From 25d9342f04249e3af01058bb9ba2a539f928bab0 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 18 May 2003 20:45:47 +1000
Subject:  - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in 
   recent merge

---
 ChangeLog  |  6 +++++-
 auth-pam.c | 24 +++++++++++++++++++++---
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8253cc873..6046e1fec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20030517
+ - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in 
+   recent merge
+
 20030517
  - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD)
 
@@ -1552,4 +1556,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2731 2003/05/18 01:22:43 mouring Exp $
+$Id: ChangeLog,v 1.2732 2003/05/18 10:45:47 djm Exp $
diff --git a/auth-pam.c b/auth-pam.c
index dc4116175..0dcdb651d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -29,8 +29,9 @@
  * SUCH DAMAGE.
  */
 
+/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
 #include "includes.h"
-RCSID("$FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $");
+RCSID("$Id: auth-pam.c,v 1.62 2003/05/18 10:45:48 djm Exp $");
 
 #ifdef USE_PAM
 #include <security/pam_appl.h>
@@ -293,17 +294,34 @@ sshpam_init(const char *user)
 	}
 	debug("PAM: initializing for \"%s\"", user);
 	sshpam_err = pam_start("sshd", user, &null_conv, &sshpam_handle);
-	if (sshpam_err != PAM_SUCCESS)
+	if (sshpam_err != PAM_SUCCESS) {
+		pam_end(sshpam_handle, sshpam_err);
+		sshpam_handle = NULL;
 		return (-1);
+	}
+	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
 	pam_rhost = get_remote_name_or_ip(utmp_len,
 	    options.verify_reverse_mapping);
-	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
 	sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
+	if (sshpam_err != PAM_SUCCESS) {
+	pam_end(sshpam_handle, sshpam_err);
+		sshpam_handle = NULL;
+		return (-1);
+	}
+#ifdef PAM_TTY_KLUDGE
+        /*
+         * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
+         * sshd doesn't set the tty until too late in the auth process and 
+	 * may not even set one (for tty-less connections)
+         */
+	debug("PAM: setting PAM_TTY to \"ssh\"");
+	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh");
 	if (sshpam_err != PAM_SUCCESS) {
 		pam_end(sshpam_handle, sshpam_err);
 		sshpam_handle = NULL;
 		return (-1);
 	}
+#endif
 	fatal_add_cleanup(sshpam_cleanup, NULL);
 	return (0);
 }
-- 
cgit v1.2.3