summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c49
1 files changed, 29 insertions, 20 deletions
diff --git a/sshd.c b/sshd.c
index 0c15e2837..2ff8f45b4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$Id: sshd.c,v 1.35 1999/12/07 04:38:32 damien Exp $"); 14RCSID("$Id: sshd.c,v 1.36 1999/12/08 23:16:55 damien Exp $");
15 15
16#include "xmalloc.h" 16#include "xmalloc.h"
17#include "rsa.h" 17#include "rsa.h"
@@ -138,7 +138,8 @@ void do_child(const char *command, struct passwd * pw, const char *term,
138#ifdef HAVE_LIBPAM 138#ifdef HAVE_LIBPAM
139static int pamconv(int num_msg, const struct pam_message **msg, 139static int pamconv(int num_msg, const struct pam_message **msg,
140 struct pam_response **resp, void *appdata_ptr); 140 struct pam_response **resp, void *appdata_ptr);
141void do_pam_account_and_session(char *username, char *remote_user); 141void do_pam_account(char *username, char *remote_user);
142void do_pam_session(char *username, char *ttyname);
142void pam_cleanup_proc(void *context); 143void pam_cleanup_proc(void *context);
143 144
144static struct pam_conv conv = { 145static struct pam_conv conv = {
@@ -228,7 +229,7 @@ void pam_cleanup_proc(void *context)
228 } 229 }
229} 230}
230 231
231void do_pam_account_and_session(char *username, char *remote_user) 232void do_pam_account(char *username, char *remote_user)
232{ 233{
233 int pam_retval; 234 int pam_retval;
234 235
@@ -254,12 +255,22 @@ void do_pam_account_and_session(char *username, char *remote_user)
254 log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 255 log("PAM rejected by account configuration: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
255 do_fake_authloop(username); 256 do_fake_authloop(username);
256 } 257 }
258}
257 259
258 pam_retval = pam_open_session((pam_handle_t *)pamh, 0); 260void do_pam_session(char *username, char *ttyname)
259 if (pam_retval != PAM_SUCCESS) { 261{
260 log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 262 int pam_retval;
261 do_fake_authloop(username); 263
264 if (ttyname != NULL) {
265 debug("PAM setting tty to \"%.200s\"", ttyname);
266 pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, ttyname);
267 if (pam_retval != PAM_SUCCESS)
268 fatal("PAM set tty failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
262 } 269 }
270
271 pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
272 if (pam_retval != PAM_SUCCESS)
273 fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
263} 274}
264#endif /* HAVE_LIBPAM */ 275#endif /* HAVE_LIBPAM */
265 276
@@ -1476,12 +1487,16 @@ do_authloop(struct passwd * pw)
1476 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); 1487 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
1477 if (pam_retval == PAM_SUCCESS) { 1488 if (pam_retval == PAM_SUCCESS) {
1478 log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); 1489 log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name);
1490 memset(password, 0, strlen(password));
1491 xfree(password);
1479 authenticated = 1; 1492 authenticated = 1;
1480 break; 1493 break;
1481 } 1494 }
1482 1495
1483 log("PAM Password authentication for \"%.100s\" failed: %s", 1496 log("PAM Password authentication for \"%.100s\" failed: %s",
1484 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 1497 pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
1498 memset(password, 0, strlen(password));
1499 xfree(password);
1485 break; 1500 break;
1486#else /* HAVE_LIBPAM */ 1501#else /* HAVE_LIBPAM */
1487 /* Try authentication with the password. */ 1502 /* Try authentication with the password. */
@@ -1561,30 +1576,18 @@ do_authloop(struct passwd * pw)
1561 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); 1576 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
1562#else /* HAVE_LIBPAM */ 1577#else /* HAVE_LIBPAM */
1563 if (authenticated) { 1578 if (authenticated) {
1564 do_pam_account_and_session(pw->pw_name, client_user); 1579 do_pam_account(pw->pw_name, client_user);
1565 1580
1566 /* Clean up */
1567 if (client_user != NULL) 1581 if (client_user != NULL)
1568 xfree(client_user); 1582 xfree(client_user);
1569 1583
1570 if (password != NULL) {
1571 memset(password, 0, strlen(password));
1572 xfree(password);
1573 }
1574
1575 return; 1584 return;
1576 } 1585 }
1577 1586
1578 if (attempt > AUTH_FAIL_MAX) { 1587 if (attempt > AUTH_FAIL_MAX) {
1579 /* Clean up */
1580 if (client_user != NULL) 1588 if (client_user != NULL)
1581 xfree(client_user); 1589 xfree(client_user);
1582 1590
1583 if (password != NULL) {
1584 memset(password, 0, strlen(password));
1585 xfree(password);
1586 }
1587
1588 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); 1591 packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
1589 } 1592 }
1590#endif /* HAVE_LIBPAM */ 1593#endif /* HAVE_LIBPAM */
@@ -1785,6 +1788,12 @@ do_authenticated(struct passwd * pw)
1785 1788
1786 /* Indicate that we now have a pty. */ 1789 /* Indicate that we now have a pty. */
1787 have_pty = 1; 1790 have_pty = 1;
1791
1792#ifdef HAVE_LIBPAM
1793 /* do the pam_open_session since we have the pty */
1794 do_pam_session(pw->pw_name,ttyname);
1795#endif /* HAVE_LIBPAM */
1796
1788 break; 1797 break;
1789 1798
1790 case SSH_CMSG_X11_REQUEST_FORWARDING: 1799 case SSH_CMSG_X11_REQUEST_FORWARDING: