Bugzilla – Attachment 1307 Details for
Bug 1322
pam_end() is not called if authentication fails, which breaks pam-abl
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Changeset that introduced the change in question.
openssh-changeset-5174.patch (text/plain), 3.11 KB, created by
Darren Tucker
on 2007-06-18 09:57:50 AEST
(
hide
)
Description:
Changeset that introduced the change in question.
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2007-06-18 09:57:50 AEST
Size:
3.11 KB
patch
obsolete
>--------------------- >PatchSet 5174 >Date: 2006/08/19 00:32:46 >Author: djm >Branch: HEAD >Tag: (none) >Log: > - markus@cvs.openbsd.org 2006/08/18 09:15:20 > [auth.h session.c sshd.c] > delay authentication related cleanups until we're authenticated and > all alarms have been cancelled; ok deraadt > >Members: > ChangeLog:1.4491->1.4492 > auth.h:1.75->1.76 > session.c:1.345->1.346 > sshd.c:1.353->1.354 > >Index: openssh/ChangeLog >diff -u openssh/ChangeLog:1.4491 openssh/ChangeLog:1.4492 >--- openssh/ChangeLog:1.4491 Sat Aug 19 00:32:20 2006 >+++ openssh/ChangeLog Sat Aug 19 00:32:46 2006 >@@ -26,6 +26,10 @@ > [log.c log.h sshd.c] > make signal handler termination path shorter; risky code pointed out by > mark dowd; ok djm markus >+ - markus@cvs.openbsd.org 2006/08/18 09:15:20 >+ [auth.h session.c sshd.c] >+ delay authentication related cleanups until we're authenticated and >+ all alarms have been cancelled; ok deraadt > > 20060817 > - (dtucker) [openbsd-compat/fake-rfc2553.c openbsd-compat/setproctitle.c] >@@ -5247,4 +5251,4 @@ > - (djm) Trim deprecated options from INSTALL. Mention UsePAM > - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu > >-$Id: ChangeLog,v 1.4491 2006/08/18 14:32:20 djm Exp $ >+$Id: ChangeLog,v 1.4492 2006/08/18 14:32:46 djm Exp $ >Index: openssh/auth.h >diff -u openssh/auth.h:1.75 openssh/auth.h:1.76 >--- openssh/auth.h:1.75 Sat Aug 5 12:39:39 2006 >+++ openssh/auth.h Sat Aug 19 00:32:46 2006 >@@ -1,4 +1,4 @@ >-/* $OpenBSD: auth.h,v 1.57 2006/08/03 03:34:41 deraadt Exp $ */ >+/* $OpenBSD: auth.h,v 1.58 2006/08/18 09:15:20 markus Exp $ */ > > /* > * Copyright (c) 2000 Markus Friedl. All rights reserved. >@@ -48,6 +48,7 @@ > > struct Authctxt { > sig_atomic_t success; >+ int authenticated; /* authenticated and alarms cancelled */ > int postponed; /* authentication needs another step */ > int valid; /* user exists and is allowed to login */ > int attempt; >Index: openssh/session.c >diff -u openssh/session.c:1.345 openssh/session.c:1.346 >--- openssh/session.c:1.345 Sat Aug 5 12:40:11 2006 >+++ openssh/session.c Sat Aug 19 00:32:46 2006 >@@ -1,4 +1,4 @@ >-/* $OpenBSD: session.c,v 1.217 2006/08/04 20:46:05 stevesk Exp $ */ >+/* $OpenBSD: session.c,v 1.218 2006/08/18 09:15:20 markus Exp $ */ > /* > * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland > * All rights reserved >@@ -2476,7 +2476,7 @@ > return; > called = 1; > >- if (authctxt == NULL) >+ if (authctxt == NULL || !authctxt->authenticated) > return; > #ifdef KRB5 > if (options.kerberos_ticket_cleanup && >Index: openssh/sshd.c >diff -u openssh/sshd.c:1.353 openssh/sshd.c:1.354 >--- openssh/sshd.c:1.353 Sat Aug 19 00:32:21 2006 >+++ openssh/sshd.c Sat Aug 19 00:32:46 2006 >@@ -1,4 +1,4 @@ >-/* $OpenBSD: sshd.c,v 1.346 2006/08/18 09:13:26 deraadt Exp $ */ >+/* $OpenBSD: sshd.c,v 1.347 2006/08/18 09:15:20 markus Exp $ */ > /* > * Author: Tatu Ylonen <ylo@cs.hut.fi> > * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland >@@ -1800,6 +1800,7 @@ > */ > alarm(0); > signal(SIGALRM, SIG_DFL); >+ authctxt->authenticated = 1; > if (startup_pipe != -1) { > close(startup_pipe); > startup_pipe = -1;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1307">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1322
:
1307
|
1308
|
1325
|
1339
|
1342