diff options
| -rw-r--r-- | ChangeLog | 11 | ||||
| -rw-r--r-- | auth-pam.c | 22 |
2 files changed, 22 insertions, 11 deletions
| @@ -1,6 +1,11 @@ | |||
| 1 | 20050524 | 1 | 20050524 |
| 2 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | 2 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| 3 | [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 | 3 | [contrib/suse/openssh.spec] Update spec file versions to 4.1p1 |
| 4 | - (dtucker) [auth-pam.c] Since people don't seem to be getting the message | ||
| 5 | that USE_POSIX_THREADS is unsupported, not recommended and generally a bad | ||
| 6 | idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use | ||
| 7 | USE_POSIX_THREADS will now generate an error so we don't silently change | ||
| 8 | behaviour. ok djm@ | ||
| 4 | 9 | ||
| 5 | 20050524 | 10 | 20050524 |
| 6 | - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure | 11 | - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure |
| @@ -48,10 +53,6 @@ | |||
| 48 | - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if | 53 | - (dtucker) [session.c] Bug #1024: Don't check pam_session_is_open if |
| 49 | UseLogin is set as PAM is not used to establish credentials in that | 54 | UseLogin is set as PAM is not used to establish credentials in that |
| 50 | case. Found by Michael Selvesteen, ok djm@ | 55 | case. Found by Michael Selvesteen, ok djm@ |
| 51 | - (dtucker) [auth-pam.c] Since people don't seem to be getting the message, | ||
| 52 | USE_POSIX_THREADS is now known as UNSUPPORTED_POSIX_THREADS_HACK. | ||
| 53 | USE_POSIX_THREADS will now generate an error so we don't silently change | ||
| 54 | behaviour. ok djm@ | ||
| 55 | 56 | ||
| 56 | 20050419 | 57 | 20050419 |
| 57 | - (dtucker) [INSTALL] Reference README.privsep for the privilege separation | 58 | - (dtucker) [INSTALL] Reference README.privsep for the privilege separation |
| @@ -2491,4 +2492,4 @@ | |||
| 2491 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2492 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 2492 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2493 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 2493 | 2494 | ||
| 2494 | $Id: ChangeLog,v 1.3757 2005/05/25 04:43:47 djm Exp $ | 2495 | $Id: ChangeLog,v 1.3758 2005/05/25 06:18:09 dtucker Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 6ce8c429b..a8d372aac 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -47,7 +47,7 @@ | |||
| 47 | 47 | ||
| 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
| 49 | #include "includes.h" | 49 | #include "includes.h" |
| 50 | RCSID("$Id: auth-pam.c,v 1.121 2005/01/20 02:29:51 dtucker Exp $"); | 50 | RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $"); |
| 51 | 51 | ||
| 52 | #ifdef USE_PAM | 52 | #ifdef USE_PAM |
| 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
| @@ -76,7 +76,17 @@ extern Buffer loginmsg; | |||
| 76 | extern int compat20; | 76 | extern int compat20; |
| 77 | extern u_int utmp_len; | 77 | extern u_int utmp_len; |
| 78 | 78 | ||
| 79 | /* so we don't silently change behaviour */ | ||
| 79 | #ifdef USE_POSIX_THREADS | 80 | #ifdef USE_POSIX_THREADS |
| 81 | # error "USE_POSIX_THREADS replaced by UNSUPPORTED_POSIX_THREADS_HACK" | ||
| 82 | #endif | ||
| 83 | |||
| 84 | /* | ||
| 85 | * Formerly known as USE_POSIX_THREADS, using this is completely unsupported | ||
| 86 | * and generally a bad idea. Use at own risk and do not expect support if | ||
| 87 | * this breaks. | ||
| 88 | */ | ||
| 89 | #ifdef UNSUPPORTED_POSIX_THREADS_HACK | ||
| 80 | #include <pthread.h> | 90 | #include <pthread.h> |
| 81 | /* | 91 | /* |
| 82 | * Avoid namespace clash when *not* using pthreads for systems *with* | 92 | * Avoid namespace clash when *not* using pthreads for systems *with* |
| @@ -98,7 +108,7 @@ struct pam_ctxt { | |||
| 98 | static void sshpam_free_ctx(void *); | 108 | static void sshpam_free_ctx(void *); |
| 99 | static struct pam_ctxt *cleanup_ctxt; | 109 | static struct pam_ctxt *cleanup_ctxt; |
| 100 | 110 | ||
| 101 | #ifndef USE_POSIX_THREADS | 111 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
| 102 | /* | 112 | /* |
| 103 | * Simulate threads with processes. | 113 | * Simulate threads with processes. |
| 104 | */ | 114 | */ |
| @@ -255,7 +265,7 @@ import_environments(Buffer *b) | |||
| 255 | 265 | ||
| 256 | debug3("PAM: %s entering", __func__); | 266 | debug3("PAM: %s entering", __func__); |
| 257 | 267 | ||
| 258 | #ifndef USE_POSIX_THREADS | 268 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
| 259 | /* Import variables set by do_pam_account */ | 269 | /* Import variables set by do_pam_account */ |
| 260 | sshpam_account_status = buffer_get_int(b); | 270 | sshpam_account_status = buffer_get_int(b); |
| 261 | sshpam_password_change_required(buffer_get_int(b)); | 271 | sshpam_password_change_required(buffer_get_int(b)); |
| @@ -384,7 +394,7 @@ sshpam_thread(void *ctxtp) | |||
| 384 | struct pam_conv sshpam_conv; | 394 | struct pam_conv sshpam_conv; |
| 385 | int flags = (options.permit_empty_passwd == 0 ? | 395 | int flags = (options.permit_empty_passwd == 0 ? |
| 386 | PAM_DISALLOW_NULL_AUTHTOK : 0); | 396 | PAM_DISALLOW_NULL_AUTHTOK : 0); |
| 387 | #ifndef USE_POSIX_THREADS | 397 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
| 388 | extern char **environ; | 398 | extern char **environ; |
| 389 | char **env_from_pam; | 399 | char **env_from_pam; |
| 390 | u_int i; | 400 | u_int i; |
| @@ -428,7 +438,7 @@ sshpam_thread(void *ctxtp) | |||
| 428 | 438 | ||
| 429 | buffer_put_cstring(&buffer, "OK"); | 439 | buffer_put_cstring(&buffer, "OK"); |
| 430 | 440 | ||
| 431 | #ifndef USE_POSIX_THREADS | 441 | #ifndef UNSUPPORTED_POSIX_THREADS_HACK |
| 432 | /* Export variables set by do_pam_account */ | 442 | /* Export variables set by do_pam_account */ |
| 433 | buffer_put_int(&buffer, sshpam_account_status); | 443 | buffer_put_int(&buffer, sshpam_account_status); |
| 434 | buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); | 444 | buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); |
| @@ -447,7 +457,7 @@ sshpam_thread(void *ctxtp) | |||
| 447 | buffer_put_int(&buffer, i); | 457 | buffer_put_int(&buffer, i); |
| 448 | for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) | 458 | for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) |
| 449 | buffer_put_cstring(&buffer, env_from_pam[i]); | 459 | buffer_put_cstring(&buffer, env_from_pam[i]); |
| 450 | #endif /* USE_POSIX_THREADS */ | 460 | #endif /* UNSUPPORTED_POSIX_THREADS_HACK */ |
| 451 | 461 | ||
| 452 | /* XXX - can't do much about an error here */ | 462 | /* XXX - can't do much about an error here */ |
| 453 | ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); | 463 | ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); |