diff options
Diffstat (limited to 'auth-pam.c')
| -rw-r--r-- | auth-pam.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/auth-pam.c b/auth-pam.c index bde0a8f56..d3f400bc3 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -197,7 +197,7 @@ pthread_create(sp_pthread_t *thread, const void *attr, | |||
| 197 | switch ((pid = fork())) { | 197 | switch ((pid = fork())) { |
| 198 | case -1: | 198 | case -1: |
| 199 | error("fork(): %s", strerror(errno)); | 199 | error("fork(): %s", strerror(errno)); |
| 200 | return (-1); | 200 | return errno; |
| 201 | case 0: | 201 | case 0: |
| 202 | close(ctx->pam_psock); | 202 | close(ctx->pam_psock); |
| 203 | ctx->pam_psock = -1; | 203 | ctx->pam_psock = -1; |
| @@ -258,7 +258,7 @@ static char ** | |||
| 258 | pam_getenvlist(pam_handle_t *pamh) | 258 | pam_getenvlist(pam_handle_t *pamh) |
| 259 | { | 259 | { |
| 260 | /* | 260 | /* |
| 261 | * XXX - If necessary, we can still support envrionment passing | 261 | * XXX - If necessary, we can still support environment passing |
| 262 | * for platforms without pam_getenvlist by searching for known | 262 | * for platforms without pam_getenvlist by searching for known |
| 263 | * env vars (e.g. KRB5CCNAME) from the PAM environment. | 263 | * env vars (e.g. KRB5CCNAME) from the PAM environment. |
| 264 | */ | 264 | */ |
| @@ -266,6 +266,14 @@ pam_getenvlist(pam_handle_t *pamh) | |||
| 266 | } | 266 | } |
| 267 | #endif | 267 | #endif |
| 268 | 268 | ||
| 269 | #ifndef HAVE_PAM_PUTENV | ||
| 270 | static int | ||
| 271 | pam_putenv(pam_handle_t *pamh, const char *name_value) | ||
| 272 | { | ||
| 273 | return PAM_SUCCESS; | ||
| 274 | } | ||
| 275 | #endif /* HAVE_PAM_PUTENV */ | ||
| 276 | |||
| 269 | /* | 277 | /* |
| 270 | * Some platforms, notably Solaris, do not enforce password complexity | 278 | * Some platforms, notably Solaris, do not enforce password complexity |
| 271 | * rules during pam_chauthtok() if the real uid of the calling process | 279 | * rules during pam_chauthtok() if the real uid of the calling process |
| @@ -360,13 +368,11 @@ import_environments(struct sshbuf *b) | |||
| 360 | for (i = 0; i < num_env; i++) { | 368 | for (i = 0; i < num_env; i++) { |
| 361 | if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) | 369 | if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) |
| 362 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 370 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| 363 | #ifdef HAVE_PAM_PUTENV | ||
| 364 | /* Errors are not fatal here */ | 371 | /* Errors are not fatal here */ |
| 365 | if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { | 372 | if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { |
| 366 | error("PAM: pam_putenv: %s", | 373 | error("PAM: pam_putenv: %s", |
| 367 | pam_strerror(sshpam_handle, r)); | 374 | pam_strerror(sshpam_handle, r)); |
| 368 | } | 375 | } |
| 369 | #endif | ||
| 370 | /* XXX leak env? */ | 376 | /* XXX leak env? */ |
| 371 | } | 377 | } |
| 372 | #endif | 378 | #endif |
| @@ -535,7 +541,7 @@ sshpam_thread(void *ctxtp) | |||
| 535 | for (i = 0; environ[i] != NULL; i++) { | 541 | for (i = 0; environ[i] != NULL; i++) { |
| 536 | /* Count */ | 542 | /* Count */ |
| 537 | if (i > INT_MAX) | 543 | if (i > INT_MAX) |
| 538 | fatal("%s: too many enviornment strings", __func__); | 544 | fatal("%s: too many environment strings", __func__); |
| 539 | } | 545 | } |
| 540 | if ((r = sshbuf_put_u32(buffer, i)) != 0) | 546 | if ((r = sshbuf_put_u32(buffer, i)) != 0) |
| 541 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 547 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| @@ -548,7 +554,7 @@ sshpam_thread(void *ctxtp) | |||
| 548 | for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) { | 554 | for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) { |
| 549 | /* Count */ | 555 | /* Count */ |
| 550 | if (i > INT_MAX) | 556 | if (i > INT_MAX) |
| 551 | fatal("%s: too many PAM enviornment strings", __func__); | 557 | fatal("%s: too many PAM environment strings", __func__); |
| 552 | } | 558 | } |
| 553 | if ((r = sshbuf_put_u32(buffer, i)) != 0) | 559 | if ((r = sshbuf_put_u32(buffer, i)) != 0) |
| 554 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 560 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
| @@ -770,7 +776,7 @@ static void * | |||
| 770 | sshpam_init_ctx(Authctxt *authctxt) | 776 | sshpam_init_ctx(Authctxt *authctxt) |
| 771 | { | 777 | { |
| 772 | struct pam_ctxt *ctxt; | 778 | struct pam_ctxt *ctxt; |
| 773 | int socks[2]; | 779 | int result, socks[2]; |
| 774 | 780 | ||
| 775 | debug3("PAM: %s entering", __func__); | 781 | debug3("PAM: %s entering", __func__); |
| 776 | /* | 782 | /* |
| @@ -797,9 +803,10 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
| 797 | } | 803 | } |
| 798 | ctxt->pam_psock = socks[0]; | 804 | ctxt->pam_psock = socks[0]; |
| 799 | ctxt->pam_csock = socks[1]; | 805 | ctxt->pam_csock = socks[1]; |
| 800 | if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) { | 806 | result = pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt); |
| 807 | if (result != 0) { | ||
| 801 | error("PAM: failed to start authentication thread: %s", | 808 | error("PAM: failed to start authentication thread: %s", |
| 802 | strerror(errno)); | 809 | strerror(result)); |
| 803 | close(socks[0]); | 810 | close(socks[0]); |
| 804 | close(socks[1]); | 811 | close(socks[1]); |
| 805 | free(ctxt); | 812 | free(ctxt); |
| @@ -844,6 +851,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 844 | plen += mlen; | 851 | plen += mlen; |
| 845 | **echo_on = (type == PAM_PROMPT_ECHO_ON); | 852 | **echo_on = (type == PAM_PROMPT_ECHO_ON); |
| 846 | free(msg); | 853 | free(msg); |
| 854 | sshbuf_free(buffer); | ||
| 847 | return (0); | 855 | return (0); |
| 848 | case PAM_ERROR_MSG: | 856 | case PAM_ERROR_MSG: |
| 849 | case PAM_TEXT_INFO: | 857 | case PAM_TEXT_INFO: |
| @@ -872,6 +880,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 872 | **echo_on = 0; | 880 | **echo_on = 0; |
| 873 | ctxt->pam_done = -1; | 881 | ctxt->pam_done = -1; |
| 874 | free(msg); | 882 | free(msg); |
| 883 | sshbuf_free(buffer); | ||
| 875 | return 0; | 884 | return 0; |
| 876 | } | 885 | } |
| 877 | /* FALLTHROUGH */ | 886 | /* FALLTHROUGH */ |
| @@ -898,6 +907,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 898 | **echo_on = 0; | 907 | **echo_on = 0; |
| 899 | ctxt->pam_done = 1; | 908 | ctxt->pam_done = 1; |
| 900 | free(msg); | 909 | free(msg); |
| 910 | sshbuf_free(buffer); | ||
| 901 | return (0); | 911 | return (0); |
| 902 | } | 912 | } |
| 903 | error("PAM: %s for %s%.100s from %.100s", msg, | 913 | error("PAM: %s for %s%.100s from %.100s", msg, |
| @@ -909,9 +919,11 @@ sshpam_query(void *ctx, char **name, char **info, | |||
| 909 | **echo_on = 0; | 919 | **echo_on = 0; |
| 910 | free(msg); | 920 | free(msg); |
| 911 | ctxt->pam_done = -1; | 921 | ctxt->pam_done = -1; |
| 922 | sshbuf_free(buffer); | ||
| 912 | return (-1); | 923 | return (-1); |
| 913 | } | 924 | } |
| 914 | } | 925 | } |
| 926 | sshbuf_free(buffer); | ||
| 915 | return (-1); | 927 | return (-1); |
| 916 | } | 928 | } |
| 917 | 929 | ||
| @@ -1205,7 +1217,6 @@ int | |||
| 1205 | do_pam_putenv(char *name, char *value) | 1217 | do_pam_putenv(char *name, char *value) |
| 1206 | { | 1218 | { |
| 1207 | int ret = 1; | 1219 | int ret = 1; |
| 1208 | #ifdef HAVE_PAM_PUTENV | ||
| 1209 | char *compound; | 1220 | char *compound; |
| 1210 | size_t len; | 1221 | size_t len; |
| 1211 | 1222 | ||
| @@ -1215,7 +1226,6 @@ do_pam_putenv(char *name, char *value) | |||
| 1215 | snprintf(compound, len, "%s=%s", name, value); | 1226 | snprintf(compound, len, "%s=%s", name, value); |
| 1216 | ret = pam_putenv(sshpam_handle, compound); | 1227 | ret = pam_putenv(sshpam_handle, compound); |
| 1217 | free(compound); | 1228 | free(compound); |
| 1218 | #endif | ||
| 1219 | 1229 | ||
| 1220 | return (ret); | 1230 | return (ret); |
| 1221 | } | 1231 | } |