diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | sshd.c | 25 |
2 files changed, 26 insertions, 1 deletions
@@ -6,6 +6,8 @@ | |||
6 | <drankin@bohemians.lexington.ky.us> | 6 | <drankin@bohemians.lexington.ky.us> |
7 | - Print whether OpenSSH was compiled with RSARef, patch from | 7 | - Print whether OpenSSH was compiled with RSARef, patch from |
8 | Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu> | 8 | Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu> |
9 | - Calls to pam_setcred, patch from Nalin Dahyabhai | ||
10 | <nalin@thermo.stat.ncsu.edu> | ||
9 | 11 | ||
10 | 19991228 | 12 | 19991228 |
11 | - Replacement for getpagesize() for systems which lack it | 13 | - Replacement for getpagesize() for systems which lack it |
@@ -11,7 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$Id: sshd.c,v 1.47 1999/12/28 23:17:09 damien Exp $"); | 14 | RCSID("$Id: sshd.c,v 1.48 1999/12/28 23:25:41 damien Exp $"); |
15 | 15 | ||
16 | #ifdef HAVE_POLL_H | 16 | #ifdef HAVE_POLL_H |
17 | # include <poll.h> | 17 | # include <poll.h> |
@@ -149,6 +149,7 @@ static int pamconv(int num_msg, const struct pam_message **msg, | |||
149 | int do_pam_auth(const char *user, const char *password); | 149 | int do_pam_auth(const char *user, const char *password); |
150 | void do_pam_account(char *username, char *remote_user); | 150 | void do_pam_account(char *username, char *remote_user); |
151 | void do_pam_session(char *username, char *ttyname); | 151 | void do_pam_session(char *username, char *ttyname); |
152 | void do_pam_setcred(); | ||
152 | void pam_cleanup_proc(void *context); | 153 | void pam_cleanup_proc(void *context); |
153 | 154 | ||
154 | static struct pam_conv conv = { | 155 | static struct pam_conv conv = { |
@@ -230,6 +231,12 @@ void pam_cleanup_proc(void *context) | |||
230 | PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | 231 | PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); |
231 | } | 232 | } |
232 | 233 | ||
234 | pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); | ||
235 | if (pam_retval != PAM_SUCCESS) { | ||
236 | log("Cannot delete credentials: %.200s", | ||
237 | PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | ||
238 | } | ||
239 | |||
233 | pam_retval = pam_end((pam_handle_t *)pamh, pam_retval); | 240 | pam_retval = pam_end((pam_handle_t *)pamh, pam_retval); |
234 | if (pam_retval != PAM_SUCCESS) { | 241 | if (pam_retval != PAM_SUCCESS) { |
235 | log("Cannot release PAM authentication: %.200s", | 242 | log("Cannot release PAM authentication: %.200s", |
@@ -301,6 +308,16 @@ void do_pam_session(char *username, char *ttyname) | |||
301 | if (pam_retval != PAM_SUCCESS) | 308 | if (pam_retval != PAM_SUCCESS) |
302 | fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | 309 | fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); |
303 | } | 310 | } |
311 | |||
312 | void do_pam_setcred() | ||
313 | { | ||
314 | int pam_retval; | ||
315 | |||
316 | debug("PAM establishing creds"); | ||
317 | pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED); | ||
318 | if (pam_retval != PAM_SUCCESS) | ||
319 | fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | ||
320 | } | ||
304 | #endif /* USE_PAM */ | 321 | #endif /* USE_PAM */ |
305 | 322 | ||
306 | /* | 323 | /* |
@@ -1906,6 +1923,9 @@ do_authenticated(struct passwd * pw) | |||
1906 | packet_set_interactive(have_pty || display != NULL, | 1923 | packet_set_interactive(have_pty || display != NULL, |
1907 | options.keepalives); | 1924 | options.keepalives); |
1908 | 1925 | ||
1926 | #ifdef USE_PAM | ||
1927 | do_pam_setcred(); | ||
1928 | #endif | ||
1909 | if (forced_command != NULL) | 1929 | if (forced_command != NULL) |
1910 | goto do_forced_command; | 1930 | goto do_forced_command; |
1911 | debug("Forking shell."); | 1931 | debug("Forking shell."); |
@@ -1921,6 +1941,9 @@ do_authenticated(struct passwd * pw) | |||
1921 | packet_set_interactive(have_pty || display != NULL, | 1941 | packet_set_interactive(have_pty || display != NULL, |
1922 | options.keepalives); | 1942 | options.keepalives); |
1923 | 1943 | ||
1944 | #ifdef USE_PAM | ||
1945 | do_pam_setcred(); | ||
1946 | #endif | ||
1924 | if (forced_command != NULL) | 1947 | if (forced_command != NULL) |
1925 | goto do_forced_command; | 1948 | goto do_forced_command; |
1926 | /* Get command from the packet. */ | 1949 | /* Get command from the packet. */ |