diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 39 |
1 files changed, 24 insertions, 15 deletions
@@ -18,7 +18,7 @@ agent connections. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: sshd.c,v 1.18 1999/11/15 04:25:10 damien Exp $"); | 21 | RCSID("$Id: sshd.c,v 1.19 1999/11/15 04:40:55 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "rsa.h" | 24 | #include "rsa.h" |
@@ -133,8 +133,8 @@ void do_child(const char *command, struct passwd *pw, const char *term, | |||
133 | #ifdef HAVE_LIBPAM | 133 | #ifdef HAVE_LIBPAM |
134 | static int pamconv(int num_msg, const struct pam_message **msg, | 134 | static int pamconv(int num_msg, const struct pam_message **msg, |
135 | struct pam_response **resp, void *appdata_ptr); | 135 | struct pam_response **resp, void *appdata_ptr); |
136 | void do_pam_account_and_session(const char *username, | 136 | void do_pam_account_and_session(char *username, char *remote_user, |
137 | const char *remote_user, const char *remote_host); | 137 | const char *remote_host); |
138 | void pam_cleanup_proc(void *context); | 138 | void pam_cleanup_proc(void *context); |
139 | 139 | ||
140 | static struct pam_conv conv = { | 140 | static struct pam_conv conv = { |
@@ -230,7 +230,8 @@ void pam_cleanup_proc(void *context) | |||
230 | } | 230 | } |
231 | } | 231 | } |
232 | 232 | ||
233 | void do_pam_account_and_session(const char *username, const char *remote_user, const char *remote_host) | 233 | void do_pam_account_and_session(char *username, char *remote_user, |
234 | const char *remote_host) | ||
234 | { | 235 | { |
235 | int pam_retval; | 236 | int pam_retval; |
236 | 237 | ||
@@ -1201,12 +1202,17 @@ do_authentication(char *user) | |||
1201 | pw = &pwcopy; | 1202 | pw = &pwcopy; |
1202 | 1203 | ||
1203 | #ifdef HAVE_LIBPAM | 1204 | #ifdef HAVE_LIBPAM |
1204 | debug("Starting up PAM with username \"%.200s\"", pw->pw_name); | 1205 | { |
1206 | int pam_retval; | ||
1207 | |||
1208 | debug("Starting up PAM with username \"%.200s\"", pw->pw_name); | ||
1205 | 1209 | ||
1206 | if (pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh) != PAM_SUCCESS) | 1210 | pam_retval = pam_start("sshd", pw->pw_name, &conv, (pam_handle_t**)&pamh); |
1207 | fatal("PAM initialisation failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval)); | 1211 | if (pam_retval != PAM_SUCCESS) |
1212 | fatal("PAM initialisation failed: %.200s", pam_strerror((pam_handle_t *)pamh, pam_retval)); | ||
1208 | 1213 | ||
1209 | fatal_add_cleanup(&pam_cleanup_proc, NULL); | 1214 | fatal_add_cleanup(&pam_cleanup_proc, NULL); |
1215 | } | ||
1210 | #endif | 1216 | #endif |
1211 | 1217 | ||
1212 | /* If we are not running as root, the user must have the same uid as the | 1218 | /* If we are not running as root, the user must have the same uid as the |
@@ -1263,8 +1269,11 @@ do_authloop(struct passwd *pw) | |||
1263 | unsigned int client_host_key_bits; | 1269 | unsigned int client_host_key_bits; |
1264 | BIGNUM *client_host_key_e, *client_host_key_n; | 1270 | BIGNUM *client_host_key_e, *client_host_key_n; |
1265 | BIGNUM *n; | 1271 | BIGNUM *n; |
1266 | char *client_user, *password; | 1272 | char *client_user = NULL, *password = NULL; |
1267 | int plen, dlen, nlen, ulen, elen; | 1273 | int plen, dlen, nlen, ulen, elen; |
1274 | #ifdef HAVE_LIBPAM | ||
1275 | int pam_retval; | ||
1276 | #endif /* HAVE_LIBPAM */ | ||
1268 | 1277 | ||
1269 | /* Indicate that authentication is needed. */ | 1278 | /* Indicate that authentication is needed. */ |
1270 | packet_start(SSH_SMSG_FAILURE); | 1279 | packet_start(SSH_SMSG_FAILURE); |
@@ -1435,18 +1444,18 @@ do_authloop(struct passwd *pw) | |||
1435 | packet_integrity_check(plen, 4 + dlen, type); | 1444 | packet_integrity_check(plen, 4 + dlen, type); |
1436 | 1445 | ||
1437 | #ifdef HAVE_LIBPAM | 1446 | #ifdef HAVE_LIBPAM |
1438 | /* Do PAM auth with password */ | 1447 | /* Do PAM auth with password */ |
1439 | pampasswd = password; | 1448 | pampasswd = password; |
1440 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); | 1449 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); |
1441 | if (pam_retval == PAM_SUCCESS) | 1450 | if (pam_retval == PAM_SUCCESS) |
1442 | { | 1451 | { |
1443 | log("PAM Password authentication accepted for user \"%.100s\"", user); | 1452 | log("PAM Password authentication accepted for user \"%.100s\"", pw->pw_name); |
1444 | authenticated = 1; | 1453 | authenticated = 1; |
1445 | break; | 1454 | break; |
1446 | } | 1455 | } |
1447 | 1456 | ||
1448 | log("PAM Password authentication for \"%.100s\" failed: %s", | 1457 | log("PAM Password authentication for \"%.100s\" failed: %s", |
1449 | user, pam_strerror((pam_handle_t *)pamh, pam_retval)); | 1458 | pw->pw_name, pam_strerror((pam_handle_t *)pamh, pam_retval)); |
1450 | break; | 1459 | break; |
1451 | #else /* HAVE_LIBPAM */ | 1460 | #else /* HAVE_LIBPAM */ |
1452 | /* Try authentication with the password. */ | 1461 | /* Try authentication with the password. */ |