginmsg, **prompts, 775 buffer_append(&loginmsg, **prompts,
778 strlen(**prompts)); 776 strlen(**prompts));
779 xfree(**prompts); 777 free(**prompts);
780 **prompts = NULL; 778 **prompts = NULL;
781 } 779 }
782 if (type == PAM_SUCCESS) { 780 if (type == PAM_SUCCESS) {
@@ -790,7 +788,7 @@ sshpam_query(void *ctx, char **name, char **info,
790 *num = 0; 788 *num = 0;
791 **echo_on = 0; 789 **echo_on = 0;
792 ctxt->pam_done = 1; 790 ctxt->pam_done = 1;
793 xfree(msg); 791 free(msg);
794 return (0); 792 return (0);
795 } 793 }
796 error("PAM: %s for %s%.100s from %.100s", msg, 794 error("PAM: %s for %s%.100s from %.100s", msg,
@@ -801,7 +799,7 @@ sshpam_query(void *ctx, char **name, char **info,
801 default: 799 default:
802 *num = 0; 800 *num = 0;
803 **echo_on = 0; 801 **echo_on = 0;
804 xfree(msg); 802 free(msg);
805 ctxt->pam_done = -1; 803 ctxt->pam_done = -1;
806 return (-1); 804 return (-1);
807 } 805 }
@@ -852,7 +850,7 @@ sshpam_free_ctx(void *ctxtp)
852 850
853 debug3("PAM: %s entering", __func__); 851 debug3("PAM: %s entering", __func__);
854 sshpam_thread_cleanup(); 852 sshpam_thread_cleanup();
855 xfree(ctxt); 853 free(ctxt);
856 /* 854 /*
857 * We don't call sshpam_cleanup() here because we may need the PAM 855 * We don't call sshpam_cleanup() here because we may need the PAM
858 * handle at a later stage, e.g. when setting up a session. It's 856 * handle at a later stage, e.g. when setting up a session. It's
@@ -1006,10 +1004,9 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
1006 1004
1007 fail: 1005 fail:
1008 for(i = 0; i < n; i++) { 1006 for(i = 0; i < n; i++) {
1009 if (reply[i].resp != NULL) 1007 free(reply[i].resp);
1010 xfree(reply[i].resp);
1011 } 1008 }
1012 xfree(reply); 1009 free(reply);
1013 return (PAM_CONV_ERR); 1010 return (PAM_CONV_ERR);
1014} 1011}
1015 1012
@@ -1081,7 +1078,7 @@ do_pam_putenv(char *name, char *value)
1081 1078
1082 snprintf(compound, len, "%s=%s", name, value); 1079 snprintf(compound, len, "%s=%s", name, value);
1083 ret = pam_putenv(sshpam_handle, compound); 1080 ret = pam_putenv(sshpam_handle, compound);
1084 xfree(compound); 1081 free(compound);
1085#endif 1082#endif
1086 1083
1087 return (ret); 1084 return (ret);
@@ -1108,8 +1105,8 @@ free_pam_environment(char **env)
1108 return; 1105 return;
1109 1106
1110 for (envp = env; *envp; envp++) 1107 for (envp = env; *envp; envp++)
1111 xfree(*envp); 1108 free(*envp);
1112 xfree(env); 1109 free(env);
1113} 1110}
1114 1111
1115/* 1112/*
@@ -1165,10 +1162,9 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
1165 1162
1166 fail: 1163 fail:
1167 for(i = 0; i < n; i++) { 1164 for(i = 0; i < n; i++) {
1168 if (reply[i].resp != NULL) 1165 free(reply[i].resp);
1169 xfree(reply[i].resp);
1170 } 1166 }
1171 xfree(reply); 1167 free(reply);
1172 return (PAM_CONV_ERR); 1168 return (PAM_CONV_ERR);
1173} 1169}
1174 1170