diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth-pam.c | 40 | ||||
| -rw-r--r-- | auth-pam.h | 4 | ||||
| -rw-r--r-- | session.c | 7 |
4 files changed, 33 insertions, 22 deletions
| @@ -1,5 +1,7 @@ | |||
| 1 | 20031007 | 1 | 20031007 |
| 2 | - (djm) Delete autom4te.cache after autoreconf | 2 | - (djm) Delete autom4te.cache after autoreconf |
| 3 | - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static | ||
| 4 | cleanup functions. With & ok djm@ | ||
| 3 | 5 | ||
| 4 | 20031003 | 6 | 20031003 |
| 5 | - OpenBSD CVS Sync | 7 | - OpenBSD CVS Sync |
| @@ -1282,4 +1284,4 @@ | |||
| 1282 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 1284 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
| 1283 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 1285 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
| 1284 | 1286 | ||
| 1285 | $Id: ChangeLog,v 1.3057 2003/10/07 00:18:22 djm Exp $ | 1287 | $Id: ChangeLog,v 1.3058 2003/10/07 01:30:15 dtucker Exp $ |
diff --git a/auth-pam.c b/auth-pam.c index 75e2d16cb..f5f030fff 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -31,7 +31,7 @@ | |||
| 31 | 31 | ||
| 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
| 33 | #include "includes.h" | 33 | #include "includes.h" |
| 34 | RCSID("$Id: auth-pam.c,v 1.74 2003/09/23 12:12:38 djm Exp $"); | 34 | RCSID("$Id: auth-pam.c,v 1.75 2003/10/07 01:30:16 dtucker Exp $"); |
| 35 | 35 | ||
| 36 | #ifdef USE_PAM | 36 | #ifdef USE_PAM |
| 37 | #include <security/pam_appl.h> | 37 | #include <security/pam_appl.h> |
| @@ -126,6 +126,7 @@ struct pam_ctxt { | |||
| 126 | }; | 126 | }; |
| 127 | 127 | ||
| 128 | static void sshpam_free_ctx(void *); | 128 | static void sshpam_free_ctx(void *); |
| 129 | static struct pam_ctxt *cleanup_ctxt; | ||
| 129 | 130 | ||
| 130 | /* | 131 | /* |
| 131 | * Conversation function for authentication thread. | 132 | * Conversation function for authentication thread. |
| @@ -245,15 +246,19 @@ sshpam_thread(void *ctxtp) | |||
| 245 | return (NULL); /* Avoid warning for non-pthread case */ | 246 | return (NULL); /* Avoid warning for non-pthread case */ |
| 246 | } | 247 | } |
| 247 | 248 | ||
| 248 | static void | 249 | void |
| 249 | sshpam_thread_cleanup(void *ctxtp) | 250 | sshpam_thread_cleanup(void) |
| 250 | { | 251 | { |
| 251 | struct pam_ctxt *ctxt = ctxtp; | 252 | struct pam_ctxt *ctxt = cleanup_ctxt; |
| 252 | 253 | ||
| 253 | pthread_cancel(ctxt->pam_thread); | 254 | if (ctxt != NULL && ctxt->pam_thread != 0) { |
| 254 | pthread_join(ctxt->pam_thread, NULL); | 255 | pthread_cancel(ctxt->pam_thread); |
| 255 | close(ctxt->pam_psock); | 256 | pthread_join(ctxt->pam_thread, NULL); |
| 256 | close(ctxt->pam_csock); | 257 | close(ctxt->pam_psock); |
| 258 | close(ctxt->pam_csock); | ||
| 259 | memset(ctxt, 0, sizeof(*ctxt)); | ||
| 260 | cleanup_ctxt = NULL; | ||
| 261 | } | ||
| 257 | } | 262 | } |
| 258 | 263 | ||
| 259 | static int | 264 | static int |
| @@ -265,10 +270,9 @@ sshpam_null_conv(int n, const struct pam_message **msg, | |||
| 265 | 270 | ||
| 266 | static struct pam_conv null_conv = { sshpam_null_conv, NULL }; | 271 | static struct pam_conv null_conv = { sshpam_null_conv, NULL }; |
| 267 | 272 | ||
| 268 | static void | 273 | void |
| 269 | sshpam_cleanup(void *arg) | 274 | sshpam_cleanup(void) |
| 270 | { | 275 | { |
| 271 | (void)arg; | ||
| 272 | debug("PAM: cleanup"); | 276 | debug("PAM: cleanup"); |
| 273 | if (sshpam_handle == NULL) | 277 | if (sshpam_handle == NULL) |
| 274 | return; | 278 | return; |
| @@ -299,7 +303,6 @@ sshpam_init(const char *user) | |||
| 299 | PAM_USER, (const void **)&pam_user); | 303 | PAM_USER, (const void **)&pam_user); |
| 300 | if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) | 304 | if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) |
| 301 | return (0); | 305 | return (0); |
| 302 | fatal_remove_cleanup(sshpam_cleanup, NULL); | ||
| 303 | pam_end(sshpam_handle, sshpam_err); | 306 | pam_end(sshpam_handle, sshpam_err); |
| 304 | sshpam_handle = NULL; | 307 | sshpam_handle = NULL; |
| 305 | } | 308 | } |
| @@ -333,7 +336,6 @@ sshpam_init(const char *user) | |||
| 333 | return (-1); | 336 | return (-1); |
| 334 | } | 337 | } |
| 335 | #endif | 338 | #endif |
| 336 | fatal_add_cleanup(sshpam_cleanup, NULL); | ||
| 337 | return (0); | 339 | return (0); |
| 338 | } | 340 | } |
| 339 | 341 | ||
| @@ -354,7 +356,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
| 354 | } | 356 | } |
| 355 | 357 | ||
| 356 | ctxt = xmalloc(sizeof *ctxt); | 358 | ctxt = xmalloc(sizeof *ctxt); |
| 357 | ctxt->pam_done = 0; | 359 | memset(ctxt, 0, sizeof(*ctxt)); |
| 358 | 360 | ||
| 359 | /* Start the authentication thread */ | 361 | /* Start the authentication thread */ |
| 360 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { | 362 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { |
| @@ -372,7 +374,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
| 372 | xfree(ctxt); | 374 | xfree(ctxt); |
| 373 | return (NULL); | 375 | return (NULL); |
| 374 | } | 376 | } |
| 375 | fatal_add_cleanup(sshpam_thread_cleanup, ctxt); | 377 | cleanup_ctxt = ctxt; |
| 376 | return (ctxt); | 378 | return (ctxt); |
| 377 | } | 379 | } |
| 378 | 380 | ||
| @@ -481,8 +483,7 @@ sshpam_free_ctx(void *ctxtp) | |||
| 481 | { | 483 | { |
| 482 | struct pam_ctxt *ctxt = ctxtp; | 484 | struct pam_ctxt *ctxt = ctxtp; |
| 483 | 485 | ||
| 484 | fatal_remove_cleanup(sshpam_thread_cleanup, ctxt); | 486 | sshpam_thread_cleanup(); |
| 485 | sshpam_thread_cleanup(ctxtp); | ||
| 486 | xfree(ctxt); | 487 | xfree(ctxt); |
| 487 | /* | 488 | /* |
| 488 | * We don't call sshpam_cleanup() here because we may need the PAM | 489 | * We don't call sshpam_cleanup() here because we may need the PAM |
| @@ -524,8 +525,7 @@ start_pam(const char *user) | |||
| 524 | void | 525 | void |
| 525 | finish_pam(void) | 526 | finish_pam(void) |
| 526 | { | 527 | { |
| 527 | fatal_remove_cleanup(sshpam_cleanup, NULL); | 528 | sshpam_cleanup(); |
| 528 | sshpam_cleanup(NULL); | ||
| 529 | } | 529 | } |
| 530 | 530 | ||
| 531 | u_int | 531 | u_int |
diff --git a/auth-pam.h b/auth-pam.h index 5c952f305..58176f013 100644 --- a/auth-pam.h +++ b/auth-pam.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $Id: auth-pam.h,v 1.21 2003/09/02 13:18:53 djm Exp $ */ | 1 | /* $Id: auth-pam.h,v 1.22 2003/10/07 01:30:16 dtucker Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2000 Damien Miller. All rights reserved. |
| @@ -43,5 +43,7 @@ int do_pam_putenv(char *, char *); | |||
| 43 | void print_pam_messages(void); | 43 | void print_pam_messages(void); |
| 44 | char ** fetch_pam_environment(void); | 44 | char ** fetch_pam_environment(void); |
| 45 | void free_pam_environment(char **); | 45 | void free_pam_environment(char **); |
| 46 | void sshpam_thread_cleanup(void); | ||
| 47 | void sshpam_cleanup(void); | ||
| 46 | 48 | ||
| 47 | #endif /* USE_PAM */ | 49 | #endif /* USE_PAM */ |
| @@ -2165,6 +2165,13 @@ do_cleanup(Authctxt *authctxt) | |||
| 2165 | ssh_gssapi_cleanup_creds(); | 2165 | ssh_gssapi_cleanup_creds(); |
| 2166 | #endif | 2166 | #endif |
| 2167 | 2167 | ||
| 2168 | #ifdef USE_PAM | ||
| 2169 | if (options.use_pam) { | ||
| 2170 | sshpam_cleanup(); | ||
| 2171 | sshpam_thread_cleanup(); | ||
| 2172 | } | ||
| 2173 | #endif | ||
| 2174 | |||
| 2168 | /* remove agent socket */ | 2175 | /* remove agent socket */ |
| 2169 | auth_sock_cleanup_proc(authctxt->pw); | 2176 | auth_sock_cleanup_proc(authctxt->pw); |
| 2170 | 2177 | ||