From dbf7a74ee569a9544276db42eb7aee1141072a24 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 8 Mar 2004 23:04:06 +1100 Subject: - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized even if keyboard-interactive is not used by the client. Prevents segfaults in some cases where the user's password is expired (note this is not considered a security exposure). ok djm@ --- monitor_wrap.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'monitor_wrap.c') diff --git a/monitor_wrap.c b/monitor_wrap.c index e7c15cecd..b1b1c3a61 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -686,7 +686,7 @@ mm_session_pty_cleanup2(Session *s) #ifdef USE_PAM void -mm_start_pam(char *user) +mm_start_pam(Authctxt *authctxt) { Buffer m; @@ -695,8 +695,6 @@ mm_start_pam(char *user) fatal("UsePAM=no, but ended up in %s anyway", __func__); buffer_init(&m); - buffer_put_cstring(&m, user); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); buffer_free(&m); -- cgit v1.2.3 From a8104b5c92a44774208e6d8b979d583975ba67d4 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Wed, 7 Apr 2004 04:16:11 +0000 Subject: - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) are starting to restrict it as internal since it is not needed by developers any more. (Patch based on Apple tree) - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since krb5 on MacOS/X conflicts. There may be a better solution, but this will work for now. --- ChangeLog | 9 ++++++++- acconfig.h | 5 ++++- auth-krb5.c | 2 ++ configure.ac | 3 ++- gss-serv-krb5.c | 2 ++ monitor.c | 3 ++- monitor_wrap.c | 3 ++- 7 files changed, 22 insertions(+), 5 deletions(-) (limited to 'monitor_wrap.c') diff --git a/ChangeLog b/ChangeLog index 47d19f53a..62c16684a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,13 @@ 20040407 - (dtucker) [session.c] Flush stdout after displaying loginmsg. From f_mohr at yahoo.de. + - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see + if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) + are starting to restrict it as internal since it is not needed by + developers any more. (Patch based on Apple tree) + - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since + krb5 on MacOS/X conflicts. There may be a better solution, but this will + work for now. 20040406 - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use @@ -940,4 +947,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3302 2004/04/06 22:04:09 dtucker Exp $ +$Id: ChangeLog,v 1.3303 2004/04/07 04:16:11 mouring Exp $ diff --git a/acconfig.h b/acconfig.h index a1f4556f8..7e788b826 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.174 2004/04/06 11:31:13 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.175 2004/04/07 04:16:11 mouring Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -202,6 +202,9 @@ /* Define if you don't want to use lastlog in session.c */ #undef NO_SSH_LASTLOG +/* Definite if have krb5_init_ets */ +#undef KRB5_INIT_ETS + /* Define if you don't want to use utmp */ #undef DISABLE_UTMP diff --git a/auth-krb5.c b/auth-krb5.c index 859492478..baa1a6317 100644 --- a/auth-krb5.c +++ b/auth-krb5.c @@ -54,7 +54,9 @@ krb5_init(void *context) problem = krb5_init_context(&authctxt->krb5_ctx); if (problem) return (problem); +#ifdef KRB5_INIT_ETS krb5_init_ets(authctxt->krb5_ctx); +#endif } return (0); } diff --git a/configure.ac b/configure.ac index a06452bd9..fa5021cfa 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.210 2004/04/06 11:41:51 dtucker Exp $ +# $Id: configure.ac,v 1.211 2004/04/07 04:16:11 mouring Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -2240,6 +2240,7 @@ AC_ARG_WITH(kerberos5, LIBS="$LIBS $K5LIBS" AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) + AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS)) ] ) diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index 8ba3e7182..4e3598ead 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c @@ -65,7 +65,9 @@ ssh_gssapi_krb5_init() logit("Cannot initialize krb5 context"); return 0; } +#ifdef KRB5_INIT_ETS krb5_init_ets(krb_context); +#endif return 1; } diff --git a/monitor.c b/monitor.c index 30f7258a0..d44f92d59 100644 --- a/monitor.c +++ b/monitor.c @@ -33,11 +33,12 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include #endif +#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ + #include "ssh.h" #include "auth.h" #include "kex.h" #include "dh.h" -#include "zlib.h" #include "packet.h" #include "auth-options.h" #include "sshpty.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index b1b1c3a61..9e0417bdc 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -30,6 +30,8 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include #include +#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ + #include "ssh.h" #include "dh.h" #include "kex.h" @@ -40,7 +42,6 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include "packet.h" #include "mac.h" #include "log.h" -#include "zlib.h" #include "monitor.h" #include "monitor_wrap.h" #include "xmalloc.h" -- cgit v1.2.3 From 1b9f2a6b44d09b21304c06e36c3cb4577937c0f9 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 8 Apr 2004 05:11:03 +0000 Subject: - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) --- ChangeLog | 4 +++- monitor.c | 4 ++-- monitor_wrap.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) (limited to 'monitor_wrap.c') diff --git a/ChangeLog b/ChangeLog index 66f00c590..7cb438324 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20040408 - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org. + - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers + back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) 20040407 - (dtucker) [session.c] Flush stdout after displaying loginmsg. From @@ -951,4 +953,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3304 2004/04/08 00:57:05 dtucker Exp $ +$Id: ChangeLog,v 1.3305 2004/04/08 05:11:03 mouring Exp $ diff --git a/monitor.c b/monitor.c index d44f92d59..70403f2dd 100644 --- a/monitor.c +++ b/monitor.c @@ -33,12 +33,12 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include #endif -#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ - #include "ssh.h" #include "auth.h" #include "kex.h" #include "dh.h" +#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#include "zlib.h" #include "packet.h" #include "auth-options.h" #include "sshpty.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index 9e0417bdc..fc506d267 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -30,8 +30,6 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include #include -#include "zlib.h" /* XXX Moved due to conflict on MacOS/X */ - #include "ssh.h" #include "dh.h" #include "kex.h" @@ -42,6 +40,8 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include "packet.h" #include "mac.h" #include "log.h" +#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#include "zlib.h" #include "monitor.h" #include "monitor_wrap.h" #include "xmalloc.h" -- cgit v1.2.3 From 036768e48c6039b0f784453cbc388078f72c8d53 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Thu, 8 Apr 2004 16:12:30 +0000 Subject: - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested limiting scope and dtucker@ agreed. --- ChangeLog | 4 +++- monitor.c | 7 ++++++- monitor_wrap.c | 7 ++++++- 3 files changed, 15 insertions(+), 3 deletions(-) (limited to 'monitor_wrap.c') diff --git a/ChangeLog b/ChangeLog index 86ca9c789..c497cf8f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and simplify loginrec.c. ok tim@ + - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested + limiting scope and dtucker@ agreed. 20040407 - (dtucker) [session.c] Flush stdout after displaying loginmsg. From @@ -955,4 +957,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3306 2004/04/08 06:16:06 dtucker Exp $ +$Id: ChangeLog,v 1.3307 2004/04/08 16:12:30 mouring Exp $ diff --git a/monitor.c b/monitor.c index 70403f2dd..37d40fcca 100644 --- a/monitor.c +++ b/monitor.c @@ -37,8 +37,13 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include "auth.h" #include "kex.h" #include "dh.h" -#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC #include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "packet.h" #include "auth-options.h" #include "sshpty.h" diff --git a/monitor_wrap.c b/monitor_wrap.c index fc506d267..ee2dc2027 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c @@ -40,8 +40,13 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include "packet.h" #include "mac.h" #include "log.h" -#undef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC #include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "monitor.h" #include "monitor_wrap.h" #include "xmalloc.h" -- cgit v1.2.3