diff options
author | Colin Watson <cjwatson@debian.org> | 2004-03-05 16:26:32 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2004-03-05 16:26:32 +0000 |
commit | 9414b9d65cdc953c2436ba0a607b149e4b4cde1a (patch) | |
tree | b17f98ded50ec565754e1a1dd6a16d7ee5739afe /auth-pam.c | |
parent | f8e0d0cb8e77672526baf211bda0b4baae557d33 (diff) |
Really pick up upstream fix for OpenSSH bug #808, a segfault. The previous
auth-pam.c change was in fact a different bug.
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/auth-pam.c b/auth-pam.c index 15a691b11..d3186372e 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -160,7 +160,7 @@ static int sshpam_session_open = 0; | |||
160 | static int sshpam_cred_established = 0; | 160 | static int sshpam_cred_established = 0; |
161 | static int sshpam_account_status = -1; | 161 | static int sshpam_account_status = -1; |
162 | static char **sshpam_env = NULL; | 162 | static char **sshpam_env = NULL; |
163 | static int *force_pwchange; | 163 | static Authctxt *the_authctxt = NULL; |
164 | 164 | ||
165 | /* Some PAM implementations don't implement this */ | 165 | /* Some PAM implementations don't implement this */ |
166 | #ifndef HAVE_PAM_GETENVLIST | 166 | #ifndef HAVE_PAM_GETENVLIST |
@@ -180,7 +180,9 @@ void | |||
180 | pam_password_change_required(int reqd) | 180 | pam_password_change_required(int reqd) |
181 | { | 181 | { |
182 | debug3("%s %d", __func__, reqd); | 182 | debug3("%s %d", __func__, reqd); |
183 | *force_pwchange = reqd; | 183 | if (the_authctxt == NULL) |
184 | fatal("%s: PAM authctxt not initialized", __func__); | ||
185 | the_authctxt->force_pwchange = reqd; | ||
184 | if (reqd) { | 186 | if (reqd) { |
185 | no_port_forwarding_flag |= 2; | 187 | no_port_forwarding_flag |= 2; |
186 | no_agent_forwarding_flag |= 2; | 188 | no_agent_forwarding_flag |= 2; |
@@ -337,6 +339,9 @@ sshpam_thread(void *ctxtp) | |||
337 | sshpam_conv.conv = sshpam_thread_conv; | 339 | sshpam_conv.conv = sshpam_thread_conv; |
338 | sshpam_conv.appdata_ptr = ctxt; | 340 | sshpam_conv.appdata_ptr = ctxt; |
339 | 341 | ||
342 | if (the_authctxt == NULL) | ||
343 | fatal("%s: PAM authctxt not initialized", __func__); | ||
344 | |||
340 | buffer_init(&buffer); | 345 | buffer_init(&buffer); |
341 | sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, | 346 | sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, |
342 | (const void *)&sshpam_conv); | 347 | (const void *)&sshpam_conv); |
@@ -349,7 +354,7 @@ sshpam_thread(void *ctxtp) | |||
349 | if (compat20) { | 354 | if (compat20) { |
350 | if (!do_pam_account()) | 355 | if (!do_pam_account()) |
351 | goto auth_fail; | 356 | goto auth_fail; |
352 | if (*force_pwchange) { | 357 | if (the_authctxt->force_pwchange) { |
353 | sshpam_err = pam_chauthtok(sshpam_handle, | 358 | sshpam_err = pam_chauthtok(sshpam_handle, |
354 | PAM_CHANGE_EXPIRED_AUTHTOK); | 359 | PAM_CHANGE_EXPIRED_AUTHTOK); |
355 | if (sshpam_err != PAM_SUCCESS) | 360 | if (sshpam_err != PAM_SUCCESS) |
@@ -363,7 +368,7 @@ sshpam_thread(void *ctxtp) | |||
363 | #ifndef USE_POSIX_THREADS | 368 | #ifndef USE_POSIX_THREADS |
364 | /* Export variables set by do_pam_account */ | 369 | /* Export variables set by do_pam_account */ |
365 | buffer_put_int(&buffer, sshpam_account_status); | 370 | buffer_put_int(&buffer, sshpam_account_status); |
366 | buffer_put_int(&buffer, *force_pwchange); | 371 | buffer_put_int(&buffer, the_authctxt->force_pwchange); |
367 | 372 | ||
368 | /* Export any environment strings set in child */ | 373 | /* Export any environment strings set in child */ |
369 | for(i = 0; environ[i] != NULL; i++) | 374 | for(i = 0; environ[i] != NULL; i++) |
@@ -444,11 +449,11 @@ sshpam_cleanup(void) | |||
444 | } | 449 | } |
445 | 450 | ||
446 | static int | 451 | static int |
447 | sshpam_init(const char *user) | 452 | sshpam_init(Authctxt *authctxt) |
448 | { | 453 | { |
449 | extern u_int utmp_len; | 454 | extern u_int utmp_len; |
450 | extern char *__progname; | 455 | extern char *__progname; |
451 | const char *pam_rhost, *pam_user; | 456 | const char *pam_rhost, *pam_user, *user = authctxt->user; |
452 | 457 | ||
453 | if (sshpam_handle != NULL) { | 458 | if (sshpam_handle != NULL) { |
454 | /* We already have a PAM context; check if the user matches */ | 459 | /* We already have a PAM context; check if the user matches */ |
@@ -462,6 +467,8 @@ sshpam_init(const char *user) | |||
462 | debug("PAM: initializing for \"%s\"", user); | 467 | debug("PAM: initializing for \"%s\"", user); |
463 | sshpam_err = | 468 | sshpam_err = |
464 | pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); | 469 | pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); |
470 | the_authctxt = authctxt; | ||
471 | |||
465 | if (sshpam_err != PAM_SUCCESS) { | 472 | if (sshpam_err != PAM_SUCCESS) { |
466 | pam_end(sshpam_handle, sshpam_err); | 473 | pam_end(sshpam_handle, sshpam_err); |
467 | sshpam_handle = NULL; | 474 | sshpam_handle = NULL; |
@@ -504,7 +511,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
504 | return NULL; | 511 | return NULL; |
505 | 512 | ||
506 | /* Initialize PAM */ | 513 | /* Initialize PAM */ |
507 | if (sshpam_init(authctxt->user) == -1) { | 514 | if (sshpam_init(authctxt) == -1) { |
508 | error("PAM: initialization failed"); | 515 | error("PAM: initialization failed"); |
509 | return (NULL); | 516 | return (NULL); |
510 | } | 517 | } |
@@ -512,8 +519,6 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
512 | ctxt = xmalloc(sizeof *ctxt); | 519 | ctxt = xmalloc(sizeof *ctxt); |
513 | memset(ctxt, 0, sizeof(*ctxt)); | 520 | memset(ctxt, 0, sizeof(*ctxt)); |
514 | 521 | ||
515 | force_pwchange = &(authctxt->force_pwchange); | ||
516 | |||
517 | /* Start the authentication thread */ | 522 | /* Start the authentication thread */ |
518 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { | 523 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { |
519 | error("PAM: failed create sockets: %s", strerror(errno)); | 524 | error("PAM: failed create sockets: %s", strerror(errno)); |
@@ -672,12 +677,12 @@ KbdintDevice mm_sshpam_device = { | |||
672 | * This replaces auth-pam.c | 677 | * This replaces auth-pam.c |
673 | */ | 678 | */ |
674 | void | 679 | void |
675 | start_pam(const char *user) | 680 | start_pam(Authctxt *authctxt) |
676 | { | 681 | { |
677 | if (!options.use_pam) | 682 | if (!options.use_pam) |
678 | fatal("PAM: initialisation requested when UsePAM=no"); | 683 | fatal("PAM: initialisation requested when UsePAM=no"); |
679 | 684 | ||
680 | if (sshpam_init(user) == -1) | 685 | if (sshpam_init(authctxt) == -1) |
681 | fatal("PAM: initialisation failed"); | 686 | fatal("PAM: initialisation failed"); |
682 | } | 687 | } |
683 | 688 | ||