Bugzilla – Attachment 246 Details for
Bug 423
Workaround for pw change in privsep mode (3.5.p1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
INCOMPLETE example patch
pam-chauthtok-partial.diff (text/plain), 2.29 KB, created by
Damien Miller
on 2003-03-10 15:43:03 AEDT
(
hide
)
Description:
INCOMPLETE example patch
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2003-03-10 15:43:03 AEDT
Size:
2.29 KB
patch
obsolete
>? autom4te-2.53.cache >Index: session.c >=================================================================== >RCS file: /var/cvs/openssh/session.c,v >retrieving revision 1.231 >diff -u -r1.231 session.c >--- session.c 10 Mar 2003 00:21:18 -0000 1.231 >+++ session.c 10 Mar 2003 04:40:36 -0000 >@@ -574,7 +574,7 @@ > void > do_exec_pty(Session *s, const char *command) > { >- int fdout, ptyfd, ttyfd, ptymaster; >+ int fdout, ptyfd, ttyfd, ptymaster, status; > pid_t pid; > > if (s == NULL) >@@ -587,6 +587,49 @@ > do_pam_setcred(1); > #endif > >+#ifdef USE_PAM >+ /* >+ * If password change is needed, do it now. It has to happen with >+ * a tty attached, but we need to know the result before continuing >+ * - so run it in a subshell. >+ */ >+ if (is_pam_password_change_required()) { >+ if ((pid = fork()) == 0) { >+ fatal_remove_all_cleanups(); >+ >+ /* Child. Reinitialize the log because the pid has changed. */ >+ log_init(__progname, options.log_level, options.log_facility, log_stderr); >+ /* Close the master side of the pseudo tty. */ >+ close(ptyfd); >+ >+ /* Make the pseudo tty our controlling tty. */ >+ pty_make_controlling_tty(&ttyfd, s->tty); >+ >+ /* Redirect stdin/stdout/stderr from the pseudo tty. */ >+ if (dup2(ttyfd, 0) < 0) >+ error("dup2 stdin: %s", strerror(errno)); >+ if (dup2(ttyfd, 1) < 0) >+ error("dup2 stdout: %s", strerror(errno)); >+ if (dup2(ttyfd, 2) < 0) >+ error("dup2 stderr: %s", strerror(errno)); >+ >+ /* Close the extra descriptor for the pseudo tty. */ >+ close(ttyfd); >+ >+ print_pam_messages(); >+ do_pam_chauthtok(); >+ exit(0); >+ } >+ if (waitpid(pid, &status, 0) == -1) >+ fatal("waitpid: %s", strerror(errno)); >+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) >+ fatal("PAM password change failed"); >+ /* >+ * XXX - communicate change to monitor >+ */ >+ } >+#endif >+ > /* Fork the child. */ > if ((pid = fork()) == 0) { > fatal_remove_all_cleanups(); >@@ -747,17 +790,6 @@ > get_remote_name_or_ip(utmp_len, > options.verify_reverse_mapping), > (struct sockaddr *)&from, fromlen); >- >-#ifdef USE_PAM >- /* >- * If password change is needed, do it now. >- * This needs to occur before the ~/.hushlogin check. >- */ >- if (is_pam_password_change_required()) { >- print_pam_messages(); >- do_pam_chauthtok(); >- } >-#endif > > if (check_quietlogin(s, command)) > return;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=246">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 423
:
162
|
163
|
198
|
246
|
375
|
376
|
377