Attachment #2711 for bug #2102

Lines 620-626 sshpam_cleanup(void) Link Here

(-)a/auth-pam.c (-2 / +1 lines)
620	static int	620	static int
621	sshpam_init(Authctxt *authctxt)	621	sshpam_init(Authctxt *authctxt)
622	{	622	{
623	extern char *__progname;
624	const char pam_rhost, pam_user, *user = authctxt->user;	623	const char pam_rhost, pam_user, *user = authctxt->user;
625	const char **ptr_pam_user = &pam_user;	624	const char **ptr_pam_user = &pam_user;
626		625
Lines 635-641 sshpam_init(Authctxt *authctxt) Link Here
635	}	634	}
636	debug("PAM: initializing for \"%s\"", user);	635	debug("PAM: initializing for \"%s\"", user);
637	sshpam_err =	636	sshpam_err =
638	pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);	637	pam_start(options.pam_service_name, user, &store_conv, &sshpam_handle);
639	sshpam_authctxt = authctxt;	638	sshpam_authctxt = authctxt;
640		639
641	if (sshpam_err != PAM_SUCCESS) {	640	if (sshpam_err != PAM_SUCCESS) {

Lines 27-36 Link Here

(-)a/auth-pam.h (-4 lines)
27	#include "includes.h"	27	#include "includes.h"
28	#ifdef USE_PAM	28	#ifdef USE_PAM
29		29
30	#if !defined(SSHD_PAM_SERVICE)
31	# define SSHD_PAM_SERVICE __progname
32	#endif
33
34	void start_pam(Authctxt *);	30	void start_pam(Authctxt *);
35	void finish_pam(void);	31	void finish_pam(void);
36	u_int do_pam_account(void);	32	u_int do_pam_account(void);

Lines 74-79 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (-1 / +22 lines)
74		74
75	/* Portable-specific options */	75	/* Portable-specific options */
76	options->use_pam = -1;	76	options->use_pam = -1;
		77	options->pam_service_name = NULL;
77		78
78	/* Standard Options */	79	/* Standard Options */
79	options->num_ports = 0;	80	options->num_ports = 0;
Lines 186-191 fill_default_server_options(ServerOptions *options) Link Here
186	/* Portable-specific options */	187	/* Portable-specific options */
187	if (options->use_pam == -1)	188	if (options->use_pam == -1)
188	options->use_pam = 0;	189	options->use_pam = 0;
		190	if (options->pam_service_name == NULL) {
		191	extern char *__progname;
		192	options->pam_service_name = xstrdup(__progname);
		193	}
189		194
190	/* Standard Options */	195	/* Standard Options */
191	if (options->protocol == SSH_PROTO_UNKNOWN)	196	if (options->protocol == SSH_PROTO_UNKNOWN)
Lines 389-395 fill_default_server_options(ServerOptions *options) Link Here
389	typedef enum {	394	typedef enum {
390	sBadOption, /* == unknown option */	395	sBadOption, /* == unknown option */
391	/* Portable-specific options */	396	/* Portable-specific options */
392	sUsePAM,	397	sUsePAM, sPAMServiceName,
393	/* Standard Options */	398	/* Standard Options */
394	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime,	399	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime,
395	sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel,	400	sKeyRegenerationTime, sPermitRootLogin, sLogFacility, sLogLevel,
Lines 439-446 static struct { Link Here
439	/* Portable-specific options */	444	/* Portable-specific options */
440	#ifdef USE_PAM	445	#ifdef USE_PAM
441	{ "usepam", sUsePAM, SSHCFG_GLOBAL },	446	{ "usepam", sUsePAM, SSHCFG_GLOBAL },
		447	{ "pamservicename", sPAMServiceName, SSHCFG_ALL },
442	#else	448	#else
443	{ "usepam", sUnsupported, SSHCFG_GLOBAL },	449	{ "usepam", sUnsupported, SSHCFG_GLOBAL },
		450	{ "pamservicename", sUnsupported, SSHCFG_ALL },
444	#endif	451	#endif
445	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },	452	{ "pamauthenticationviakbdint", sDeprecated, SSHCFG_GLOBAL },
446	/* Standard Options */	453	/* Standard Options */
Lines 1000-1005 process_server_config_line(ServerOptions options, char line, Link Here
1000	intptr = &options->use_pam;	1007	intptr = &options->use_pam;
1001	goto parse_flag;	1008	goto parse_flag;
1002		1009
		1010	case sPAMServiceName:
		1011	arg = strdelim(&cp);
		1012	if (!arg \|\| *arg == '\0')
		1013	fatal("%s line %d: Missing Pam Service Name",
		1014	filename, linenum);
		1015	if (*activep) {
		1016	if(options->pam_service_name != NULL)
		1017	free(options->pam_service_name);
		1018	options->pam_service_name = xstrdup(arg);
		1019	}
		1020	break;
		1021
1003	/* Standard Options */	1022	/* Standard Options */
1004	case sBadOption:	1023	case sBadOption:
1005	return -1;	1024	return -1;
Lines 2024-2029 copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth) Link Here
2024		2043
2025	M_CP_STROPT(adm_forced_command);	2044	M_CP_STROPT(adm_forced_command);
2026	M_CP_STROPT(chroot_directory);	2045	M_CP_STROPT(chroot_directory);
		2046	M_CP_STROPT(pam_service_name);
2027	}	2047	}
2028		2048
2029	#undef M_CP_INTOPT	2049	#undef M_CP_INTOPT
Lines 2215-2220 dump_config(ServerOptions *o) Link Here
2215	/* integer arguments */	2235	/* integer arguments */
2216	#ifdef USE_PAM	2236	#ifdef USE_PAM
2217	dump_cfg_fmtint(sUsePAM, o->use_pam);	2237	dump_cfg_fmtint(sUsePAM, o->use_pam);
		2238	dump_cfg_string(sPAMServiceName, o->pam_service_name);
2218	#endif	2239	#endif
2219	dump_cfg_int(sServerKeyBits, o->server_key_bits);	2240	dump_cfg_int(sServerKeyBits, o->server_key_bits);
2220	dump_cfg_int(sLoginGraceTime, o->login_grace_time);	2241	dump_cfg_int(sLoginGraceTime, o->login_grace_time);

Lines 172-177 typedef struct { Link Here

(-)a/servconf.h (+1 lines)
172	char *adm_forced_command;	172	char *adm_forced_command;
173		173
174	int use_pam; /* Enable auth via PAM */	174	int use_pam; /* Enable auth via PAM */
		175	char *pam_service_name;
175		176
176	int permit_tun;	177	int permit_tun;
177		178

Lines 95-100 AuthorizedKeysFile .ssh/authorized_keys Link Here

(-)a/sshd_config (+1 lines)
95	# PAM authentication, then enable this but set PasswordAuthentication	95	# PAM authentication, then enable this but set PasswordAuthentication
96	# and ChallengeResponseAuthentication to 'no'.	96	# and ChallengeResponseAuthentication to 'no'.
97	#UsePAM no	97	#UsePAM no
		98	#PAMServiceName sshd
98		99
99	#AllowAgentForwarding yes	100	#AllowAgentForwarding yes
100	#AllowTcpForwarding yes	101	#AllowTcpForwarding yes

Lines 1110-1115 Available keywords are Link Here

(-)a/sshd_config.5 (-1 / +4 lines)
1110	.Cm KerberosAuthentication ,	1110	.Cm KerberosAuthentication ,
1111	.Cm MaxAuthTries ,	1111	.Cm MaxAuthTries ,
1112	.Cm MaxSessions ,	1112	.Cm MaxSessions ,
		1113	.Cm PAMServiceName ,
1113	.Cm PasswordAuthentication ,	1114	.Cm PasswordAuthentication ,
1114	.Cm PermitEmptyPasswords ,	1115	.Cm PermitEmptyPasswords ,
1115	.Cm PermitOpen ,	1116	.Cm PermitOpen ,
Lines 1578-1583 is enabled, you will not be able to run Link Here
1578	as a non-root user.	1579	as a non-root user.
1579	The default is	1580	The default is
1580	.Dq no .	1581	.Dq no .
		1582	.It Cm PamServiceName
		1583	Specifies which pam service name is used by sshd. The default is the
		1584	name of the process.
1581	.It Cm UsePrivilegeSeparation	1585	.It Cm UsePrivilegeSeparation
1582	Specifies whether	1586	Specifies whether
1583	.Xr sshd 8	1587	.Xr sshd 8
1584	-

Return to bug 2102