From 99203ec48b030f121511cd785acaf9f47760ad72 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 26 Mar 2007 09:35:28 -0700 Subject: 20070326 - (tim) [auth.c configure.ac defines.h session.c openbsd-compat/port-uw.c openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] Rework libiaf test/defines to account for IRIX having libiaf but not set_id(). Patch with & ok dtucker@ --- session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'session.c') diff --git a/session.c b/session.c index 4c97c4a7d..32e592adb 100644 --- a/session.c +++ b/session.c @@ -1361,11 +1361,11 @@ do_setusercontext(struct passwd *pw) # ifdef _AIX aix_usrinfo(pw); # endif /* _AIX */ -#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF) +#ifdef USE_LIBIAF if (set_id(pw->pw_name) != 0) { exit(1); } -#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */ +#endif /* USE_LIBIAF */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif -- cgit v1.2.3 From 2d9636471bb75c10342dbabcc2f6a0b2e60cca01 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 13 Aug 2007 23:11:56 +1000 Subject: - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always called with PAM_ESTABLISH_CRED at least once, which resolves a problem with pam_dhkeys. Patch from David Leonard, ok djm@ --- ChangeLog | 7 ++++++- session.c | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index 5314b2836..8a602213a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20070813 + - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is always + called with PAM_ESTABLISH_CRED at least once, which resolves a problem + with pam_dhkeys. Patch from David Leonard, ok djm@ + 20070810 - (dtucker) [auth-pam.c] Use sigdie here too. ok djm@ - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From @@ -3147,4 +3152,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4724 2007/08/10 04:36:12 dtucker Exp $ +$Id: ChangeLog,v 1.4725 2007/08/13 13:11:56 dtucker Exp $ diff --git a/session.c b/session.c index 32e592adb..8c09c17cd 100644 --- a/session.c +++ b/session.c @@ -1310,7 +1310,7 @@ do_setusercontext(struct passwd *pw) # ifdef USE_PAM if (options.use_pam) { do_pam_session(); - do_pam_setcred(0); + do_pam_setcred(use_privsep); } # endif /* USE_PAM */ if (setusercontext(lc, pw, pw->pw_uid, @@ -1352,7 +1352,7 @@ do_setusercontext(struct passwd *pw) */ if (options.use_pam) { do_pam_session(); - do_pam_setcred(0); + do_pam_setcred(use_privsep); } # endif /* USE_PAM */ # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) -- cgit v1.2.3 From 9142e1c66d64bcca850b51cc445fe37920266c48 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 16 Aug 2007 23:28:04 +1000 Subject: - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated connections too. Based on a patch from Sandro Wefel, with & ok djm@ --- ChangeLog | 6 +++++- session.c | 20 ++++++++++++-------- 2 files changed, 17 insertions(+), 9 deletions(-) (limited to 'session.c') diff --git a/ChangeLog b/ChangeLog index 56ecc2931..c56c6bd3f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20070816 + - (dtucker) [session.c] Call PAM cleanup functions for unauthenticated + connections too. Based on a patch from Sandro Wefel, with & ok djm@ + 20070815 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2007/08/15 08:14:46 @@ -3169,4 +3173,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4730 2007/08/15 12:20:22 dtucker Exp $ +$Id: ChangeLog,v 1.4731 2007/08/16 13:28:04 dtucker Exp $ diff --git a/session.c b/session.c index 8c09c17cd..9a606ef8f 100644 --- a/session.c +++ b/session.c @@ -2478,8 +2478,19 @@ do_cleanup(Authctxt *authctxt) return; called = 1; - if (authctxt == NULL || !authctxt->authenticated) + if (authctxt == NULL) return; + +#ifdef USE_PAM + if (options.use_pam) { + sshpam_cleanup(); + sshpam_thread_cleanup(); + } +#endif + + if (!authctxt->authenticated) + return; + #ifdef KRB5 if (options.kerberos_ticket_cleanup && authctxt->krb5_ctx) @@ -2491,13 +2502,6 @@ do_cleanup(Authctxt *authctxt) ssh_gssapi_cleanup_creds(); #endif -#ifdef USE_PAM - if (options.use_pam) { - sshpam_cleanup(); - sshpam_thread_cleanup(); - } -#endif - /* remove agent socket */ auth_sock_cleanup_proc(authctxt->pw); -- cgit v1.2.3