diff options
author | Damien Miller <djm@mindrot.org> | 2018-04-06 14:11:44 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-04-06 14:11:44 +1000 |
commit | e8f474554e3bda102a797a2fbab0594ccc66f097 (patch) | |
tree | 54699f57d3724e480b2d8fd999a19137d8ad62d1 /auth-pam.c | |
parent | 014ba209cf4c6a159baa30ecebbaddfa97da7100 (diff) |
Expose SSH_AUTH_INFO_0 to PAM auth modules
bz#2408, patch from Radoslaw Ejsmont; ok dtucker@
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/auth-pam.c b/auth-pam.c index 00ba87775..456259577 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -674,6 +674,27 @@ sshpam_init(Authctxt *authctxt) | |||
674 | return (0); | 674 | return (0); |
675 | } | 675 | } |
676 | 676 | ||
677 | static void | ||
678 | expose_authinfo(const char *caller) | ||
679 | { | ||
680 | char *auth_info; | ||
681 | |||
682 | /* | ||
683 | * Expose authentication information to PAM. | ||
684 | * The environment variable is versioned. Please increment the | ||
685 | * version suffix if the format of session_info changes. | ||
686 | */ | ||
687 | if (sshpam_authctxt->session_info == NULL) | ||
688 | auth_info = xstrdup(""); | ||
689 | else if ((auth_info = sshbuf_dup_string( | ||
690 | sshpam_authctxt->session_info)) == NULL) | ||
691 | fatal("%s: sshbuf_dup_string failed", __func__); | ||
692 | |||
693 | debug2("%s: auth information in SSH_AUTH_INFO_0", caller); | ||
694 | do_pam_putenv("SSH_AUTH_INFO_0", auth_info); | ||
695 | free(auth_info); | ||
696 | } | ||
697 | |||
677 | static void * | 698 | static void * |
678 | sshpam_init_ctx(Authctxt *authctxt) | 699 | sshpam_init_ctx(Authctxt *authctxt) |
679 | { | 700 | { |
@@ -694,6 +715,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
694 | return (NULL); | 715 | return (NULL); |
695 | } | 716 | } |
696 | 717 | ||
718 | expose_authinfo(__func__); | ||
697 | ctxt = xcalloc(1, sizeof *ctxt); | 719 | ctxt = xcalloc(1, sizeof *ctxt); |
698 | 720 | ||
699 | /* Start the authentication thread */ | 721 | /* Start the authentication thread */ |
@@ -935,26 +957,6 @@ finish_pam(void) | |||
935 | sshpam_cleanup(); | 957 | sshpam_cleanup(); |
936 | } | 958 | } |
937 | 959 | ||
938 | static void | ||
939 | expose_authinfo(const char *caller) | ||
940 | { | ||
941 | char *auth_info; | ||
942 | |||
943 | /* | ||
944 | * Expose authentication information to PAM. | ||
945 | * The enviornment variable is versioned. Please increment the | ||
946 | * version suffix if the format of session_info changes. | ||
947 | */ | ||
948 | if (sshpam_authctxt->session_info == NULL) | ||
949 | auth_info = xstrdup(""); | ||
950 | else if ((auth_info = sshbuf_dup_string( | ||
951 | sshpam_authctxt->session_info)) == NULL) | ||
952 | fatal("%s: sshbuf_dup_string failed", __func__); | ||
953 | |||
954 | debug2("%s: auth information in SSH_AUTH_INFO_0", caller); | ||
955 | do_pam_putenv("SSH_AUTH_INFO_0", auth_info); | ||
956 | free(auth_info); | ||
957 | } | ||
958 | 960 | ||
959 | u_int | 961 | u_int |
960 | do_pam_account(void) | 962 | do_pam_account(void) |