Bugzilla – Attachment 247 Details for
Bug 83
PAM limits applied incorrectly (pam_session being called as non-root)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Call pam_session after child fork()
pam-session-later.diff (text/plain), 1.51 KB, created by
Damien Miller
on 2003-03-10 15:49:32 AEDT
(
hide
)
Description:
Call pam_session after child fork()
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2003-03-10 15:49:32 AEDT
Size:
1.51 KB
patch
obsolete
>? autom4te-2.53.cache >Index: session.c >=================================================================== >RCS file: /var/cvs/openssh/session.c,v >retrieving revision 1.231 >diff -u -r1.231 session.c >--- session.c 10 Mar 2003 00:21:18 -0000 1.231 >+++ session.c 10 Mar 2003 04:48:16 -0000 >@@ -455,14 +455,6 @@ > > session_proctitle(s); > >-#if defined(USE_PAM) >- do_pam_session(s->pw->pw_name, NULL); >- do_pam_setcred(1); >- if (is_pam_password_change_required()) >- packet_disconnect("Password change required but no " >- "TTY available"); >-#endif /* USE_PAM */ >- > /* Fork the child. */ > if ((pid = fork()) == 0) { > fatal_remove_all_cleanups(); >@@ -514,6 +506,14 @@ > perror("dup2 stderr"); > #endif /* USE_PIPES */ > >+#if defined(USE_PAM) >+ do_pam_session(s->pw->pw_name, NULL); >+ do_pam_setcred(1); >+ if (is_pam_password_change_required()) >+ packet_disconnect("Password change required but no " >+ "TTY available"); >+#endif /* USE_PAM */ >+ > #ifdef _UNICOS > cray_init_job(s->pw); /* set up cray jid and tmpdir */ > #endif >@@ -582,11 +582,6 @@ > ptyfd = s->ptyfd; > ttyfd = s->ttyfd; > >-#if defined(USE_PAM) >- do_pam_session(s->pw->pw_name, s->tty); >- do_pam_setcred(1); >-#endif >- > /* Fork the child. */ > if ((pid = fork()) == 0) { > fatal_remove_all_cleanups(); >@@ -609,6 +604,11 @@ > > /* Close the extra descriptor for the pseudo tty. */ > close(ttyfd); >+ >+#if defined(USE_PAM) >+ do_pam_session(s->pw->pw_name, s->tty); >+ do_pam_setcred(1); >+#endif > > /* record login, etc. similar to login(1) */ > #ifndef HAVE_OSF_SIA
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 83
: 247 |
263