summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--auth-pam.c57
2 files changed, 36 insertions, 25 deletions
diff --git a/ChangeLog b/ChangeLog
index 6260a4c63..a58d4a6b4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
120001007
2 - (stevesk) Print PAM return value in PAM log messages to aid
3 with debugging.
4
120001002 520001002
2 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com> 6 - (djm) Fix USER_PATH, report from Kevin Steves <stevesk@sweden.hp.com>
3 - (djm) Add host system and CC to end-of-configure report. Suggested by 7 - (djm) Add host system and CC to end-of-configure report. Suggested by
diff --git a/auth-pam.c b/auth-pam.c
index 5914cab17..57a558d87 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -29,7 +29,7 @@
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "servconf.h" 30#include "servconf.h"
31 31
32RCSID("$Id: auth-pam.c,v 1.13 2000/09/16 05:09:27 djm Exp $"); 32RCSID("$Id: auth-pam.c,v 1.14 2000/10/07 11:16:55 stevesk Exp $");
33 33
34#define NEW_AUTHTOK_MSG \ 34#define NEW_AUTHTOK_MSG \
35 "Warning: Your password has expired, please change it now" 35 "Warning: Your password has expired, please change it now"
@@ -132,20 +132,20 @@ void pam_cleanup_proc(void *context)
132 { 132 {
133 pam_retval = pam_close_session(pamh, 0); 133 pam_retval = pam_close_session(pamh, 0);
134 if (pam_retval != PAM_SUCCESS) { 134 if (pam_retval != PAM_SUCCESS) {
135 log("Cannot close PAM session: %.200s", 135 log("Cannot close PAM session[%d]: %.200s",
136 PAM_STRERROR(pamh, pam_retval)); 136 pam_retval, PAM_STRERROR(pamh, pam_retval));
137 } 137 }
138 138
139 pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); 139 pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
140 if (pam_retval != PAM_SUCCESS) { 140 if (pam_retval != PAM_SUCCESS) {
141 debug("Cannot delete credentials: %.200s", 141 debug("Cannot delete credentials[%d]: %.200s",
142 PAM_STRERROR(pamh, pam_retval)); 142 pam_retval, PAM_STRERROR(pamh, pam_retval));
143 } 143 }
144 144
145 pam_retval = pam_end(pamh, pam_retval); 145 pam_retval = pam_end(pamh, pam_retval);
146 if (pam_retval != PAM_SUCCESS) { 146 if (pam_retval != PAM_SUCCESS) {
147 log("Cannot release PAM authentication: %.200s", 147 log("Cannot release PAM authentication[%d]: %.200s",
148 PAM_STRERROR(pamh, pam_retval)); 148 pam_retval, PAM_STRERROR(pamh, pam_retval));
149 } 149 }
150 } 150 }
151} 151}
@@ -173,8 +173,8 @@ int auth_pam_password(struct passwd *pw, const char *password)
173 pw->pw_name); 173 pw->pw_name);
174 return 1; 174 return 1;
175 } else { 175 } else {
176 debug("PAM Password authentication for \"%.100s\" failed: %s", 176 debug("PAM Password authentication for \"%.100s\" failed[%d]: %s",
177 pw->pw_name, PAM_STRERROR(pamh, pam_retval)); 177 pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval));
178 return 0; 178 return 0;
179 } 179 }
180} 180}
@@ -188,16 +188,16 @@ int do_pam_account(char *username, char *remote_user)
188 pam_retval = pam_set_item(pamh, PAM_RHOST, 188 pam_retval = pam_set_item(pamh, PAM_RHOST,
189 get_canonical_hostname()); 189 get_canonical_hostname());
190 if (pam_retval != PAM_SUCCESS) { 190 if (pam_retval != PAM_SUCCESS) {
191 fatal("PAM set rhost failed: %.200s", 191 fatal("PAM set rhost failed[%d]: %.200s",
192 PAM_STRERROR(pamh, pam_retval)); 192 pam_retval, PAM_STRERROR(pamh, pam_retval));
193 } 193 }
194 194
195 if (remote_user != NULL) { 195 if (remote_user != NULL) {
196 debug("PAM setting ruser to \"%.200s\"", remote_user); 196 debug("PAM setting ruser to \"%.200s\"", remote_user);
197 pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user); 197 pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user);
198 if (pam_retval != PAM_SUCCESS) { 198 if (pam_retval != PAM_SUCCESS) {
199 fatal("PAM set ruser failed: %.200s", 199 fatal("PAM set ruser failed[%d]: %.200s",
200 PAM_STRERROR(pamh, pam_retval)); 200 pam_retval, PAM_STRERROR(pamh, pam_retval));
201 } 201 }
202 } 202 }
203 203
@@ -212,8 +212,8 @@ int do_pam_account(char *username, char *remote_user)
212 password_change_required = 1; 212 password_change_required = 1;
213 break; 213 break;
214 default: 214 default:
215 log("PAM rejected by account configuration: %.200s", 215 log("PAM rejected by account configuration[%d]: %.200s",
216 PAM_STRERROR(pamh, pam_retval)); 216 pam_retval, PAM_STRERROR(pamh, pam_retval));
217 return(0); 217 return(0);
218 } 218 }
219 219
@@ -229,15 +229,15 @@ void do_pam_session(char *username, const char *ttyname)
229 debug("PAM setting tty to \"%.200s\"", ttyname); 229 debug("PAM setting tty to \"%.200s\"", ttyname);
230 pam_retval = pam_set_item(pamh, PAM_TTY, ttyname); 230 pam_retval = pam_set_item(pamh, PAM_TTY, ttyname);
231 if (pam_retval != PAM_SUCCESS) { 231 if (pam_retval != PAM_SUCCESS) {
232 fatal("PAM set tty failed: %.200s", 232 fatal("PAM set tty failed[%d]: %.200s",
233 PAM_STRERROR(pamh, pam_retval)); 233 pam_retval, PAM_STRERROR(pamh, pam_retval));
234 } 234 }
235 } 235 }
236 236
237 pam_retval = pam_open_session(pamh, 0); 237 pam_retval = pam_open_session(pamh, 0);
238 if (pam_retval != PAM_SUCCESS) { 238 if (pam_retval != PAM_SUCCESS) {
239 fatal("PAM session setup failed: %.200s", 239 fatal("PAM session setup failed[%d]: %.200s",
240 PAM_STRERROR(pamh, pam_retval)); 240 pam_retval, PAM_STRERROR(pamh, pam_retval));
241 } 241 }
242} 242}
243 243
@@ -249,8 +249,8 @@ void do_pam_setcred()
249 debug("PAM establishing creds"); 249 debug("PAM establishing creds");
250 pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); 250 pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
251 if (pam_retval != PAM_SUCCESS) { 251 if (pam_retval != PAM_SUCCESS) {
252 fatal("PAM setcred failed: %.200s", 252 fatal("PAM setcred failed[%d]: %.200s",
253 PAM_STRERROR(pamh, pam_retval)); 253 pam_setcred, PAM_STRERROR(pamh, pam_retval));
254 } 254 }
255} 255}
256 256
@@ -266,8 +266,15 @@ void do_pam_chauthtok()
266 266
267 if (password_change_required) { 267 if (password_change_required) {
268 pamstate = OTHER; 268 pamstate = OTHER;
269 /*
270 * XXX: should we really loop forever?
271 */
269 do { 272 do {
270 pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); 273 pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
274 if (pam_retval != PAM_SUCCESS) {
275 log("PAM pam_chauthtok failed[%d]: %.200s",
276 pam_retval, PAM_STRERROR(pamh, pam_retval));
277 }
271 } while (pam_retval != PAM_SUCCESS); 278 } while (pam_retval != PAM_SUCCESS);
272 } 279 }
273} 280}
@@ -289,8 +296,8 @@ void start_pam(struct passwd *pw)
289 pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh); 296 pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh);
290 297
291 if (pam_retval != PAM_SUCCESS) { 298 if (pam_retval != PAM_SUCCESS) {
292 fatal("PAM initialisation failed: %.200s", 299 fatal("PAM initialisation failed[%d]: %.200s",
293 PAM_STRERROR(pamh, pam_retval)); 300 pam_retval, PAM_STRERROR(pamh, pam_retval));
294 } 301 }
295 302
296#ifdef PAM_TTY_KLUDGE 303#ifdef PAM_TTY_KLUDGE
@@ -303,8 +310,8 @@ void start_pam(struct passwd *pw)
303 */ 310 */
304 pam_retval = pam_set_item(pamh, PAM_TTY, "ssh"); 311 pam_retval = pam_set_item(pamh, PAM_TTY, "ssh");
305 if (pam_retval != PAM_SUCCESS) { 312 if (pam_retval != PAM_SUCCESS) {
306 fatal("PAM set tty failed: %.200s", 313 fatal("PAM set tty failed[%d]: %.200s",
307 PAM_STRERROR(pamh, pam_retval)); 314 pam_retval, PAM_STRERROR(pamh, pam_retval));
308 } 315 }
309#endif /* PAM_TTY_KLUDGE */ 316#endif /* PAM_TTY_KLUDGE */
310 317