diff options
| author | Damien Miller <djm@mindrot.org> | 2018-04-06 14:11:44 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-04-06 14:11:44 +1000 |
| commit | e8f474554e3bda102a797a2fbab0594ccc66f097 (patch) | |
| tree | 54699f57d3724e480b2d8fd999a19137d8ad62d1 /auth-pam.c | |
| parent | 014ba209cf4c6a159baa30ecebbaddfa97da7100 (diff) | |
Expose SSH_AUTH_INFO_0 to PAM auth modules
bz#2408, patch from Radoslaw Ejsmont; ok dtucker@
Diffstat (limited to 'auth-pam.c')
| -rw-r--r-- | auth-pam.c | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/auth-pam.c b/auth-pam.c index 00ba87775..456259577 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -674,6 +674,27 @@ sshpam_init(Authctxt *authctxt) | |||
| 674 | return (0); | 674 | return (0); |
| 675 | } | 675 | } |
| 676 | 676 | ||
| 677 | static void | ||
| 678 | expose_authinfo(const char *caller) | ||
| 679 | { | ||
| 680 | char *auth_info; | ||
| 681 | |||
| 682 | /* | ||
| 683 | * Expose authentication information to PAM. | ||
| 684 | * The environment variable is versioned. Please increment the | ||
| 685 | * version suffix if the format of session_info changes. | ||
| 686 | */ | ||
| 687 | if (sshpam_authctxt->session_info == NULL) | ||
| 688 | auth_info = xstrdup(""); | ||
| 689 | else if ((auth_info = sshbuf_dup_string( | ||
| 690 | sshpam_authctxt->session_info)) == NULL) | ||
| 691 | fatal("%s: sshbuf_dup_string failed", __func__); | ||
| 692 | |||
| 693 | debug2("%s: auth information in SSH_AUTH_INFO_0", caller); | ||
| 694 | do_pam_putenv("SSH_AUTH_INFO_0", auth_info); | ||
| 695 | free(auth_info); | ||
| 696 | } | ||
| 697 | |||
| 677 | static void * | 698 | static void * |
| 678 | sshpam_init_ctx(Authctxt *authctxt) | 699 | sshpam_init_ctx(Authctxt *authctxt) |
| 679 | { | 700 | { |
| @@ -694,6 +715,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
| 694 | return (NULL); | 715 | return (NULL); |
| 695 | } | 716 | } |
| 696 | 717 | ||
| 718 | expose_authinfo(__func__); | ||
| 697 | ctxt = xcalloc(1, sizeof *ctxt); | 719 | ctxt = xcalloc(1, sizeof *ctxt); |
| 698 | 720 | ||
| 699 | /* Start the authentication thread */ | 721 | /* Start the authentication thread */ |
| @@ -935,26 +957,6 @@ finish_pam(void) | |||
| 935 | sshpam_cleanup(); | 957 | sshpam_cleanup(); |
| 936 | } | 958 | } |
| 937 | 959 | ||
| 938 | static void | ||
| 939 | expose_authinfo(const char *caller) | ||
| 940 | { | ||
| 941 | char *auth_info; | ||
| 942 | |||
| 943 | /* | ||
| 944 | * Expose authentication information to PAM. | ||
| 945 | * The enviornment variable is versioned. Please increment the | ||
| 946 | * version suffix if the format of session_info changes. | ||
| 947 | */ | ||
| 948 | if (sshpam_authctxt->session_info == NULL) | ||
| 949 | auth_info = xstrdup(""); | ||
| 950 | else if ((auth_info = sshbuf_dup_string( | ||
| 951 | sshpam_authctxt->session_info)) == NULL) | ||
| 952 | fatal("%s: sshbuf_dup_string failed", __func__); | ||
| 953 | |||
| 954 | debug2("%s: auth information in SSH_AUTH_INFO_0", caller); | ||
| 955 | do_pam_putenv("SSH_AUTH_INFO_0", auth_info); | ||
| 956 | free(auth_info); | ||
| 957 | } | ||
| 958 | 960 | ||
| 959 | u_int | 961 | u_int |
| 960 | do_pam_account(void) | 962 | do_pam_account(void) |