diff options
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/auth-pam.c b/auth-pam.c index bde0a8f56..d3f400bc3 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -197,7 +197,7 @@ pthread_create(sp_pthread_t *thread, const void *attr, | |||
197 | switch ((pid = fork())) { | 197 | switch ((pid = fork())) { |
198 | case -1: | 198 | case -1: |
199 | error("fork(): %s", strerror(errno)); | 199 | error("fork(): %s", strerror(errno)); |
200 | return (-1); | 200 | return errno; |
201 | case 0: | 201 | case 0: |
202 | close(ctx->pam_psock); | 202 | close(ctx->pam_psock); |
203 | ctx->pam_psock = -1; | 203 | ctx->pam_psock = -1; |
@@ -258,7 +258,7 @@ static char ** | |||
258 | pam_getenvlist(pam_handle_t *pamh) | 258 | pam_getenvlist(pam_handle_t *pamh) |
259 | { | 259 | { |
260 | /* | 260 | /* |
261 | * XXX - If necessary, we can still support envrionment passing | 261 | * XXX - If necessary, we can still support environment passing |
262 | * for platforms without pam_getenvlist by searching for known | 262 | * for platforms without pam_getenvlist by searching for known |
263 | * env vars (e.g. KRB5CCNAME) from the PAM environment. | 263 | * env vars (e.g. KRB5CCNAME) from the PAM environment. |
264 | */ | 264 | */ |
@@ -266,6 +266,14 @@ pam_getenvlist(pam_handle_t *pamh) | |||
266 | } | 266 | } |
267 | #endif | 267 | #endif |
268 | 268 | ||
269 | #ifndef HAVE_PAM_PUTENV | ||
270 | static int | ||
271 | pam_putenv(pam_handle_t *pamh, const char *name_value) | ||
272 | { | ||
273 | return PAM_SUCCESS; | ||
274 | } | ||
275 | #endif /* HAVE_PAM_PUTENV */ | ||
276 | |||
269 | /* | 277 | /* |
270 | * Some platforms, notably Solaris, do not enforce password complexity | 278 | * Some platforms, notably Solaris, do not enforce password complexity |
271 | * rules during pam_chauthtok() if the real uid of the calling process | 279 | * rules during pam_chauthtok() if the real uid of the calling process |
@@ -360,13 +368,11 @@ import_environments(struct sshbuf *b) | |||
360 | for (i = 0; i < num_env; i++) { | 368 | for (i = 0; i < num_env; i++) { |
361 | if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) | 369 | if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) |
362 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 370 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
363 | #ifdef HAVE_PAM_PUTENV | ||
364 | /* Errors are not fatal here */ | 371 | /* Errors are not fatal here */ |
365 | if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { | 372 | if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { |
366 | error("PAM: pam_putenv: %s", | 373 | error("PAM: pam_putenv: %s", |
367 | pam_strerror(sshpam_handle, r)); | 374 | pam_strerror(sshpam_handle, r)); |
368 | } | 375 | } |
369 | #endif | ||
370 | /* XXX leak env? */ | 376 | /* XXX leak env? */ |
371 | } | 377 | } |
372 | #endif | 378 | #endif |
@@ -535,7 +541,7 @@ sshpam_thread(void *ctxtp) | |||
535 | for (i = 0; environ[i] != NULL; i++) { | 541 | for (i = 0; environ[i] != NULL; i++) { |
536 | /* Count */ | 542 | /* Count */ |
537 | if (i > INT_MAX) | 543 | if (i > INT_MAX) |
538 | fatal("%s: too many enviornment strings", __func__); | 544 | fatal("%s: too many environment strings", __func__); |
539 | } | 545 | } |
540 | if ((r = sshbuf_put_u32(buffer, i)) != 0) | 546 | if ((r = sshbuf_put_u32(buffer, i)) != 0) |
541 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 547 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
@@ -548,7 +554,7 @@ sshpam_thread(void *ctxtp) | |||
548 | for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) { | 554 | for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) { |
549 | /* Count */ | 555 | /* Count */ |
550 | if (i > INT_MAX) | 556 | if (i > INT_MAX) |
551 | fatal("%s: too many PAM enviornment strings", __func__); | 557 | fatal("%s: too many PAM environment strings", __func__); |
552 | } | 558 | } |
553 | if ((r = sshbuf_put_u32(buffer, i)) != 0) | 559 | if ((r = sshbuf_put_u32(buffer, i)) != 0) |
554 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 560 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
@@ -770,7 +776,7 @@ static void * | |||
770 | sshpam_init_ctx(Authctxt *authctxt) | 776 | sshpam_init_ctx(Authctxt *authctxt) |
771 | { | 777 | { |
772 | struct pam_ctxt *ctxt; | 778 | struct pam_ctxt *ctxt; |
773 | int socks[2]; | 779 | int result, socks[2]; |
774 | 780 | ||
775 | debug3("PAM: %s entering", __func__); | 781 | debug3("PAM: %s entering", __func__); |
776 | /* | 782 | /* |
@@ -797,9 +803,10 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
797 | } | 803 | } |
798 | ctxt->pam_psock = socks[0]; | 804 | ctxt->pam_psock = socks[0]; |
799 | ctxt->pam_csock = socks[1]; | 805 | ctxt->pam_csock = socks[1]; |
800 | if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) { | 806 | result = pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt); |
807 | if (result != 0) { | ||
801 | error("PAM: failed to start authentication thread: %s", | 808 | error("PAM: failed to start authentication thread: %s", |
802 | strerror(errno)); | 809 | strerror(result)); |
803 | close(socks[0]); | 810 | close(socks[0]); |
804 | close(socks[1]); | 811 | close(socks[1]); |
805 | free(ctxt); | 812 | free(ctxt); |
@@ -844,6 +851,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
844 | plen += mlen; | 851 | plen += mlen; |
845 | **echo_on = (type == PAM_PROMPT_ECHO_ON); | 852 | **echo_on = (type == PAM_PROMPT_ECHO_ON); |
846 | free(msg); | 853 | free(msg); |
854 | sshbuf_free(buffer); | ||
847 | return (0); | 855 | return (0); |
848 | case PAM_ERROR_MSG: | 856 | case PAM_ERROR_MSG: |
849 | case PAM_TEXT_INFO: | 857 | case PAM_TEXT_INFO: |
@@ -872,6 +880,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
872 | **echo_on = 0; | 880 | **echo_on = 0; |
873 | ctxt->pam_done = -1; | 881 | ctxt->pam_done = -1; |
874 | free(msg); | 882 | free(msg); |
883 | sshbuf_free(buffer); | ||
875 | return 0; | 884 | return 0; |
876 | } | 885 | } |
877 | /* FALLTHROUGH */ | 886 | /* FALLTHROUGH */ |
@@ -898,6 +907,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
898 | **echo_on = 0; | 907 | **echo_on = 0; |
899 | ctxt->pam_done = 1; | 908 | ctxt->pam_done = 1; |
900 | free(msg); | 909 | free(msg); |
910 | sshbuf_free(buffer); | ||
901 | return (0); | 911 | return (0); |
902 | } | 912 | } |
903 | error("PAM: %s for %s%.100s from %.100s", msg, | 913 | error("PAM: %s for %s%.100s from %.100s", msg, |
@@ -909,9 +919,11 @@ sshpam_query(void *ctx, char **name, char **info, | |||
909 | **echo_on = 0; | 919 | **echo_on = 0; |
910 | free(msg); | 920 | free(msg); |
911 | ctxt->pam_done = -1; | 921 | ctxt->pam_done = -1; |
922 | sshbuf_free(buffer); | ||
912 | return (-1); | 923 | return (-1); |
913 | } | 924 | } |
914 | } | 925 | } |
926 | sshbuf_free(buffer); | ||
915 | return (-1); | 927 | return (-1); |
916 | } | 928 | } |
917 | 929 | ||
@@ -1205,7 +1217,6 @@ int | |||
1205 | do_pam_putenv(char *name, char *value) | 1217 | do_pam_putenv(char *name, char *value) |
1206 | { | 1218 | { |
1207 | int ret = 1; | 1219 | int ret = 1; |
1208 | #ifdef HAVE_PAM_PUTENV | ||
1209 | char *compound; | 1220 | char *compound; |
1210 | size_t len; | 1221 | size_t len; |
1211 | 1222 | ||
@@ -1215,7 +1226,6 @@ do_pam_putenv(char *name, char *value) | |||
1215 | snprintf(compound, len, "%s=%s", name, value); | 1226 | snprintf(compound, len, "%s=%s", name, value); |
1216 | ret = pam_putenv(sshpam_handle, compound); | 1227 | ret = pam_putenv(sshpam_handle, compound); |
1217 | free(compound); | 1228 | free(compound); |
1218 | #endif | ||
1219 | 1229 | ||
1220 | return (ret); | 1230 | return (ret); |
1221 | } | 1231 | } |