summaryrefslogtreecommitdiff
path: root/auth-pam.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-pam.c')
-rw-r--r--auth-pam.c32
1 files changed, 21 insertions, 11 deletions
diff --git a/auth-pam.c b/auth-pam.c
index bde0a8f56..d3f400bc3 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -197,7 +197,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
197 switch ((pid = fork())) { 197 switch ((pid = fork())) {
198 case -1: 198 case -1:
199 error("fork(): %s", strerror(errno)); 199 error("fork(): %s", strerror(errno));
200 return (-1); 200 return errno;
201 case 0: 201 case 0:
202 close(ctx->pam_psock); 202 close(ctx->pam_psock);
203 ctx->pam_psock = -1; 203 ctx->pam_psock = -1;
@@ -258,7 +258,7 @@ static char **
258pam_getenvlist(pam_handle_t *pamh) 258pam_getenvlist(pam_handle_t *pamh)
259{ 259{
260 /* 260 /*
261 * XXX - If necessary, we can still support envrionment passing 261 * XXX - If necessary, we can still support environment passing
262 * for platforms without pam_getenvlist by searching for known 262 * for platforms without pam_getenvlist by searching for known
263 * env vars (e.g. KRB5CCNAME) from the PAM environment. 263 * env vars (e.g. KRB5CCNAME) from the PAM environment.
264 */ 264 */
@@ -266,6 +266,14 @@ pam_getenvlist(pam_handle_t *pamh)
266} 266}
267#endif 267#endif
268 268
269#ifndef HAVE_PAM_PUTENV
270static int
271pam_putenv(pam_handle_t *pamh, const char *name_value)
272{
273 return PAM_SUCCESS;
274}
275#endif /* HAVE_PAM_PUTENV */
276
269/* 277/*
270 * Some platforms, notably Solaris, do not enforce password complexity 278 * Some platforms, notably Solaris, do not enforce password complexity
271 * rules during pam_chauthtok() if the real uid of the calling process 279 * rules during pam_chauthtok() if the real uid of the calling process
@@ -360,13 +368,11 @@ import_environments(struct sshbuf *b)
360 for (i = 0; i < num_env; i++) { 368 for (i = 0; i < num_env; i++) {
361 if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) 369 if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
362 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 370 fatal("%s: buffer error: %s", __func__, ssh_err(r));
363#ifdef HAVE_PAM_PUTENV
364 /* Errors are not fatal here */ 371 /* Errors are not fatal here */
365 if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { 372 if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
366 error("PAM: pam_putenv: %s", 373 error("PAM: pam_putenv: %s",
367 pam_strerror(sshpam_handle, r)); 374 pam_strerror(sshpam_handle, r));
368 } 375 }
369#endif
370 /* XXX leak env? */ 376 /* XXX leak env? */
371 } 377 }
372#endif 378#endif
@@ -535,7 +541,7 @@ sshpam_thread(void *ctxtp)
535 for (i = 0; environ[i] != NULL; i++) { 541 for (i = 0; environ[i] != NULL; i++) {
536 /* Count */ 542 /* Count */
537 if (i > INT_MAX) 543 if (i > INT_MAX)
538 fatal("%s: too many enviornment strings", __func__); 544 fatal("%s: too many environment strings", __func__);
539 } 545 }
540 if ((r = sshbuf_put_u32(buffer, i)) != 0) 546 if ((r = sshbuf_put_u32(buffer, i)) != 0)
541 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 547 fatal("%s: buffer error: %s", __func__, ssh_err(r));
@@ -548,7 +554,7 @@ sshpam_thread(void *ctxtp)
548 for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) { 554 for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) {
549 /* Count */ 555 /* Count */
550 if (i > INT_MAX) 556 if (i > INT_MAX)
551 fatal("%s: too many PAM enviornment strings", __func__); 557 fatal("%s: too many PAM environment strings", __func__);
552 } 558 }
553 if ((r = sshbuf_put_u32(buffer, i)) != 0) 559 if ((r = sshbuf_put_u32(buffer, i)) != 0)
554 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 560 fatal("%s: buffer error: %s", __func__, ssh_err(r));
@@ -770,7 +776,7 @@ static void *
770sshpam_init_ctx(Authctxt *authctxt) 776sshpam_init_ctx(Authctxt *authctxt)
771{ 777{
772 struct pam_ctxt *ctxt; 778 struct pam_ctxt *ctxt;
773 int socks[2]; 779 int result, socks[2];
774 780
775 debug3("PAM: %s entering", __func__); 781 debug3("PAM: %s entering", __func__);
776 /* 782 /*
@@ -797,9 +803,10 @@ sshpam_init_ctx(Authctxt *authctxt)
797 } 803 }
798 ctxt->pam_psock = socks[0]; 804 ctxt->pam_psock = socks[0];
799 ctxt->pam_csock = socks[1]; 805 ctxt->pam_csock = socks[1];
800 if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) { 806 result = pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt);
807 if (result != 0) {
801 error("PAM: failed to start authentication thread: %s", 808 error("PAM: failed to start authentication thread: %s",
802 strerror(errno)); 809 strerror(result));
803 close(socks[0]); 810 close(socks[0]);
804 close(socks[1]); 811 close(socks[1]);
805 free(ctxt); 812 free(ctxt);
@@ -844,6 +851,7 @@ sshpam_query(void *ctx, char **name, char **info,
844 plen += mlen; 851 plen += mlen;
845 **echo_on = (type == PAM_PROMPT_ECHO_ON); 852 **echo_on = (type == PAM_PROMPT_ECHO_ON);
846 free(msg); 853 free(msg);
854 sshbuf_free(buffer);
847 return (0); 855 return (0);
848 case PAM_ERROR_MSG: 856 case PAM_ERROR_MSG:
849 case PAM_TEXT_INFO: 857 case PAM_TEXT_INFO:
@@ -872,6 +880,7 @@ sshpam_query(void *ctx, char **name, char **info,
872 **echo_on = 0; 880 **echo_on = 0;
873 ctxt->pam_done = -1; 881 ctxt->pam_done = -1;
874 free(msg); 882 free(msg);
883 sshbuf_free(buffer);
875 return 0; 884 return 0;
876 } 885 }
877 /* FALLTHROUGH */ 886 /* FALLTHROUGH */
@@ -898,6 +907,7 @@ sshpam_query(void *ctx, char **name, char **info,
898 **echo_on = 0; 907 **echo_on = 0;
899 ctxt->pam_done = 1; 908 ctxt->pam_done = 1;
900 free(msg); 909 free(msg);
910 sshbuf_free(buffer);
901 return (0); 911 return (0);
902 } 912 }
903 error("PAM: %s for %s%.100s from %.100s", msg, 913 error("PAM: %s for %s%.100s from %.100s", msg,
@@ -909,9 +919,11 @@ sshpam_query(void *ctx, char **name, char **info,
909 **echo_on = 0; 919 **echo_on = 0;
910 free(msg); 920 free(msg);
911 ctxt->pam_done = -1; 921 ctxt->pam_done = -1;
922 sshbuf_free(buffer);
912 return (-1); 923 return (-1);
913 } 924 }
914 } 925 }
926 sshbuf_free(buffer);
915 return (-1); 927 return (-1);
916} 928}
917 929
@@ -1205,7 +1217,6 @@ int
1205do_pam_putenv(char *name, char *value) 1217do_pam_putenv(char *name, char *value)
1206{ 1218{
1207 int ret = 1; 1219 int ret = 1;
1208#ifdef HAVE_PAM_PUTENV
1209 char *compound; 1220 char *compound;
1210 size_t len; 1221 size_t len;
1211 1222
@@ -1215,7 +1226,6 @@ do_pam_putenv(char *name, char *value)
1215 snprintf(compound, len, "%s=%s", name, value); 1226 snprintf(compound, len, "%s=%s", name, value);
1216 ret = pam_putenv(sshpam_handle, compound); 1227 ret = pam_putenv(sshpam_handle, compound);
1217 free(compound); 1228 free(compound);
1218#endif
1219 1229
1220 return (ret); 1230 return (ret);
1221} 1231}