diff options
author | Damien Miller <djm@mindrot.org> | 2017-07-28 14:50:59 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-07-28 15:04:00 +1000 |
commit | 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f (patch) | |
tree | 8d401b50805c125226e2c9aeb073ced1946c76b1 /auth-pam.c | |
parent | c78e6eec78c88acf8d51db90ae05a3e39458603d (diff) |
Expose list of completed auth methods to PAM
bz#2408; ok dtucker@
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/auth-pam.c b/auth-pam.c index 9574d9ac7..de29c04c9 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -926,6 +926,27 @@ finish_pam(void) | |||
926 | sshpam_cleanup(); | 926 | sshpam_cleanup(); |
927 | } | 927 | } |
928 | 928 | ||
929 | static void | ||
930 | expose_authinfo(const char *caller) | ||
931 | { | ||
932 | char *auth_info; | ||
933 | |||
934 | /* | ||
935 | * Expose authentication information to PAM. | ||
936 | * The enviornment variable is versioned. Please increment the | ||
937 | * version suffix if the format of session_info changes. | ||
938 | */ | ||
939 | if (sshpam_authctxt->session_info == NULL) | ||
940 | auth_info = xstrdup(""); | ||
941 | else if ((auth_info = sshbuf_dup_string( | ||
942 | sshpam_authctxt->session_info)) == NULL) | ||
943 | fatal("%s: sshbuf_dup_string failed", __func__); | ||
944 | |||
945 | debug2("%s: auth information in SSH_AUTH_INFO_0", caller); | ||
946 | do_pam_putenv("SSH_AUTH_INFO_0", auth_info); | ||
947 | free(auth_info); | ||
948 | } | ||
949 | |||
929 | u_int | 950 | u_int |
930 | do_pam_account(void) | 951 | do_pam_account(void) |
931 | { | 952 | { |
@@ -933,6 +954,8 @@ do_pam_account(void) | |||
933 | if (sshpam_account_status != -1) | 954 | if (sshpam_account_status != -1) |
934 | return (sshpam_account_status); | 955 | return (sshpam_account_status); |
935 | 956 | ||
957 | expose_authinfo(__func__); | ||
958 | |||
936 | sshpam_err = pam_acct_mgmt(sshpam_handle, 0); | 959 | sshpam_err = pam_acct_mgmt(sshpam_handle, 0); |
937 | debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, | 960 | debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, |
938 | pam_strerror(sshpam_handle, sshpam_err)); | 961 | pam_strerror(sshpam_handle, sshpam_err)); |
@@ -1057,6 +1080,9 @@ void | |||
1057 | do_pam_session(void) | 1080 | do_pam_session(void) |
1058 | { | 1081 | { |
1059 | debug3("PAM: opening session"); | 1082 | debug3("PAM: opening session"); |
1083 | |||
1084 | expose_authinfo(__func__); | ||
1085 | |||
1060 | sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, | 1086 | sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, |
1061 | (const void *)&store_conv); | 1087 | (const void *)&store_conv); |
1062 | if (sshpam_err != PAM_SUCCESS) | 1088 | if (sshpam_err != PAM_SUCCESS) |