Bugzilla – Attachment 157 Details for
Bug 419
HP-UX PAM problems with 3.5p1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for making privsep run with HP-UX trusted mode amd avoid credentials deletion errors
openssh-3.5p1-hpux_pam.patch (text/plain), 2.46 KB, created by
Michael Steffens
on 2002-10-21 17:54:19 AEST
(
hide
)
Description:
Patches for making privsep run with HP-UX trusted mode amd avoid credentials deletion errors
Filename:
MIME Type:
Creator:
Michael Steffens
Created:
2002-10-21 17:54:19 AEST
Size:
2.46 KB
patch
obsolete
>diff -u -r openssh-3.5p1/auth-pam.c openssh-3.5p1a/auth-pam.c >--- openssh-3.5p1/auth-pam.c Sun Jul 28 22:24:08 2002 >+++ openssh-3.5p1a/auth-pam.c Wed Oct 16 15:00:01 2002 >@@ -186,12 +186,14 @@ > pam_retval, PAM_STRERROR(__pamh, pam_retval)); > } > >+#ifndef __hpux > if (__pamh && creds_set) { > pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); > if (pam_retval != PAM_SUCCESS) > debug("Cannot delete credentials[%d]: %.200s", > pam_retval, PAM_STRERROR(__pamh, pam_retval)); > } >+#endif > > if (__pamh) { > pam_retval = pam_end(__pamh, pam_retval); >@@ -299,6 +301,18 @@ > pam_retval, PAM_STRERROR(__pamh, pam_retval)); > > session_opened = 1; >+} >+ >+/* Set the TTY after session is open */ >+void do_pam_set_tty(const char *ttyname) { >+ int pam_retval; >+ if (ttyname != NULL) { >+ debug("PAM setting tty to \"%.200s\"", ttyname); >+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); >+ if (pam_retval != PAM_SUCCESS) >+ fatal("PAM set tty failed[%d]: %.200s", >+ pam_retval, PAM_STRERROR(__pamh, pam_retval)); >+ } > } > > /* Set PAM credentials */ >diff -u -r openssh-3.5p1/auth-pam.h openssh-3.5p1a/auth-pam.h >--- openssh-3.5p1/auth-pam.h Tue Jul 23 02:44:07 2002 >+++ openssh-3.5p1a/auth-pam.h Wed Oct 16 10:00:40 2002 >@@ -39,6 +39,7 @@ > int do_pam_authenticate(int flags); > int do_pam_account(char *username, char *remote_user); > void do_pam_session(char *username, const char *ttyname); >+void do_pam_set_tty(const char *ttyname); > void do_pam_setcred(int init); > void print_pam_messages(void); > int is_pam_password_change_required(void); >diff -u -r openssh-3.5p1/session.c openssh-3.5p1a/session.c >--- openssh-3.5p1/session.c Thu Sep 26 02:38:50 2002 >+++ openssh-3.5p1a/session.c Wed Oct 16 15:01:40 2002 >@@ -454,7 +454,6 @@ > session_proctitle(s); > > #if defined(USE_PAM) >- do_pam_session(s->pw->pw_name, NULL); > do_pam_setcred(1); > if (is_pam_password_change_required()) > packet_disconnect("Password change required but no " >@@ -581,7 +580,7 @@ > ttyfd = s->ttyfd; > > #if defined(USE_PAM) >- do_pam_session(s->pw->pw_name, s->tty); >+ do_pam_set_tty(s->tty); > do_pam_setcred(1); > #endif > >@@ -1238,6 +1237,13 @@ > * Reestablish them here. > */ > do_pam_setcred(0); >+ >+ /* >+ * We need to open the session here because PAM on HP-UX does not >+ * work after the call to permanently_set_uid. >+ */ >+ do_pam_session(pw->pw_name,NULL); >+ > # endif /* USE_PAM */ > # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) > irix_setusercontext(pw);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=157">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 419
: 157