diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | auth-pam.c | 24 |
2 files changed, 26 insertions, 4 deletions
@@ -1,4 +1,8 @@ | |||
1 | 20030517 | 1 | 20030517 |
2 | - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in | ||
3 | recent merge | ||
4 | |||
5 | 20030517 | ||
2 | - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD) | 6 | - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD) |
3 | 7 | ||
4 | 20030516 | 8 | 20030516 |
@@ -1552,4 +1556,4 @@ | |||
1552 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 1556 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
1553 | ok provos@ | 1557 | ok provos@ |
1554 | 1558 | ||
1555 | $Id: ChangeLog,v 1.2731 2003/05/18 01:22:43 mouring Exp $ | 1559 | $Id: ChangeLog,v 1.2732 2003/05/18 10:45:47 djm Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index dc4116175..0dcdb651d 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -29,8 +29,9 @@ | |||
29 | * SUCH DAMAGE. | 29 | * SUCH DAMAGE. |
30 | */ | 30 | */ |
31 | 31 | ||
32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | ||
32 | #include "includes.h" | 33 | #include "includes.h" |
33 | RCSID("$FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $"); | 34 | RCSID("$Id: auth-pam.c,v 1.62 2003/05/18 10:45:48 djm Exp $"); |
34 | 35 | ||
35 | #ifdef USE_PAM | 36 | #ifdef USE_PAM |
36 | #include <security/pam_appl.h> | 37 | #include <security/pam_appl.h> |
@@ -293,17 +294,34 @@ sshpam_init(const char *user) | |||
293 | } | 294 | } |
294 | debug("PAM: initializing for \"%s\"", user); | 295 | debug("PAM: initializing for \"%s\"", user); |
295 | sshpam_err = pam_start("sshd", user, &null_conv, &sshpam_handle); | 296 | sshpam_err = pam_start("sshd", user, &null_conv, &sshpam_handle); |
296 | if (sshpam_err != PAM_SUCCESS) | 297 | if (sshpam_err != PAM_SUCCESS) { |
298 | pam_end(sshpam_handle, sshpam_err); | ||
299 | sshpam_handle = NULL; | ||
297 | return (-1); | 300 | return (-1); |
301 | } | ||
302 | debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost); | ||
298 | pam_rhost = get_remote_name_or_ip(utmp_len, | 303 | pam_rhost = get_remote_name_or_ip(utmp_len, |
299 | options.verify_reverse_mapping); | 304 | options.verify_reverse_mapping); |
300 | debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost); | ||
301 | sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost); | 305 | sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost); |
302 | if (sshpam_err != PAM_SUCCESS) { | 306 | if (sshpam_err != PAM_SUCCESS) { |
307 | pam_end(sshpam_handle, sshpam_err); | ||
308 | sshpam_handle = NULL; | ||
309 | return (-1); | ||
310 | } | ||
311 | #ifdef PAM_TTY_KLUDGE | ||
312 | /* | ||
313 | * Some silly PAM modules (e.g. pam_time) require a TTY to operate. | ||
314 | * sshd doesn't set the tty until too late in the auth process and | ||
315 | * may not even set one (for tty-less connections) | ||
316 | */ | ||
317 | debug("PAM: setting PAM_TTY to \"ssh\""); | ||
318 | sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh"); | ||
319 | if (sshpam_err != PAM_SUCCESS) { | ||
303 | pam_end(sshpam_handle, sshpam_err); | 320 | pam_end(sshpam_handle, sshpam_err); |
304 | sshpam_handle = NULL; | 321 | sshpam_handle = NULL; |
305 | return (-1); | 322 | return (-1); |
306 | } | 323 | } |
324 | #endif | ||
307 | fatal_add_cleanup(sshpam_cleanup, NULL); | 325 | fatal_add_cleanup(sshpam_cleanup, NULL); |
308 | return (0); | 326 | return (0); |
309 | } | 327 | } |