Bugzilla – Attachment 644 Details for
Bug 874
(Re)Add PAM PasswordAuthentication support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
re-add PasswordAuthentication for UsePAM=yes
openssh-pam-passwd.patch (text/plain), 3.91 KB, created by
Darren Tucker
on 2004-05-28 20:31:18 AEST
(
hide
)
Description:
re-add PasswordAuthentication for UsePAM=yes
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-05-28 20:31:18 AEST
Size:
3.91 KB
patch
obsolete
>Index: auth-pam.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v >retrieving revision 1.102 >diff -u -p -r1.102 auth-pam.c >--- auth-pam.c 24 May 2004 01:55:36 -0000 1.102 >+++ auth-pam.c 28 May 2004 10:21:20 -0000 >@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0; > static int sshpam_account_status = -1; > static char **sshpam_env = NULL; > static Authctxt *sshpam_authctxt = NULL; >+static const char *sshpam_password = NULL; > > /* Some PAM implementations don't implement this */ > #ifndef HAVE_PAM_GETENVLIST >@@ -951,4 +952,85 @@ free_pam_environment(char **env) > xfree(env); > } > >+static int >+sshpam_passwd_conv(int n, const struct pam_message **msg, >+ struct pam_response **resp, void *data) >+{ >+ struct pam_response *reply; >+ int i; >+ size_t len; >+ >+ debug3("PAM: %s called with %d messages", __func__, n); >+ >+ *resp = NULL; >+ >+ if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO)) >+ return (PAM_CONV_ERR); >+ >+ if ((reply = malloc(n * sizeof(*reply))) == NULL) >+ return (PAM_CONV_ERR); >+ memset(reply, 0, n * sizeof(*reply)); >+ >+ for (i = 0; i < n; ++i) { >+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) { >+ case PAM_PROMPT_ECHO_OFF: >+ if (sshpam_password == NULL) >+ goto fail; >+ reply[i].resp = xstrdup(sshpam_password); >+ reply[i].resp_retcode = PAM_SUCCESS; >+ break; >+ case PAM_ERROR_MSG: >+ case PAM_TEXT_INFO: >+ len = strlen(PAM_MSG_MEMBER(msg, i, msg)); >+ if (len > 0) { >+ buffer_append(&loginmsg, >+ PAM_MSG_MEMBER(msg, i, msg), len); >+ buffer_append(&loginmsg, "\n", 1); >+ } >+ reply[i].resp = xstrdup(""); >+ reply[i].resp_retcode = PAM_SUCCESS; >+ break; >+ case PAM_AUTH_ERR: >+ error("PAM: %s for %s%.100s from %.100s", msg, >+ sshpam_authctxt->valid ? "" : "illegal user ", >+ sshpam_authctxt->user, >+ get_remote_name_or_ip(utmp_len, options.use_dns)); >+ /* FALLTHROUGH */ >+ default: >+ goto fail; >+ } >+ } >+ *resp = reply; >+ return (PAM_SUCCESS); >+ >+ fail: >+ for(i = 0; i < n; i++) { >+ if (reply[i].resp != NULL) >+ xfree(reply[i].resp); >+ } >+ xfree(reply); >+ return (PAM_CONV_ERR); >+} >+ >+static struct pam_conv passwd_conv = { sshpam_passwd_conv, NULL }; >+ >+int >+sys_auth_passwd(Authctxt *authctxt, const char *password) >+{ >+ int result, flags = (options.permit_empty_passwd == 0 ? >+ PAM_DISALLOW_NULL_AUTHTOK : 0); >+ >+ sshpam_password = password; >+ sshpam_authctxt = authctxt; >+ >+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, >+ (const void *)&passwd_conv); >+ if (sshpam_err != PAM_SUCCESS) >+ fatal("PAM: %s: failed to set PAM_CONV: %s", __func__, >+ pam_strerror(sshpam_handle, sshpam_err)); >+ >+ result = pam_authenticate(sshpam_handle, flags); >+ sshpam_password = NULL; >+ return (result == PAM_SUCCESS); >+} > #endif /* USE_PAM */ >Index: auth-passwd.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v >retrieving revision 1.73 >diff -u -p -r1.73 auth-passwd.c >--- auth-passwd.c 4 Mar 2004 11:59:37 -0000 1.73 >+++ auth-passwd.c 28 May 2004 09:55:17 -0000 >@@ -92,7 +92,7 @@ auth_password(Authctxt *authctxt, const > } > #endif > #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) >- if (!expire_checked) { >+ if (!expire_checked && !options.use_pam) { > expire_checked = 1; > if (auth_shadow_pwexpired(authctxt)) { > disable_forwarding(); >Index: defines.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/defines.h,v >retrieving revision 1.115 >diff -u -p -r1.115 defines.h >--- defines.h 14 Apr 2004 07:24:30 -0000 1.115 >+++ defines.h 28 May 2004 07:47:59 -0000 >@@ -497,6 +497,10 @@ struct winsize { > # define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member) > #endif > >+#ifdef USE_PAM >+# define CUSTOM_SYS_AUTH_PASSWD >+#endif >+ > #if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) > # undef HAVE_GETADDRINFO > #endif
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=644">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 874
:
644
|
645
|
646