diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | auth-pam.c | 40 | ||||
-rw-r--r-- | auth-pam.h | 4 | ||||
-rw-r--r-- | session.c | 7 |
4 files changed, 33 insertions, 22 deletions
@@ -1,5 +1,7 @@ | |||
1 | 20031007 | 1 | 20031007 |
2 | - (djm) Delete autom4te.cache after autoreconf | 2 | - (djm) Delete autom4te.cache after autoreconf |
3 | - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static | ||
4 | cleanup functions. With & ok djm@ | ||
3 | 5 | ||
4 | 20031003 | 6 | 20031003 |
5 | - OpenBSD CVS Sync | 7 | - OpenBSD CVS Sync |
@@ -1282,4 +1284,4 @@ | |||
1282 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1284 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
1283 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1285 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
1284 | 1286 | ||
1285 | $Id: ChangeLog,v 1.3057 2003/10/07 00:18:22 djm Exp $ | 1287 | $Id: ChangeLog,v 1.3058 2003/10/07 01:30:15 dtucker Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 75e2d16cb..f5f030fff 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -31,7 +31,7 @@ | |||
31 | 31 | ||
32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
33 | #include "includes.h" | 33 | #include "includes.h" |
34 | RCSID("$Id: auth-pam.c,v 1.74 2003/09/23 12:12:38 djm Exp $"); | 34 | RCSID("$Id: auth-pam.c,v 1.75 2003/10/07 01:30:16 dtucker Exp $"); |
35 | 35 | ||
36 | #ifdef USE_PAM | 36 | #ifdef USE_PAM |
37 | #include <security/pam_appl.h> | 37 | #include <security/pam_appl.h> |
@@ -126,6 +126,7 @@ struct pam_ctxt { | |||
126 | }; | 126 | }; |
127 | 127 | ||
128 | static void sshpam_free_ctx(void *); | 128 | static void sshpam_free_ctx(void *); |
129 | static struct pam_ctxt *cleanup_ctxt; | ||
129 | 130 | ||
130 | /* | 131 | /* |
131 | * Conversation function for authentication thread. | 132 | * Conversation function for authentication thread. |
@@ -245,15 +246,19 @@ sshpam_thread(void *ctxtp) | |||
245 | return (NULL); /* Avoid warning for non-pthread case */ | 246 | return (NULL); /* Avoid warning for non-pthread case */ |
246 | } | 247 | } |
247 | 248 | ||
248 | static void | 249 | void |
249 | sshpam_thread_cleanup(void *ctxtp) | 250 | sshpam_thread_cleanup(void) |
250 | { | 251 | { |
251 | struct pam_ctxt *ctxt = ctxtp; | 252 | struct pam_ctxt *ctxt = cleanup_ctxt; |
252 | 253 | ||
253 | pthread_cancel(ctxt->pam_thread); | 254 | if (ctxt != NULL && ctxt->pam_thread != 0) { |
254 | pthread_join(ctxt->pam_thread, NULL); | 255 | pthread_cancel(ctxt->pam_thread); |
255 | close(ctxt->pam_psock); | 256 | pthread_join(ctxt->pam_thread, NULL); |
256 | close(ctxt->pam_csock); | 257 | close(ctxt->pam_psock); |
258 | close(ctxt->pam_csock); | ||
259 | memset(ctxt, 0, sizeof(*ctxt)); | ||
260 | cleanup_ctxt = NULL; | ||
261 | } | ||
257 | } | 262 | } |
258 | 263 | ||
259 | static int | 264 | static int |
@@ -265,10 +270,9 @@ sshpam_null_conv(int n, const struct pam_message **msg, | |||
265 | 270 | ||
266 | static struct pam_conv null_conv = { sshpam_null_conv, NULL }; | 271 | static struct pam_conv null_conv = { sshpam_null_conv, NULL }; |
267 | 272 | ||
268 | static void | 273 | void |
269 | sshpam_cleanup(void *arg) | 274 | sshpam_cleanup(void) |
270 | { | 275 | { |
271 | (void)arg; | ||
272 | debug("PAM: cleanup"); | 276 | debug("PAM: cleanup"); |
273 | if (sshpam_handle == NULL) | 277 | if (sshpam_handle == NULL) |
274 | return; | 278 | return; |
@@ -299,7 +303,6 @@ sshpam_init(const char *user) | |||
299 | PAM_USER, (const void **)&pam_user); | 303 | PAM_USER, (const void **)&pam_user); |
300 | if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) | 304 | if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) |
301 | return (0); | 305 | return (0); |
302 | fatal_remove_cleanup(sshpam_cleanup, NULL); | ||
303 | pam_end(sshpam_handle, sshpam_err); | 306 | pam_end(sshpam_handle, sshpam_err); |
304 | sshpam_handle = NULL; | 307 | sshpam_handle = NULL; |
305 | } | 308 | } |
@@ -333,7 +336,6 @@ sshpam_init(const char *user) | |||
333 | return (-1); | 336 | return (-1); |
334 | } | 337 | } |
335 | #endif | 338 | #endif |
336 | fatal_add_cleanup(sshpam_cleanup, NULL); | ||
337 | return (0); | 339 | return (0); |
338 | } | 340 | } |
339 | 341 | ||
@@ -354,7 +356,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
354 | } | 356 | } |
355 | 357 | ||
356 | ctxt = xmalloc(sizeof *ctxt); | 358 | ctxt = xmalloc(sizeof *ctxt); |
357 | ctxt->pam_done = 0; | 359 | memset(ctxt, 0, sizeof(*ctxt)); |
358 | 360 | ||
359 | /* Start the authentication thread */ | 361 | /* Start the authentication thread */ |
360 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { | 362 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { |
@@ -372,7 +374,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
372 | xfree(ctxt); | 374 | xfree(ctxt); |
373 | return (NULL); | 375 | return (NULL); |
374 | } | 376 | } |
375 | fatal_add_cleanup(sshpam_thread_cleanup, ctxt); | 377 | cleanup_ctxt = ctxt; |
376 | return (ctxt); | 378 | return (ctxt); |
377 | } | 379 | } |
378 | 380 | ||
@@ -481,8 +483,7 @@ sshpam_free_ctx(void *ctxtp) | |||
481 | { | 483 | { |
482 | struct pam_ctxt *ctxt = ctxtp; | 484 | struct pam_ctxt *ctxt = ctxtp; |
483 | 485 | ||
484 | fatal_remove_cleanup(sshpam_thread_cleanup, ctxt); | 486 | sshpam_thread_cleanup(); |
485 | sshpam_thread_cleanup(ctxtp); | ||
486 | xfree(ctxt); | 487 | xfree(ctxt); |
487 | /* | 488 | /* |
488 | * We don't call sshpam_cleanup() here because we may need the PAM | 489 | * We don't call sshpam_cleanup() here because we may need the PAM |
@@ -524,8 +525,7 @@ start_pam(const char *user) | |||
524 | void | 525 | void |
525 | finish_pam(void) | 526 | finish_pam(void) |
526 | { | 527 | { |
527 | fatal_remove_cleanup(sshpam_cleanup, NULL); | 528 | sshpam_cleanup(); |
528 | sshpam_cleanup(NULL); | ||
529 | } | 529 | } |
530 | 530 | ||
531 | u_int | 531 | u_int |
diff --git a/auth-pam.h b/auth-pam.h index 5c952f305..58176f013 100644 --- a/auth-pam.h +++ b/auth-pam.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: auth-pam.h,v 1.21 2003/09/02 13:18:53 djm Exp $ */ | 1 | /* $Id: auth-pam.h,v 1.22 2003/10/07 01:30:16 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2000 Damien Miller. All rights reserved. |
@@ -43,5 +43,7 @@ int do_pam_putenv(char *, char *); | |||
43 | void print_pam_messages(void); | 43 | void print_pam_messages(void); |
44 | char ** fetch_pam_environment(void); | 44 | char ** fetch_pam_environment(void); |
45 | void free_pam_environment(char **); | 45 | void free_pam_environment(char **); |
46 | void sshpam_thread_cleanup(void); | ||
47 | void sshpam_cleanup(void); | ||
46 | 48 | ||
47 | #endif /* USE_PAM */ | 49 | #endif /* USE_PAM */ |
@@ -2165,6 +2165,13 @@ do_cleanup(Authctxt *authctxt) | |||
2165 | ssh_gssapi_cleanup_creds(); | 2165 | ssh_gssapi_cleanup_creds(); |
2166 | #endif | 2166 | #endif |
2167 | 2167 | ||
2168 | #ifdef USE_PAM | ||
2169 | if (options.use_pam) { | ||
2170 | sshpam_cleanup(); | ||
2171 | sshpam_thread_cleanup(); | ||
2172 | } | ||
2173 | #endif | ||
2174 | |||
2168 | /* remove agent socket */ | 2175 | /* remove agent socket */ |
2169 | auth_sock_cleanup_proc(authctxt->pw); | 2176 | auth_sock_cleanup_proc(authctxt->pw); |
2170 | 2177 | ||