Attachment #157 for bug #419

View | Details | Raw Unified | Return to bug 419
Collapse All | Expand All




			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
	}

#ifndef __hpux
	if (__pamh && creds_set) {
		pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);
		if (pam_retval != PAM_SUCCESS)
			debug("Cannot delete credentials[%d]: %.200s", 
			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
	}
#endif

	if (__pamh) {
		pam_retval = pam_end(__pamh, pam_retval);

		    pam_retval, PAM_STRERROR(__pamh, pam_retval));

	session_opened = 1;
}

/* Set the TTY after session is open */
void do_pam_set_tty(const char *ttyname) {
	int pam_retval;
	if (ttyname != NULL) {
		debug("PAM setting tty to \"%.200s\"", ttyname);
		pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
		if (pam_retval != PAM_SUCCESS)
			fatal("PAM set tty failed[%d]: %.200s",
			    pam_retval, PAM_STRERROR(__pamh, pam_retval));
	}
}

/* Set PAM credentials */

Lines 39-44 Link Here

(-)openssh-3.5p1/auth-pam.h (+1 lines)
39	int do_pam_authenticate(int flags);	39	int do_pam_authenticate(int flags);
40	int do_pam_account(char username, char remote_user);	40	int do_pam_account(char username, char remote_user);
41	void do_pam_session(char username, const char ttyname);	41	void do_pam_session(char username, const char ttyname);
		42	void do_pam_set_tty(const char *ttyname);
42	void do_pam_setcred(int init);	43	void do_pam_setcred(int init);
43	void print_pam_messages(void);	44	void print_pam_messages(void);
44	int is_pam_password_change_required(void);	45	int is_pam_password_change_required(void);




	session_proctitle(s);

#if defined(USE_PAM)
	do_pam_session(s->pw->pw_name, NULL);
	do_pam_setcred(1);
	if (is_pam_password_change_required())
		packet_disconnect("Password change required but no "

	ttyfd = s->ttyfd;

#if defined(USE_PAM)
	do_pam_set_tty(s->tty);
	do_pam_setcred(1);
#endif


		 * Reestablish them here.
		 */
		do_pam_setcred(0);

		/*
		 * We need to open the session here because PAM on HP-UX does not
		 * work after the call to permanently_set_uid.
		 */
		do_pam_session(pw->pw_name,NULL);

# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
		irix_setusercontext(pw);

Return to bug 419

Lines 186-197 Link Here

(-)openssh-3.5p1/auth-pam.c (+14 lines)
186	pam_retval, PAM_STRERROR(__pamh, pam_retval));	186	pam_retval, PAM_STRERROR(__pamh, pam_retval));
187	}	187	}
188		188
		189	#ifndef __hpux
189	if (__pamh && creds_set) {	190	if (__pamh && creds_set) {
190	pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);	191	pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);
191	if (pam_retval != PAM_SUCCESS)	192	if (pam_retval != PAM_SUCCESS)
192	debug("Cannot delete credentials[%d]: %.200s",	193	debug("Cannot delete credentials[%d]: %.200s",
193	pam_retval, PAM_STRERROR(__pamh, pam_retval));	194	pam_retval, PAM_STRERROR(__pamh, pam_retval));
194	}	195	}
		196	#endif
195		197
196	if (__pamh) {	198	if (__pamh) {
197	pam_retval = pam_end(__pamh, pam_retval);	199	pam_retval = pam_end(__pamh, pam_retval);
Lines 299-304 Link Here
299	pam_retval, PAM_STRERROR(__pamh, pam_retval));	301	pam_retval, PAM_STRERROR(__pamh, pam_retval));
300		302
301	session_opened = 1;	303	session_opened = 1;
		304	}
		305
		306	/* Set the TTY after session is open */
		307	void do_pam_set_tty(const char *ttyname) {
		308	int pam_retval;
		309	if (ttyname != NULL) {
		310	debug("PAM setting tty to \"%.200s\"", ttyname);
		311	pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
		312	if (pam_retval != PAM_SUCCESS)
		313	fatal("PAM set tty failed[%d]: %.200s",
		314	pam_retval, PAM_STRERROR(__pamh, pam_retval));
		315	}
302	}	316	}
303		317
304	/* Set PAM credentials */	318	/* Set PAM credentials */

Lines 454-460 Link Here

(-)openssh-3.5p1/session.c (-2 / +8 lines)
454	session_proctitle(s);	454	session_proctitle(s);
455		455
456	#if defined(USE_PAM)	456	#if defined(USE_PAM)
457	do_pam_session(s->pw->pw_name, NULL);
458	do_pam_setcred(1);	457	do_pam_setcred(1);
459	if (is_pam_password_change_required())	458	if (is_pam_password_change_required())
460	packet_disconnect("Password change required but no "	459	packet_disconnect("Password change required but no "
Lines 581-587 Link Here
581	ttyfd = s->ttyfd;	580	ttyfd = s->ttyfd;
582		581
583	#if defined(USE_PAM)	582	#if defined(USE_PAM)
584	do_pam_session(s->pw->pw_name, s->tty);	583	do_pam_set_tty(s->tty);
585	do_pam_setcred(1);	584	do_pam_setcred(1);
586	#endif	585	#endif
587		586
Lines 1238-1243 Link Here
1238	* Reestablish them here.	1237	* Reestablish them here.
1239	*/	1238	*/
1240	do_pam_setcred(0);	1239	do_pam_setcred(0);
		1240
		1241	/*
		1242	* We need to open the session here because PAM on HP-UX does not
		1243	* work after the call to permanently_set_uid.
		1244	*/
		1245	do_pam_session(pw->pw_name,NULL);
		1246
1241	# endif /* USE_PAM */	1247	# endif /* USE_PAM */
1242	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)	1248	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)
1243	irix_setusercontext(pw);	1249	irix_setusercontext(pw);