diff options
-rw-r--r-- | CREDITS | 1 | ||||
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | acconfig.h | 4 | ||||
-rw-r--r-- | auth-pam.c | 12 | ||||
-rw-r--r-- | auth2-pam.c | 18 | ||||
-rw-r--r-- | configure.in | 10 | ||||
-rw-r--r-- | defines.h | 6 |
7 files changed, 41 insertions, 15 deletions
@@ -8,6 +8,7 @@ Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes | |||
8 | Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes | 8 | Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes |
9 | Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support | 9 | Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support |
10 | Andrew McGill <andrewm@datrix.co.za> - SCO fixes | 10 | Andrew McGill <andrewm@datrix.co.za> - SCO fixes |
11 | Andrew Morgan <morgan@transmeta.com> - PAM bugfixes | ||
11 | Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes | 12 | Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes |
12 | Andy Sloane <andy@guildsoftware.com> - bugfixes | 13 | Andy Sloane <andy@guildsoftware.com> - bugfixes |
13 | Aran Cox <acox@cv.telegroup.com> - SCO bugfixes | 14 | Aran Cox <acox@cv.telegroup.com> - SCO bugfixes |
@@ -1,3 +1,8 @@ | |||
1 | 20001220 | ||
2 | - (djm) Workaround PAM inconsistencies between Solaris derived PAM code | ||
3 | and Linux-PAM. Based on report and fix from Andrew Morgan | ||
4 | <morgan@transmeta.com> | ||
5 | |||
1 | 20001218 | 6 | 20001218 |
2 | - (stevesk) rsa.c: entropy.h not needed. | 7 | - (stevesk) rsa.c: entropy.h not needed. |
3 | - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile. | 8 | - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile. |
diff --git a/acconfig.h b/acconfig.h index bfbacba42..21832fe2d 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -218,6 +218,10 @@ | |||
218 | /* to pam_strerror */ | 218 | /* to pam_strerror */ |
219 | #undef HAVE_OLD_PAM | 219 | #undef HAVE_OLD_PAM |
220 | 220 | ||
221 | /* Define if you are using Solaris-derived PAM which passes pam_messages */ | ||
222 | /* to the conversation function with an extra level of indirection */ | ||
223 | #undef PAM_SUN_CODEBASE | ||
224 | |||
221 | /* Set this to your mail directory if you don't have maillock.h */ | 225 | /* Set this to your mail directory if you don't have maillock.h */ |
222 | #undef MAIL_DIRECTORY | 226 | #undef MAIL_DIRECTORY |
223 | 227 | ||
diff --git a/auth-pam.c b/auth-pam.c index 1e077602e..07847cb9d 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -29,7 +29,7 @@ | |||
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
30 | #include "servconf.h" | 30 | #include "servconf.h" |
31 | 31 | ||
32 | RCSID("$Id: auth-pam.c,v 1.19 2000/12/03 00:51:51 djm Exp $"); | 32 | RCSID("$Id: auth-pam.c,v 1.20 2000/12/20 02:34:49 djm Exp $"); |
33 | 33 | ||
34 | #define NEW_AUTHTOK_MSG \ | 34 | #define NEW_AUTHTOK_MSG \ |
35 | "Warning: Your password has expired, please change it now" | 35 | "Warning: Your password has expired, please change it now" |
@@ -97,13 +97,13 @@ static int pamconv(int num_msg, const struct pam_message **msg, | |||
97 | return PAM_CONV_ERR; | 97 | return PAM_CONV_ERR; |
98 | 98 | ||
99 | for (count = 0; count < num_msg; count++) { | 99 | for (count = 0; count < num_msg; count++) { |
100 | switch ((*msg)[count].msg_style) { | 100 | switch(PAM_MSG_MEMBER(msg, count, msg_style)) { |
101 | case PAM_PROMPT_ECHO_ON: | 101 | case PAM_PROMPT_ECHO_ON: |
102 | if (pamstate == INITIAL_LOGIN) { | 102 | if (pamstate == INITIAL_LOGIN) { |
103 | free(reply); | 103 | free(reply); |
104 | return PAM_CONV_ERR; | 104 | return PAM_CONV_ERR; |
105 | } else { | 105 | } else { |
106 | fputs((*msg)[count].msg, stderr); | 106 | fputs(PAM_MSG_MEMBER(msg, count, msg), stderr); |
107 | fgets(buf, sizeof(buf), stdin); | 107 | fgets(buf, sizeof(buf), stdin); |
108 | reply[count].resp = xstrdup(buf); | 108 | reply[count].resp = xstrdup(buf); |
109 | reply[count].resp_retcode = PAM_SUCCESS; | 109 | reply[count].resp_retcode = PAM_SUCCESS; |
@@ -118,7 +118,7 @@ static int pamconv(int num_msg, const struct pam_message **msg, | |||
118 | reply[count].resp = xstrdup(pampasswd); | 118 | reply[count].resp = xstrdup(pampasswd); |
119 | } else { | 119 | } else { |
120 | reply[count].resp = | 120 | reply[count].resp = |
121 | xstrdup(read_passphrase((*msg)[count].msg, 1)); | 121 | xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1)); |
122 | } | 122 | } |
123 | reply[count].resp_retcode = PAM_SUCCESS; | 123 | reply[count].resp_retcode = PAM_SUCCESS; |
124 | break; | 124 | break; |
@@ -126,9 +126,9 @@ static int pamconv(int num_msg, const struct pam_message **msg, | |||
126 | case PAM_TEXT_INFO: | 126 | case PAM_TEXT_INFO: |
127 | if ((*msg)[count].msg != NULL) { | 127 | if ((*msg)[count].msg != NULL) { |
128 | if (pamstate == INITIAL_LOGIN) | 128 | if (pamstate == INITIAL_LOGIN) |
129 | pam_msg_cat((*msg)[count].msg); | 129 | pam_msg_cat(PAM_MSG_MEMBER(msg, count, msg)); |
130 | else { | 130 | else { |
131 | fputs((*msg)[count].msg, stderr); | 131 | fputs(PAM_MSG_MEMBER(msg, count, msg), stderr); |
132 | fputs("\n", stderr); | 132 | fputs("\n", stderr); |
133 | } | 133 | } |
134 | } | 134 | } |
diff --git a/auth2-pam.c b/auth2-pam.c index 8ffbc244c..30e02101e 100644 --- a/auth2-pam.c +++ b/auth2-pam.c | |||
@@ -1,5 +1,5 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$Id: auth2-pam.c,v 1.1 2000/12/03 00:51:51 djm Exp $"); | 2 | RCSID("$Id: auth2-pam.c,v 1.2 2000/12/20 02:34:49 djm Exp $"); |
3 | 3 | ||
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
5 | #include "ssh.h" | 5 | #include "ssh.h" |
@@ -70,8 +70,8 @@ do_conversation2(int num_msg, const struct pam_message **msg, | |||
70 | packet_put_cstring(""); /* Instructions */ | 70 | packet_put_cstring(""); /* Instructions */ |
71 | packet_put_cstring(""); /* Language */ | 71 | packet_put_cstring(""); /* Language */ |
72 | for (i = 0, j = 0; i < num_msg; i++) { | 72 | for (i = 0, j = 0; i < num_msg; i++) { |
73 | if(((*msg)[i].msg_style == PAM_PROMPT_ECHO_ON) || | 73 | if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) || |
74 | ((*msg)[i].msg_style == PAM_PROMPT_ECHO_OFF) || | 74 | (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) || |
75 | (i == num_msg - 1)) { | 75 | (i == num_msg - 1)) { |
76 | j++; | 76 | j++; |
77 | } | 77 | } |
@@ -79,7 +79,7 @@ do_conversation2(int num_msg, const struct pam_message **msg, | |||
79 | packet_put_int(j); /* Number of prompts. */ | 79 | packet_put_int(j); /* Number of prompts. */ |
80 | context_pam2.num_expected = j; | 80 | context_pam2.num_expected = j; |
81 | for (i = 0, j = 0; i < num_msg; i++) { | 81 | for (i = 0, j = 0; i < num_msg; i++) { |
82 | switch((*msg)[i].msg_style) { | 82 | switch(PAM_MSG_MEMBER(msg, i, msg_style)) { |
83 | case PAM_PROMPT_ECHO_ON: | 83 | case PAM_PROMPT_ECHO_ON: |
84 | echo = 1; | 84 | echo = 1; |
85 | break; | 85 | break; |
@@ -91,18 +91,18 @@ do_conversation2(int num_msg, const struct pam_message **msg, | |||
91 | break; | 91 | break; |
92 | } | 92 | } |
93 | if(text) { | 93 | if(text) { |
94 | tmp = xmalloc(strlen(text) + strlen((*msg)[i].msg) + 2); | 94 | tmp = xmalloc(strlen(text) + strlen(PAM_MSG_MEMBER(msg, i, msg)) + 2); |
95 | strcpy(tmp, text); | 95 | strcpy(tmp, text); |
96 | strcat(tmp, "\n"); | 96 | strcat(tmp, "\n"); |
97 | strcat(tmp, (*msg)[i].msg); | 97 | strcat(tmp, PAM_MSG_MEMBER(msg, i, msg)); |
98 | xfree(text); | 98 | xfree(text); |
99 | text = tmp; | 99 | text = tmp; |
100 | tmp = NULL; | 100 | tmp = NULL; |
101 | } else { | 101 | } else { |
102 | text = xstrdup((*msg)[i].msg); | 102 | text = xstrdup(PAM_MSG_MEMBER(msg, i, msg)); |
103 | } | 103 | } |
104 | if(((*msg)[i].msg_style == PAM_PROMPT_ECHO_ON) || | 104 | if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) || |
105 | ((*msg)[i].msg_style == PAM_PROMPT_ECHO_OFF) || | 105 | (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) || |
106 | (i == num_msg - 1)) { | 106 | (i == num_msg - 1)) { |
107 | debug("sending prompt ssh-%d(pam-%d) = \"%s\"", | 107 | debug("sending prompt ssh-%d(pam-%d) = \"%s\"", |
108 | j, i, text); | 108 | j, i, text); |
diff --git a/configure.in b/configure.in index 9f3b10c43..4601cd38b 100644 --- a/configure.in +++ b/configure.in | |||
@@ -88,6 +88,7 @@ case "$host" in | |||
88 | *-*-hpux11*) | 88 | *-*-hpux11*) |
89 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE" | 89 | CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE" |
90 | IPADDR_IN_DISPLAY=yes | 90 | IPADDR_IN_DISPLAY=yes |
91 | AC_DEFINE(PAM_SUN_CODEBASE) | ||
91 | AC_DEFINE(USE_PIPES) | 92 | AC_DEFINE(USE_PIPES) |
92 | AC_DEFINE(DISABLE_SHADOW) | 93 | AC_DEFINE(DISABLE_SHADOW) |
93 | AC_DEFINE(DISABLE_UTMP) | 94 | AC_DEFINE(DISABLE_UTMP) |
@@ -149,6 +150,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
149 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 150 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
150 | LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib" | 151 | LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib" |
151 | need_dash_r=1 | 152 | need_dash_r=1 |
153 | AC_DEFINE(PAM_SUN_CODEBASE) | ||
152 | # hardwire lastlog location (can't detect it on some versions) | 154 | # hardwire lastlog location (can't detect it on some versions) |
153 | conf_lastlog_location="/var/adm/lastlog" | 155 | conf_lastlog_location="/var/adm/lastlog" |
154 | AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) | 156 | AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) |
@@ -164,6 +166,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
164 | *-*-sunos4*) | 166 | *-*-sunos4*) |
165 | CPPFLAGS="$CPPFLAGS -DSUNOS4" | 167 | CPPFLAGS="$CPPFLAGS -DSUNOS4" |
166 | AC_CHECK_FUNCS(getpwanam) | 168 | AC_CHECK_FUNCS(getpwanam) |
169 | AC_DEFINE(PAM_SUN_CODEBASE) | ||
167 | conf_utmp_location=/etc/utmp | 170 | conf_utmp_location=/etc/utmp |
168 | conf_wtmp_location=/var/adm/wtmp | 171 | conf_wtmp_location=/var/adm/wtmp |
169 | conf_lastlog_location=/var/adm/lastlog | 172 | conf_lastlog_location=/var/adm/lastlog |
@@ -1614,6 +1617,13 @@ echo " Libraries: ${LIBS}" | |||
1614 | 1617 | ||
1615 | echo "" | 1618 | echo "" |
1616 | 1619 | ||
1620 | if test "x$PAM_MSG" = "xyes" ; then | ||
1621 | echo "PAM is enabled. You may need to install a PAM control file for sshd," | ||
1622 | echo "otherwise password authentication may fail. Example PAM control files" | ||
1623 | echo "can be found in the contrib/ subdirectory" | ||
1624 | echo "" | ||
1625 | fi | ||
1626 | |||
1617 | if test ! -z "$BUILTIN_RNG" ; then | 1627 | if test ! -z "$BUILTIN_RNG" ; then |
1618 | echo "WARNING: you are using the builtin random number collection service." | 1628 | echo "WARNING: you are using the builtin random number collection service." |
1619 | echo "Please read WARNING.RNG and request that your OS vendor includes" | 1629 | echo "Please read WARNING.RNG and request that your OS vendor includes" |
@@ -340,6 +340,12 @@ struct winsize { | |||
340 | # define PAM_STRERROR(a,b) pam_strerror((a),(b)) | 340 | # define PAM_STRERROR(a,b) pam_strerror((a),(b)) |
341 | #endif | 341 | #endif |
342 | 342 | ||
343 | #ifdef PAM_SUN_CODEBASE | ||
344 | # define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member) | ||
345 | #else | ||
346 | # define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member) | ||
347 | #endif | ||
348 | |||
343 | #if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) | 349 | #if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) |
344 | # undef HAVE_GETADDRINFO | 350 | # undef HAVE_GETADDRINFO |
345 | #endif /* defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) */ | 351 | #endif /* defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) */ |