summaryrefslogtreecommitdiff
path: root/auth-pam.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-pam.c')
-rw-r--r--auth-pam.c25
1 files changed, 15 insertions, 10 deletions
diff --git a/auth-pam.c b/auth-pam.c
index d3186372e..36dbb7e15 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,7 +31,7 @@
31 31
32/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ 32/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
33#include "includes.h" 33#include "includes.h"
34RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $"); 34RCSID("$Id: auth-pam.c,v 1.100 2004/04/18 01:00:26 dtucker Exp $");
35 35
36#ifdef USE_PAM 36#ifdef USE_PAM
37#if defined(HAVE_SECURITY_PAM_APPL_H) 37#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -58,6 +58,7 @@ RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $");
58extern ServerOptions options; 58extern ServerOptions options;
59extern Buffer loginmsg; 59extern Buffer loginmsg;
60extern int compat20; 60extern int compat20;
61extern u_int utmp_len;
61 62
62#ifdef USE_POSIX_THREADS 63#ifdef USE_POSIX_THREADS
63#include <pthread.h> 64#include <pthread.h>
@@ -160,7 +161,7 @@ static int sshpam_session_open = 0;
160static int sshpam_cred_established = 0; 161static int sshpam_cred_established = 0;
161static int sshpam_account_status = -1; 162static int sshpam_account_status = -1;
162static char **sshpam_env = NULL; 163static char **sshpam_env = NULL;
163static Authctxt *the_authctxt = NULL; 164static Authctxt *sshpam_authctxt = NULL;
164 165
165/* Some PAM implementations don't implement this */ 166/* Some PAM implementations don't implement this */
166#ifndef HAVE_PAM_GETENVLIST 167#ifndef HAVE_PAM_GETENVLIST
@@ -180,9 +181,9 @@ void
180pam_password_change_required(int reqd) 181pam_password_change_required(int reqd)
181{ 182{
182 debug3("%s %d", __func__, reqd); 183 debug3("%s %d", __func__, reqd);
183 if (the_authctxt == NULL) 184 if (sshpam_authctxt == NULL)
184 fatal("%s: PAM authctxt not initialized", __func__); 185 fatal("%s: PAM authctxt not initialized", __func__);
185 the_authctxt->force_pwchange = reqd; 186 sshpam_authctxt->force_pwchange = reqd;
186 if (reqd) { 187 if (reqd) {
187 no_port_forwarding_flag |= 2; 188 no_port_forwarding_flag |= 2;
188 no_agent_forwarding_flag |= 2; 189 no_agent_forwarding_flag |= 2;
@@ -204,6 +205,7 @@ import_environments(Buffer *b)
204 205
205 debug3("PAM: %s entering", __func__); 206 debug3("PAM: %s entering", __func__);
206 207
208#ifndef USE_POSIX_THREADS
207 /* Import variables set by do_pam_account */ 209 /* Import variables set by do_pam_account */
208 sshpam_account_status = buffer_get_int(b); 210 sshpam_account_status = buffer_get_int(b);
209 pam_password_change_required(buffer_get_int(b)); 211 pam_password_change_required(buffer_get_int(b));
@@ -231,6 +233,7 @@ import_environments(Buffer *b)
231 } 233 }
232#endif 234#endif
233 } 235 }
236#endif
234} 237}
235 238
236/* 239/*
@@ -339,7 +342,7 @@ sshpam_thread(void *ctxtp)
339 sshpam_conv.conv = sshpam_thread_conv; 342 sshpam_conv.conv = sshpam_thread_conv;
340 sshpam_conv.appdata_ptr = ctxt; 343 sshpam_conv.appdata_ptr = ctxt;
341 344
342 if (the_authctxt == NULL) 345 if (sshpam_authctxt == NULL)
343 fatal("%s: PAM authctxt not initialized", __func__); 346 fatal("%s: PAM authctxt not initialized", __func__);
344 347
345 buffer_init(&buffer); 348 buffer_init(&buffer);
@@ -354,7 +357,7 @@ sshpam_thread(void *ctxtp)
354 if (compat20) { 357 if (compat20) {
355 if (!do_pam_account()) 358 if (!do_pam_account())
356 goto auth_fail; 359 goto auth_fail;
357 if (the_authctxt->force_pwchange) { 360 if (sshpam_authctxt->force_pwchange) {
358 sshpam_err = pam_chauthtok(sshpam_handle, 361 sshpam_err = pam_chauthtok(sshpam_handle,
359 PAM_CHANGE_EXPIRED_AUTHTOK); 362 PAM_CHANGE_EXPIRED_AUTHTOK);
360 if (sshpam_err != PAM_SUCCESS) 363 if (sshpam_err != PAM_SUCCESS)
@@ -368,7 +371,7 @@ sshpam_thread(void *ctxtp)
368#ifndef USE_POSIX_THREADS 371#ifndef USE_POSIX_THREADS
369 /* Export variables set by do_pam_account */ 372 /* Export variables set by do_pam_account */
370 buffer_put_int(&buffer, sshpam_account_status); 373 buffer_put_int(&buffer, sshpam_account_status);
371 buffer_put_int(&buffer, the_authctxt->force_pwchange); 374 buffer_put_int(&buffer, sshpam_authctxt->force_pwchange);
372 375
373 /* Export any environment strings set in child */ 376 /* Export any environment strings set in child */
374 for(i = 0; environ[i] != NULL; i++) 377 for(i = 0; environ[i] != NULL; i++)
@@ -451,7 +454,6 @@ sshpam_cleanup(void)
451static int 454static int
452sshpam_init(Authctxt *authctxt) 455sshpam_init(Authctxt *authctxt)
453{ 456{
454 extern u_int utmp_len;
455 extern char *__progname; 457 extern char *__progname;
456 const char *pam_rhost, *pam_user, *user = authctxt->user; 458 const char *pam_rhost, *pam_user, *user = authctxt->user;
457 459
@@ -467,7 +469,7 @@ sshpam_init(Authctxt *authctxt)
467 debug("PAM: initializing for \"%s\"", user); 469 debug("PAM: initializing for \"%s\"", user);
468 sshpam_err = 470 sshpam_err =
469 pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); 471 pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle);
470 the_authctxt = authctxt; 472 sshpam_authctxt = authctxt;
471 473
472 if (sshpam_err != PAM_SUCCESS) { 474 if (sshpam_err != PAM_SUCCESS) {
473 pam_end(sshpam_handle, sshpam_err); 475 pam_end(sshpam_handle, sshpam_err);
@@ -597,7 +599,10 @@ sshpam_query(void *ctx, char **name, char **info,
597 xfree(msg); 599 xfree(msg);
598 return (0); 600 return (0);
599 } 601 }
600 error("PAM: %s", msg); 602 error("PAM: %s for %s%.100s from %.100s", msg,
603 sshpam_authctxt->valid ? "" : "illegal user ",
604 sshpam_authctxt->user,
605 get_remote_name_or_ip(utmp_len, options.use_dns));
601 /* FALLTHROUGH */ 606 /* FALLTHROUGH */
602 default: 607 default:
603 *num = 0; 608 *num = 0;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 12:19:48 +0000