Attachment #642 for bug #688

Lines 364-369 Link Here

(-)openssh-3.8.1p1/auth-pam.c (+2 lines)
364	goto auth_fail;	364	goto auth_fail;
365	pam_password_change_required(0);	365	pam_password_change_required(0);
366	}	366	}
		367	if (options.use_pam_setcred)
		368	do_pam_setcred(1);
367	}	369	}
368		370
369	buffer_put_cstring(&buffer, "OK");	371	buffer_put_cstring(&buffer, "OK");

Lines 125-130 Link Here

(-)openssh-3.8.1p1/servconf.h (+4 lines)
125	char authorized_keys_file; / File containing public keys */	125	char authorized_keys_file; / File containing public keys */
126	char *authorized_keys_file2;	126	char *authorized_keys_file2;
127	int use_pam; /* Enable auth via PAM */	127	int use_pam; /* Enable auth via PAM */
		128	int use_pam_setcred; /*
		129	* Execute do_pam_setcred in the
		130	* PAM authentication thread
		131	*/
128	} ServerOptions;	132	} ServerOptions;
129		133
130	void initialize_server_options(ServerOptions *);	134	void initialize_server_options(ServerOptions *);

Lines 41-46 Link Here

(-)openssh-3.8.1p1/servconf.c (+10 lines)
41		41
42	/* Portable-specific options */	42	/* Portable-specific options */
43	options->use_pam = -1;	43	options->use_pam = -1;
		44	options->use_pam_setcred = -1;
44		45
45	/* Standard Options */	46	/* Standard Options */
46	options->num_ports = 0;	47	options->num_ports = 0;
Lines 113-118 Link Here
113	if (options->use_pam == -1)	114	if (options->use_pam == -1)
114	options->use_pam = 0;	115	options->use_pam = 0;
115		116
		117	if (options->use_pam_setcred == -1)
		118	options->use_pam_setcred = 0;
		119
116	/* Standard Options */	120	/* Standard Options */
117	if (options->protocol == SSH_PROTO_UNKNOWN)	121	if (options->protocol == SSH_PROTO_UNKNOWN)
118	options->protocol = SSH_PROTO_1\|SSH_PROTO_2;	122	options->protocol = SSH_PROTO_1\|SSH_PROTO_2;
Lines 248-253 Link Here
248	sBadOption, /* == unknown option */	252	sBadOption, /* == unknown option */
249	/* Portable-specific options */	253	/* Portable-specific options */
250	sUsePAM,	254	sUsePAM,
		255	sUsePAMSetCred,
251	/* Standard Options */	256	/* Standard Options */
252	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,	257	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
253	sPermitRootLogin, sLogFacility, sLogLevel,	258	sPermitRootLogin, sLogFacility, sLogLevel,
Lines 279-286 Link Here
279	/* Portable-specific options */	284	/* Portable-specific options */
280	#ifdef USE_PAM	285	#ifdef USE_PAM
281	{ "usepam", sUsePAM },	286	{ "usepam", sUsePAM },
		287	{ "usepamsetcred", sUsePAMSetCred },
282	#else	288	#else
283	{ "usepam", sUnsupported },	289	{ "usepam", sUnsupported },
		290	{ "usepamsetcred", sUnsupported },
284	#endif	291	#endif
285	{ "pamauthenticationviakbdint", sDeprecated },	292	{ "pamauthenticationviakbdint", sDeprecated },
286	/* Standard Options */	293	/* Standard Options */
Lines 447-452 Link Here
447	case sUsePAM:	454	case sUsePAM:
448	intptr = &options->use_pam;	455	intptr = &options->use_pam;
449	goto parse_flag;	456	goto parse_flag;
		457	case sUsePAMSetCred:
		458	intptr = &options->use_pam_setcred;
		459	goto parse_flag;
450		460
451	/* Standard Options */	461	/* Standard Options */
452	case sBadOption:	462	case sBadOption:

Lines 615-620 Link Here

(-)openssh-3.8.1p1/sshd_config.5.~1~ (+8 lines)
615	.CM UsePAM	615	.CM UsePAM
616	then you will not be able to run sshd as a non-root user. The default is	616	then you will not be able to run sshd as a non-root user. The default is
617	.Dq no .	617	.Dq no .
		618	.It Cm UsePAMSetCred
		619	If PAM authentication (via challenge-response) is enabled using
		620	.Cm UsePAM
		621	you might want to enable this option to force storage of the
		622	credentials which are obtained in the authentication step. This is
		623	useful for situations where the password is validated through Kerberos
		624	via a PAM module. The default is
		625	.Dq no .
618	.It Cm UsePrivilegeSeparation	626	.It Cm UsePrivilegeSeparation
619	Specifies whether	627	Specifies whether
620	.Nm sshd	628	.Nm sshd

Return to bug 688