Bugzilla – Attachment 569 Details for
Bug 808
segfault if not using pam/keyboard-interactive mech and password's expired
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Change start_pam(user) to start_pam(authctxt)
openssh-pam-authctxt.patch (text/plain), 7.61 KB, created by
Darren Tucker
on 2004-03-04 23:45:20 AEDT
(
hide
)
Description:
Change start_pam(user) to start_pam(authctxt)
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-03-04 23:45:20 AEDT
Size:
7.61 KB
patch
obsolete
>Index: auth-pam.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v >retrieving revision 1.97 >diff -u -p -r1.97 auth-pam.c >--- auth-pam.c 4 Mar 2004 09:03:54 -0000 1.97 >+++ auth-pam.c 4 Mar 2004 10:53:12 -0000 >@@ -160,7 +160,7 @@ static int sshpam_session_open = 0; > static int sshpam_cred_established = 0; > static int sshpam_account_status = -1; > static char **sshpam_env = NULL; >-static int *force_pwchange; >+static Authctxt *the_authctxt = NULL; > > /* Some PAM implementations don't implement this */ > #ifndef HAVE_PAM_GETENVLIST >@@ -180,7 +180,9 @@ void > pam_password_change_required(int reqd) > { > debug3("%s %d", __func__, reqd); >- *force_pwchange = reqd; >+ if (the_authctxt == NULL) >+ fatal("%s: PAM authctxt not initialized", __func__); >+ the_authctxt->force_pwchange = reqd; > if (reqd) { > no_port_forwarding_flag |= 2; > no_agent_forwarding_flag |= 2; >@@ -339,6 +341,9 @@ sshpam_thread(void *ctxtp) > sshpam_conv.conv = sshpam_thread_conv; > sshpam_conv.appdata_ptr = ctxt; > >+ if (the_authctxt == NULL) >+ fatal("%s: PAM authctxt not initialized", __func__); >+ > buffer_init(&buffer); > sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, > (const void *)&sshpam_conv); >@@ -351,7 +356,7 @@ sshpam_thread(void *ctxtp) > if (compat20) { > if (!do_pam_account()) > goto auth_fail; >- if (*force_pwchange) { >+ if (the_authctxt->force_pwchange) { > sshpam_err = pam_chauthtok(sshpam_handle, > PAM_CHANGE_EXPIRED_AUTHTOK); > if (sshpam_err != PAM_SUCCESS) >@@ -365,7 +370,7 @@ sshpam_thread(void *ctxtp) > #ifndef USE_POSIX_THREADS > /* Export variables set by do_pam_account */ > buffer_put_int(&buffer, sshpam_account_status); >- buffer_put_int(&buffer, *force_pwchange); >+ buffer_put_int(&buffer, the_authctxt->force_pwchange); > > /* Export any environment strings set in child */ > for(i = 0; environ[i] != NULL; i++) >@@ -446,11 +451,11 @@ sshpam_cleanup(void) > } > > static int >-sshpam_init(const char *user) >+sshpam_init(Authctxt *authctxt) > { > extern u_int utmp_len; > extern char *__progname; >- const char *pam_rhost, *pam_user; >+ const char *pam_rhost, *pam_user, *user = authctxt->user; > > if (sshpam_handle != NULL) { > /* We already have a PAM context; check if the user matches */ >@@ -464,6 +469,8 @@ sshpam_init(const char *user) > debug("PAM: initializing for \"%s\"", user); > sshpam_err = > pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); >+ the_authctxt = authctxt; >+ > if (sshpam_err != PAM_SUCCESS) { > pam_end(sshpam_handle, sshpam_err); > sshpam_handle = NULL; >@@ -506,7 +513,7 @@ sshpam_init_ctx(Authctxt *authctxt) > return NULL; > > /* Initialize PAM */ >- if (sshpam_init(authctxt->user) == -1) { >+ if (sshpam_init(authctxt) == -1) { > error("PAM: initialization failed"); > return (NULL); > } >@@ -514,8 +521,6 @@ sshpam_init_ctx(Authctxt *authctxt) > ctxt = xmalloc(sizeof *ctxt); > memset(ctxt, 0, sizeof(*ctxt)); > >- force_pwchange = &(authctxt->force_pwchange); >- > /* Start the authentication thread */ > if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { > error("PAM: failed create sockets: %s", strerror(errno)); >@@ -674,12 +679,12 @@ KbdintDevice mm_sshpam_device = { > * This replaces auth-pam.c > */ > void >-start_pam(const char *user) >+start_pam(Authctxt *authctxt) > { > if (!options.use_pam) > fatal("PAM: initialisation requested when UsePAM=no"); > >- if (sshpam_init(user) == -1) >+ if (sshpam_init(authctxt) == -1) > fatal("PAM: initialisation failed"); > } > >Index: auth-pam.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.h,v >retrieving revision 1.24 >diff -u -p -r1.24 auth-pam.h >--- auth-pam.h 10 Feb 2004 02:23:29 -0000 1.24 >+++ auth-pam.h 1 Mar 2004 07:32:06 -0000 >@@ -31,7 +31,7 @@ > # define SSHD_PAM_SERVICE __progname > #endif > >-void start_pam(const char *); >+void start_pam(Authctxt *); > void finish_pam(void); > u_int do_pam_account(void); > void do_pam_session(void); >Index: auth1.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth1.c,v >retrieving revision 1.96 >diff -u -p -r1.96 auth1.c >--- auth1.c 22 Nov 2003 03:15:30 -0000 1.96 >+++ auth1.c 1 Mar 2004 07:32:06 -0000 >@@ -307,7 +307,7 @@ do_authentication(Authctxt *authctxt) > > #ifdef USE_PAM > if (options.use_pam) >- PRIVSEP(start_pam(user)); >+ PRIVSEP(start_pam(authctxt)); > #endif > > /* >Index: auth2.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth2.c,v >retrieving revision 1.126 >diff -u -p -r1.126 auth2.c >--- auth2.c 17 Nov 2003 10:13:41 -0000 1.126 >+++ auth2.c 1 Mar 2004 07:32:06 -0000 >@@ -150,24 +150,24 @@ input_userauth_request(int type, u_int32 > if (authctxt->attempt++ == 0) { > /* setup auth context */ > authctxt->pw = PRIVSEP(getpwnamallow(user)); >+ authctxt->user = xstrdup(user); > if (authctxt->pw && strcmp(service, "ssh-connection")==0) { > authctxt->valid = 1; > debug2("input_userauth_request: setting up authctxt for %s", user); > #ifdef USE_PAM > if (options.use_pam) >- PRIVSEP(start_pam(authctxt->pw->pw_name)); >+ PRIVSEP(start_pam(authctxt)); > #endif > } else { > logit("input_userauth_request: illegal user %s", user); > authctxt->pw = fakepw(); > #ifdef USE_PAM > if (options.use_pam) >- PRIVSEP(start_pam(user)); >+ PRIVSEP(start_pam(authctxt)); > #endif > } > setproctitle("%s%s", authctxt->pw ? user : "unknown", > use_privsep ? " [net]" : ""); >- authctxt->user = xstrdup(user); > authctxt->service = xstrdup(service); > authctxt->style = style ? xstrdup(style) : NULL; > if (use_privsep) >Index: monitor.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor.c,v >retrieving revision 1.64 >diff -u -p -r1.64 monitor.c >--- monitor.c 6 Feb 2004 05:40:27 -0000 1.64 >+++ monitor.c 4 Mar 2004 09:44:54 -0000 >@@ -782,16 +782,10 @@ mm_answer_skeyrespond(int socket, Buffer > int > mm_answer_pam_start(int socket, Buffer *m) > { >- char *user; >- > if (!options.use_pam) > fatal("UsePAM not set, but ended up in %s anyway", __func__); > >- user = buffer_get_string(m, NULL); >- >- start_pam(user); >- >- xfree(user); >+ start_pam(authctxt); > > monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); > >Index: monitor_wrap.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.c,v >retrieving revision 1.40 >diff -u -p -r1.40 monitor_wrap.c >--- monitor_wrap.c 21 Nov 2003 12:56:47 -0000 1.40 >+++ monitor_wrap.c 4 Mar 2004 10:06:58 -0000 >@@ -686,7 +686,7 @@ mm_session_pty_cleanup2(Session *s) > > #ifdef USE_PAM > void >-mm_start_pam(char *user) >+mm_start_pam(Authctxt *authctxt) > { > Buffer m; > >@@ -695,8 +695,6 @@ mm_start_pam(char *user) > fatal("UsePAM=no, but ended up in %s anyway", __func__); > > buffer_init(&m); >- buffer_put_cstring(&m, user); >- > mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); > > buffer_free(&m); >Index: monitor_wrap.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.h,v >retrieving revision 1.17 >diff -u -p -r1.17 monitor_wrap.h >--- monitor_wrap.h 17 Nov 2003 11:18:22 -0000 1.17 >+++ monitor_wrap.h 4 Mar 2004 09:55:57 -0000 >@@ -66,7 +66,7 @@ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt > #endif > > #ifdef USE_PAM >-void mm_start_pam(char *); >+void mm_start_pam(struct Authctxt *); > u_int mm_do_pam_account(void); > void *mm_sshpam_init_ctx(struct Authctxt *); > int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=569">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 808
:
568
| 569