summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--Makefile.in30
-rw-r--r--acconfig.h53
-rw-r--r--bsd-login.c36
-rw-r--r--configure.in9
-rw-r--r--login.c18
-rw-r--r--pty.c6
-rw-r--r--sshd.c49
8 files changed, 157 insertions, 51 deletions
diff --git a/ChangeLog b/ChangeLog
index 1b4809505..39304e24d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
119991209
2 - Import of patch from Ben Taylor <bent@clark.net>:
3 - Improved PAM support
4 - "uninstall" rule for Makefile
5 - utmpx support
6 - Should fix PAM problems on Solaris
7
119991208 819991208
2 - Compile fix for Solaris with /dev/ptmx from 9 - Compile fix for Solaris with /dev/ptmx from
3 David Agraz <dagraz@jahoopa.com> 10 David Agraz <dagraz@jahoopa.com>
diff --git a/Makefile.in b/Makefile.in
index 80b0a6d42..232f8e024 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -103,6 +103,36 @@ install: all
103 $(INSTALL) -m644 sshd_config $(sysconfdir)/sshd_config; \ 103 $(INSTALL) -m644 sshd_config $(sysconfdir)/sshd_config; \
104 fi 104 fi
105 105
106uninstallall: uninstall
107 -rm -f $(sysconfdir)/ssh_config
108 -rm -f $(sysconfdir)/sshd_config
109 -rmdir $(sysconfdir)
110 -rmdir $(bindir)
111 -rmdir $(sbindir)
112 -rmdir $(mandir)/man1
113 -rmdir $(mandir)/man8
114 -rmdir $(mandir)
115 -rmdir $(libexecdir)
116
117uninstall:
118 -rm -f $(bindir)/ssh
119 -rm -f $(bindir)/scp
120 -rm -f $(bindir)/ssh-add
121 -rm -f $(bindir)/ssh-agent
122 -rm -f $(bindir)/ssh-keygen
123 -rm -f $(sbindir)/sshd
124 -rm -f $(mandir)/man1/ssh.1
125 -rm -f $(mandir)/man1/scp.1
126 -rm -f $(mandir)/man1/ssh-add.1
127 -rm -f $(mandir)/man1/ssh-agent.1
128 -rm -f $(mandir)/man1/ssh-keygen.1
129 -rm -f $(mandir)/man8/sshd.8
130 -rm -f $(bindir)/slogin
131 -rm -f $(mandir)/man1/slogin.1
132 -rm -f $(mandir)/man1/slogin.1
133 -rm -f ${ASKPASS_PROGRAM}
134 -rmdir $(libexecdir)/ssh ;
135
106distclean: clean 136distclean: clean
107 rm -f Makefile config.h core *~ 137 rm -f Makefile config.h core *~
108 138
diff --git a/acconfig.h b/acconfig.h
index 29ec07821..811c00d47 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -24,6 +24,9 @@
24/* Define is utmp.h has a ut_host field */ 24/* Define is utmp.h has a ut_host field */
25#undef HAVE_HOST_IN_UTMP 25#undef HAVE_HOST_IN_UTMP
26 26
27/* Define is utmpx.h has a ut_host field */
28#undef HAVE_HOST_IN_UTMPX
29
27/* Define is libutil has login() function */ 30/* Define is libutil has login() function */
28#undef HAVE_LIBUTIL_LOGIN 31#undef HAVE_LIBUTIL_LOGIN
29 32
@@ -85,6 +88,10 @@
85# include <utmp.h> /* For _PATH_XXX */ 88# include <utmp.h> /* For _PATH_XXX */
86#endif 89#endif
87 90
91#ifdef HAVE_UTMPX_H
92# include <utmpx.h> /* For _PATH_XXX */
93#endif
94
88#ifdef HAVE_SYS_TIME_H 95#ifdef HAVE_SYS_TIME_H
89# include <sys/time.h> /* For timersub */ 96# include <sys/time.h> /* For timersub */
90#endif 97#endif
@@ -96,13 +103,13 @@
96#ifndef SHUT_RDWR 103#ifndef SHUT_RDWR
97enum 104enum
98{ 105{
99 SHUT_RD = 0, /* No more receptions. */ 106 SHUT_RD = 0, /* No more receptions. */
100#define SHUT_RD SHUT_RD 107 SHUT_WR, /* No more transmissions. */
101 SHUT_WR, /* No more transmissions. */ 108 SHUT_RDWR /* No more receptions or transmissions. */
102#define SHUT_WR SHUT_WR
103 SHUT_RDWR /* No more receptions or transmissions. */
104#define SHUT_RDWR SHUT_RDWR
105}; 109};
110# define SHUT_RD SHUT_RD
111# define SHUT_WR SHUT_WR
112# define SHUT_RDWR SHUT_RDWR
106#endif 113#endif
107 114
108/* If sys/types.h does not supply intXX_t, supply them ourselves */ 115/* If sys/types.h does not supply intXX_t, supply them ourselves */
@@ -164,25 +171,44 @@ enum
164# define quad_t int64_t 171# define quad_t int64_t
165#endif 172#endif
166 173
174/* If _PATH_LASTLOG is not defined by system headers, set it to the */
175/* lastlog file detected by autoconf */
167#ifndef _PATH_LASTLOG 176#ifndef _PATH_LASTLOG
168# ifdef LASTLOG_LOCATION 177# ifdef LASTLOG_LOCATION
169# define _PATH_LASTLOG LASTLOG_LOCATION 178# define _PATH_LASTLOG LASTLOG_LOCATION
170# endif 179# endif
171#endif 180#endif
172 181
182/* Use utmpx if supported */
183#ifdef HAVE_UTMPX_H
184# define UTMP_STR utmpx
185#else
186# ifdef HAVE_UTMP_H
187# define UTMP_STR utmp
188# endif
189#endif
190
173#ifndef _PATH_UTMP 191#ifndef _PATH_UTMP
174# ifdef UTMP_FILE 192# ifdef UTMPX_FILE
175# define _PATH_UTMP UTMP_FILE 193# define _PATH_UTMP UTMPX_FILE
176# else 194# else
177# define _PATH_UTMP "/var/adm/utmp" 195# ifdef UTMP_FILE
196# define _PATH_UTMP UTMP_FILE
197# else
198# define _PATH_UTMP "/var/adm/utmp"
199# endif
178# endif 200# endif
179#endif 201#endif
180 202
181#ifndef _PATH_WTMP 203#ifndef _PATH_WTMP
182# ifdef WTMP_FILE 204# ifdef WTMPX_FILE
183# define _PATH_WTMP WTMP_FILE 205# define _PATH_WTMP WTMPX_FILE
184# else 206# else
185# define _PATH_WTMP "/var/adm/wtmp" 207# ifdef WTMP_FILE
208# define _PATH_WTMP WTMP_FILE
209# else
210# define _PATH_WTMP "/var/adm/wtmp"
211# endif
186# endif 212# endif
187#endif 213#endif
188 214
@@ -219,9 +245,9 @@ enum
219 (result)->tv_usec += 1000000; \ 245 (result)->tv_usec += 1000000; \
220 } \ 246 } \
221 } while (0) 247 } while (0)
222
223#endif 248#endif
224 249
250/* In older versions of libpam, pam_strerror takes a single argument */
225#ifdef HAVE_OLD_PAM 251#ifdef HAVE_OLD_PAM
226# define PAM_STRERROR(a,b) pam_strerror((b)) 252# define PAM_STRERROR(a,b) pam_strerror((b))
227#else 253#else
@@ -231,3 +257,4 @@ enum
231#ifndef __P 257#ifndef __P
232# define __P(x) x 258# define __P(x) x
233#endif 259#endif
260
diff --git a/bsd-login.c b/bsd-login.c
index dcbabe0bf..9c1206547 100644
--- a/bsd-login.c
+++ b/bsd-login.c
@@ -45,47 +45,59 @@ static char *rcsid = "$OpenBSD: login.c,v 1.5 1998/07/13 02:11:12 millert Exp $"
45#include <fcntl.h> 45#include <fcntl.h>
46#include <unistd.h> 46#include <unistd.h>
47#include <stdlib.h> 47#include <stdlib.h>
48#include <utmp.h> 48#ifdef HAVE_UTMPX_H
49# include <utmpx.h>
50#endif
51#ifdef HAVE_UTMP_H
52# include <utmp.h>
53#endif
49#include <stdio.h> 54#include <stdio.h>
50 55
51void 56void
52login(utp) 57login(utp)
53 struct utmp *utp; 58 struct UTMP_STR *utp;
54{ 59{
55 struct utmp old_ut; 60 struct UTMP_STR old_ut;
56 register int fd; 61 register int fd;
57 int tty; 62 int tty;
58 63
59#ifndef UT_LINESIZE 64#ifndef UT_LINESIZE
60# define UT_LINESIZE (sizeof(old_ut.ut_line)) 65# define UT_LINESIZE (sizeof(old_ut.ut_line))
61# define UT_NAMESIZE (sizeof(old_ut.ut_name)) 66# ifdef HAVE_UTMPX_H
67# define UT_NAMESIZE (sizeof(old_ut.ut_user))
68# else
69# define UT_NAMESIZE (sizeof(old_ut.ut_name))
70# endif
62# ifdef HAVE_HOST_IN_UTMP 71# ifdef HAVE_HOST_IN_UTMP
63# define UT_HOSTSIZE (sizeof(old_ut.ut_host)) 72# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
64# endif 73# endif
74# ifdef HAVE_HOST_IN_UTMPX
75# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
76# endif
65#endif 77#endif
66 78
67 tty = ttyslot(); 79 tty = ttyslot();
68 if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) { 80 if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
69#ifdef HAVE_HOST_IN_UTMP 81#ifdef HAVE_HOST_IN_UTMP || HAVE_HOST_IN_UTMPX
70 (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET); 82 (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
71 /* 83 /*
72 * Prevent luser from zero'ing out ut_host. 84 * Prevent luser from zero'ing out ut_host.
73 * If the new ut_line is empty but the old one is not 85 * If the new ut_line is empty but the old one is not
74 * and ut_line and ut_name match, preserve the old ut_line. 86 * and ut_line and ut_name match, preserve the old ut_line.
75 */ 87 */
76 if (read(fd, &old_ut, sizeof(struct utmp)) == 88 if (read(fd, &old_ut, sizeof(struct UTMP_STR)) ==
77 sizeof(struct utmp) && utp->ut_host[0] == '\0' && 89 sizeof(struct UTMP_STR) && utp->ut_host[0] == '\0' &&
78 old_ut.ut_host[0] != '\0' && 90 old_ut.ut_host[0] != '\0' &&
79 strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 && 91 strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 &&
80 strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0) 92 strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0)
81 (void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE); 93 (void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE);
82#endif /* HAVE_HOST_IN_UTMP */ 94#endif /* HAVE_HOST_IN_UTMP || HAVE_HOST_IN_UTMPX */
83 (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET); 95 (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET);
84 (void)write(fd, utp, sizeof(struct utmp)); 96 (void)write(fd, utp, sizeof(struct UTMP_STR));
85 (void)close(fd); 97 (void)close(fd);
86 } 98 }
87 if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { 99 if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
88 (void)write(fd, utp, sizeof(struct utmp)); 100 (void)write(fd, utp, sizeof(struct UTMP_STR));
89 (void)close(fd); 101 (void)close(fd);
90 } 102 }
91} 103}
diff --git a/configure.in b/configure.in
index f1027ef42..e0395528d 100644
--- a/configure.in
+++ b/configure.in
@@ -56,7 +56,7 @@ AC_CHECK_LIB(dl, dlopen, , )
56AC_CHECK_LIB(pam, pam_authenticate, , ) 56AC_CHECK_LIB(pam, pam_authenticate, , )
57 57
58dnl Checks for header files. 58dnl Checks for header files.
59AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h pty.h shadow.h util.h utmp.h sys/select.h sys/stropts.h sys/time.h) 59AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h pty.h shadow.h util.h utmp.h utmpx.h sys/select.h sys/stropts.h sys/time.h)
60 60
61dnl Checks for library functions. 61dnl Checks for library functions.
62AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv setlogin setproctitle snprintf strlcat strlcpy vsnprintf) 62AC_CHECK_FUNCS(arc4random mkdtemp openpty _getpty setenv setlogin setproctitle snprintf strlcat strlcpy vsnprintf)
@@ -198,6 +198,13 @@ AC_EGREP_HEADER(ut_host, utmp.h,
198 [AC_MSG_RESULT(no)] 198 [AC_MSG_RESULT(no)]
199) 199)
200 200
201dnl Check for ut_host field in utmpx
202AC_MSG_CHECKING([whether utmpx.h has ut_host field])
203AC_EGREP_HEADER(ut_host, utmpx.h,
204 [AC_DEFINE(HAVE_HOST_IN_UTMPX) AC_MSG_RESULT(yes); ],
205 [AC_MSG_RESULT(no)]
206)
207
201dnl Look for lastlog location 208dnl Look for lastlog location
202AC_MSG_CHECKING([location of lastlog file]) 209AC_MSG_CHECKING([location of lastlog file])
203for lastlog in /var/log/lastlog /var/adm/lastlog /etc/security/lastlog ; do 210for lastlog in /var/log/lastlog /var/adm/lastlog /etc/security/lastlog ; do
diff --git a/login.c b/login.c
index 81bae8205..ff4184572 100644
--- a/login.c
+++ b/login.c
@@ -18,9 +18,14 @@
18 */ 18 */
19 19
20#include "includes.h" 20#include "includes.h"
21RCSID("$Id: login.c,v 1.5 1999/11/25 02:08:31 damien Exp $"); 21RCSID("$Id: login.c,v 1.6 1999/12/08 23:16:55 damien Exp $");
22 22
23#include <utmp.h> 23#ifdef HAVE_UTMPX_H
24# include <utmpx.h>
25#endif
26#ifdef HAVE_UTMP_H
27# include <utmp.h>
28#endif
24#include "ssh.h" 29#include "ssh.h"
25 30
26#ifdef HAVE_UTIL_H 31#ifdef HAVE_UTIL_H
@@ -83,15 +88,20 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
83 int fd; 88 int fd;
84 struct lastlog ll; 89 struct lastlog ll;
85 char *lastlog; 90 char *lastlog;
86 struct utmp u; 91 struct UTMP_STR u;
87 const char *utmp, *wtmp; 92 const char *utmp, *wtmp;
88 93
89 /* Construct an utmp/wtmp entry. */ 94 /* Construct an utmp/wtmp entry. */
90 memset(&u, 0, sizeof(u)); 95 memset(&u, 0, sizeof(u));
91 strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line)); 96 strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
97#ifdef HAVE_UTMPX_H
98 u.ut_tv.tv_sec = time(NULL);
99 strncpy(u.ut_user, user, sizeof(u.ut_name));
100#else
92 u.ut_time = time(NULL); 101 u.ut_time = time(NULL);
93 strncpy(u.ut_name, user, sizeof(u.ut_name)); 102 strncpy(u.ut_name, user, sizeof(u.ut_name));
94#ifdef HAVE_HOST_IN_UTMP 103#endif
104#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX)
95 strncpy(u.ut_host, host, sizeof(u.ut_host)); 105 strncpy(u.ut_host, host, sizeof(u.ut_host));
96#endif 106#endif
97 107
diff --git a/pty.c b/pty.c
index acd81c9ba..c6c7363b2 100644
--- a/pty.c
+++ b/pty.c
@@ -14,11 +14,15 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$Id: pty.c,v 1.7 1999/12/07 21:53:52 damien Exp $"); 17RCSID("$Id: pty.c,v 1.8 1999/12/08 23:16:55 damien Exp $");
18 18
19#include "pty.h" 19#include "pty.h"
20#include "ssh.h" 20#include "ssh.h"
21 21
22#ifdef HAVE_DEV_PTMX
23#include <sys/stropts.h>
24#endif /* HAVE_DEV_PTMX */
25
22/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ 26/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
23#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) 27#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
24#undef HAVE_DEV_PTMX 28#undef HAVE_DEV_PTMX
diff --git a/sshd.c b/sshd.c
index 0c15e2837..2ff8f45b4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$Id: sshd.c,v 1.35 1999/12/07 04:38:32 damien Exp $"); 14RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $");
15 15
16#include "xmalloc.h" 16#include "xmalloc.h"
17#include "rsa.h" 17#include "rsa.h"
@@ -138,7 +138,8 @@ void do_child(const char *command, struct passwd * pw, const char *term,
138#ifdef HAVE_LIBPAM 138#ifdef HAVE_LIBPAM
139static int pamconv(int num_msg, const struct pam_message **msg, 139static int pamconv(int num_msg, const struct pam_message **msg,
140 struct pam_response **resp, void *appdata_ptr); 140 struct pam_response **resp, void *appdata_ptr);
141void do_pam_account_and_session(char *username, char *remote_user); 141void do_pam_account(char *username, char *remote_user);
142void do_pam_session(char *username, char *ttyname);
142void pam_cleanup_proc(void *context); 143void pam_cleanup_proc(void *context);
143 144
144static struct pam_conv conv = { 145static struct pam_conv conv = {
@@ -228,7 +229,7 @@ void pam_cleanup_proc(void *context)
228 } 229 }
229} 230}
230 231
231void do_pam_account_and_session(char *username, char *remote_user) 232void do_pam_account(char *username, char *remote_user)
232{ 233{
233 int pam_retval; 234 int pam_retval;
234 235
@@ -254,12 +255,22 @@ void do_pam_account_and_session(char *username, char *remote_user)
254 log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 255 log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
255 do_fake_authloop(username); 256 do_fake_authloop(username);
256 } 257 }
258}
257 259
258 pam_retval = pam_open_session((pam_handle_t *)pamh, 0); 260void do_pam_session(char *username, char *ttyname)
259 if (pam_retval != PAM_SUCCESS) { 261{
260 log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 262 int pam_retval;
261 do_fake_authloop(username); 263
264 if (ttyname != NULL) {
265 debug("PAM setting tty to \"%.200s\"", ttyname);
266 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname);
267 if (pam_retval != PAM_SUCCESS)
268 fatal("PAM set tty failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
262 } 269 }
270
271 pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
272 if (pam_retval != PAM_SUCCESS)
273 fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
263} 274}
264#endif /* HAVE_LIBPAM */ 275#endif /* HAVE_LIBPAM */
265 276
@@ -1476,12 +1487,16 @@ do_authloop(struct passwd * pw)
1476 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); 1487 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
1477 if (pam_retval == PAM_SUCCESS) { 1488 if (pam_retval == PAM_SUCCESS) {
1478 log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); 1489 log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
1490 memset(password, 0, strlen(password));
1491 xfree(password);
1479 authenticated = 1; 1492 authenticated = 1;
1480 break; 1493 break;
1481 } 1494 }
1482 1495
1483 log("PAM Password authentication for \"%.100s\" failed: %s", 1496 log("PAM Password authentication for \"%.100s\" failed: %s",
1484 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 1497 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
1498 memset(password, 0, strlen(password));
1499 xfree(password);
1485 break; 1500 break;
1486#else /* HAVE_LIBPAM */ 1501#else /* HAVE_LIBPAM */
1487 /* Try authentication with the password. */ 1502 /* Try authentication with the password. */
@@ -1561,30 +1576,18 @@ do_authloop(struct passwd * pw)
1561 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); 1576 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
1562#else /* HAVE_LIBPAM */ 1577#else /* HAVE_LIBPAM */
1563 if (authenticated) { 1578 if (authenticated) {
1564 do_pam_account_and_session(pw->pw_name, client_user); 1579 do_pam_account(pw->pw_name, client_user);
1565 1580
1566 /* Clean up */
1567 if (client_user != NULL) 1581 if (client_user != NULL)
1568 xfree(client_user); 1582 xfree(client_user);
1569 1583
1570 if (password != NULL) {
1571 memset(password, 0, strlen(password));
1572 xfree(password);
1573 }
1574
1575 return; 1584 return;
1576 } 1585 }
1577 1586
1578 if (attempt > AUTH_FAIL_MAX) { 1587 if (attempt > AUTH_FAIL_MAX) {
1579 /* Clean up */
1580 if (client_user != NULL) 1588 if (client_user != NULL)
1581 xfree(client_user); 1589 xfree(client_user);
1582 1590
1583 if (password != NULL) {
1584 memset(password, 0, strlen(password));
1585 xfree(password);
1586 }
1587
1588 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); 1591 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
1589 } 1592 }
1590#endif /* HAVE_LIBPAM */ 1593#endif /* HAVE_LIBPAM */
@@ -1785,6 +1788,12 @@ do_authenticated(struct passwd * pw)
1785 1788
1786 /* Indicate that we now have a pty. */ 1789 /* Indicate that we now have a pty. */
1787 have_pty = 1; 1790 have_pty = 1;
1791
1792#ifdef HAVE_LIBPAM
1793 /* do the pam_open_session since we have the pty */
1794 do_pam_session(pw->pw_name,ttyname);
1795#endif /* HAVE_LIBPAM */
1796
1788 break; 1797 break;
1789 1798
1790 case SSH_CMSG_X11_REQUEST_FORWARDING: 1799 case SSH_CMSG_X11_REQUEST_FORWARDING: