diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth-pam.c | 16 |
2 files changed, 11 insertions, 9 deletions
| @@ -1,6 +1,8 @@ | |||
| 1 | 20040330 | 1 | 20040330 |
| 2 | - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on | 2 | - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on |
| 3 | Linuxes, since that's what many use. ok djm@ | 3 | Linuxes, since that's what many use. ok djm@ |
| 4 | - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c | ||
| 5 | to reduce potential confusion with the one in sshd.c. ok djm@ | ||
| 4 | 6 | ||
| 5 | 20040327 | 7 | 20040327 |
| 6 | - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent | 8 | - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent |
| @@ -926,4 +928,4 @@ | |||
| 926 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 928 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 927 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 929 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 928 | 930 | ||
| 929 | $Id: ChangeLog,v 1.3297 2004/03/30 04:03:45 dtucker Exp $ | 931 | $Id: ChangeLog,v 1.3298 2004/03/30 10:57:57 dtucker Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 6f2264c5d..13ada737c 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -31,7 +31,7 @@ | |||
| 31 | 31 | ||
| 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
| 33 | #include "includes.h" | 33 | #include "includes.h" |
| 34 | RCSID("$Id: auth-pam.c,v 1.98 2004/03/08 12:04:06 dtucker Exp $"); | 34 | RCSID("$Id: auth-pam.c,v 1.99 2004/03/30 10:57:57 dtucker Exp $"); |
| 35 | 35 | ||
| 36 | #ifdef USE_PAM | 36 | #ifdef USE_PAM |
| 37 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 37 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
| @@ -160,7 +160,7 @@ static int sshpam_session_open = 0; | |||
| 160 | static int sshpam_cred_established = 0; | 160 | static int sshpam_cred_established = 0; |
| 161 | static int sshpam_account_status = -1; | 161 | static int sshpam_account_status = -1; |
| 162 | static char **sshpam_env = NULL; | 162 | static char **sshpam_env = NULL; |
| 163 | static Authctxt *the_authctxt = NULL; | 163 | static Authctxt *sshpam_authctxt = NULL; |
| 164 | 164 | ||
| 165 | /* Some PAM implementations don't implement this */ | 165 | /* Some PAM implementations don't implement this */ |
| 166 | #ifndef HAVE_PAM_GETENVLIST | 166 | #ifndef HAVE_PAM_GETENVLIST |
| @@ -180,9 +180,9 @@ void | |||
| 180 | pam_password_change_required(int reqd) | 180 | pam_password_change_required(int reqd) |
| 181 | { | 181 | { |
| 182 | debug3("%s %d", __func__, reqd); | 182 | debug3("%s %d", __func__, reqd); |
| 183 | if (the_authctxt == NULL) | 183 | if (sshpam_authctxt == NULL) |
| 184 | fatal("%s: PAM authctxt not initialized", __func__); | 184 | fatal("%s: PAM authctxt not initialized", __func__); |
| 185 | the_authctxt->force_pwchange = reqd; | 185 | sshpam_authctxt->force_pwchange = reqd; |
| 186 | if (reqd) { | 186 | if (reqd) { |
| 187 | no_port_forwarding_flag |= 2; | 187 | no_port_forwarding_flag |= 2; |
| 188 | no_agent_forwarding_flag |= 2; | 188 | no_agent_forwarding_flag |= 2; |
| @@ -341,7 +341,7 @@ sshpam_thread(void *ctxtp) | |||
| 341 | sshpam_conv.conv = sshpam_thread_conv; | 341 | sshpam_conv.conv = sshpam_thread_conv; |
| 342 | sshpam_conv.appdata_ptr = ctxt; | 342 | sshpam_conv.appdata_ptr = ctxt; |
| 343 | 343 | ||
| 344 | if (the_authctxt == NULL) | 344 | if (sshpam_authctxt == NULL) |
| 345 | fatal("%s: PAM authctxt not initialized", __func__); | 345 | fatal("%s: PAM authctxt not initialized", __func__); |
| 346 | 346 | ||
| 347 | buffer_init(&buffer); | 347 | buffer_init(&buffer); |
| @@ -356,7 +356,7 @@ sshpam_thread(void *ctxtp) | |||
| 356 | if (compat20) { | 356 | if (compat20) { |
| 357 | if (!do_pam_account()) | 357 | if (!do_pam_account()) |
| 358 | goto auth_fail; | 358 | goto auth_fail; |
| 359 | if (the_authctxt->force_pwchange) { | 359 | if (sshpam_authctxt->force_pwchange) { |
| 360 | sshpam_err = pam_chauthtok(sshpam_handle, | 360 | sshpam_err = pam_chauthtok(sshpam_handle, |
| 361 | PAM_CHANGE_EXPIRED_AUTHTOK); | 361 | PAM_CHANGE_EXPIRED_AUTHTOK); |
| 362 | if (sshpam_err != PAM_SUCCESS) | 362 | if (sshpam_err != PAM_SUCCESS) |
| @@ -370,7 +370,7 @@ sshpam_thread(void *ctxtp) | |||
| 370 | #ifndef USE_POSIX_THREADS | 370 | #ifndef USE_POSIX_THREADS |
| 371 | /* Export variables set by do_pam_account */ | 371 | /* Export variables set by do_pam_account */ |
| 372 | buffer_put_int(&buffer, sshpam_account_status); | 372 | buffer_put_int(&buffer, sshpam_account_status); |
| 373 | buffer_put_int(&buffer, the_authctxt->force_pwchange); | 373 | buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); |
| 374 | 374 | ||
| 375 | /* Export any environment strings set in child */ | 375 | /* Export any environment strings set in child */ |
| 376 | for(i = 0; environ[i] != NULL; i++) | 376 | for(i = 0; environ[i] != NULL; i++) |
| @@ -469,7 +469,7 @@ sshpam_init(Authctxt *authctxt) | |||
| 469 | debug("PAM: initializing for \"%s\"", user); | 469 | debug("PAM: initializing for \"%s\"", user); |
| 470 | sshpam_err = | 470 | sshpam_err = |
| 471 | pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); | 471 | pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); |
| 472 | the_authctxt = authctxt; | 472 | sshpam_authctxt = authctxt; |
| 473 | 473 | ||
| 474 | if (sshpam_err != PAM_SUCCESS) { | 474 | if (sshpam_err != PAM_SUCCESS) { |
| 475 | pam_end(sshpam_handle, sshpam_err); | 475 | pam_end(sshpam_handle, sshpam_err); |