Attachment #2582 for bug #2378

View | Details | Raw Unified | Return to bug 2378
Collapse All | Expand All




	return (sshpam_account_status);
}

#ifdef HAVE_PAM_AUSER
void
do_pam_set_auser(const char* auser)
{
	if (auser != NULL) {
		debug("PAM: setting PAM_AUSER to \"%s\"", auser);
		sshpam_err = pam_set_item(sshpam_handle, PAM_AUSER, auser);
		if (sshpam_err != PAM_SUCCESS)
			error("PAM: failed to set PAM_AUSER: %s",
			    pam_strerror(sshpam_handle, sshpam_err));
	}
}
#endif

void
do_pam_set_tty(const char *tty)
{

Lines 35-40 void start_pam(Authctxt *); Link Here

(-)old/auth-pam.h (+3 lines)
35	void finish_pam(void);	35	void finish_pam(void);
36	u_int do_pam_account(void);	36	u_int do_pam_account(void);
37	void do_pam_session(void);	37	void do_pam_session(void);
		38	#ifdef HAVE_PAM_AUSER
		39	void do_pam_set_auser(const char *);
		40	#endif
38	void do_pam_set_tty(const char *);	41	void do_pam_set_tty(const char *);
39	void do_pam_setcred(int );	42	void do_pam_setcred(int );
40	void do_pam_chauthtok(void);	43	void do_pam_chauthtok(void);

Lines 81-86 struct Authctxt { Link Here

(-)old/auth.h (+3 lines)
81		81
82	struct sshkey **prev_userkeys;	82	struct sshkey **prev_userkeys;
83	u_int nprev_userkeys;	83	u_int nprev_userkeys;
		84	#ifdef HAVE_PAM_AUSER
		85	char *auser;
		86	#endif
84	};	87	};
85	/*	88	/*
86	* Every authentication method has to handle authentication requests for	89	* Every authentication method has to handle authentication requests for

Lines 85-90 userauth_hostbased(Authctxt *authctxt) Link Here

(-)old/auth2-hostbased.c (+10 lines)
85	buffer_dump(&b);	85	buffer_dump(&b);
86	buffer_free(&b);	86	buffer_free(&b);
87	#endif	87	#endif
		88	#ifdef HAVE_PAM_AUSER
		89	authctxt->auser = NULL;
		90	#endif
88	pktype = key_type_from_name(pkalg);	91	pktype = key_type_from_name(pkalg);
89	if (pktype == KEY_UNSPEC) {	92	if (pktype == KEY_UNSPEC) {
90	/* this is perfectly legal */	93	/* this is perfectly legal */
Lines 143-148 userauth_hostbased(Authctxt *authctxt) Link Here
143	buffer_len(&b))) == 1)	146	buffer_len(&b))) == 1)
144	authenticated = 1;	147	authenticated = 1;
145		148
		149	#ifdef HAVE_PAM_AUSER
		150	if (authenticated) {
		151	authctxt->auser = cuser;
		152	cuser = NULL;
		153	}
		154	#endif
		155
146	buffer_free(&b);	156	buffer_free(&b);
147	done:	157	done:
148	debug2("userauth_hostbased: authenticated %d", authenticated);	158	debug2("userauth_hostbased: authenticated %d", authenticated);

Lines 325-330 userauth_finish(Authctxt *authctxt, int Link Here

(-)old/auth2.c (+7 lines)
325		325
326	#ifdef USE_PAM	326	#ifdef USE_PAM
327	if (options.use_pam && authenticated) {	327	if (options.use_pam && authenticated) {
		328	#ifdef HAVE_PAM_AUSER
		329	if (!use_privsep) {
		330	do_pam_set_auser(authctxt->auser);
		331	free(authctxt->auser);
		332	authctxt->auser = NULL;
		333	}
		334	#endif
328	if (!PRIVSEP(do_pam_account())) {	335	if (!PRIVSEP(do_pam_account())) {
329	/* if PAM returned a message, send it to the user */	336	/* if PAM returned a message, send it to the user */
330	if (buffer_len(&loginmsg) > 0) {	337	if (buffer_len(&loginmsg) > 0) {

Lines 827-832 Link Here

(-)old/config.h.in (+3 lines)
827	/* Define if you have Digital Unix Security Integration Architecture */	827	/* Define if you have Digital Unix Security Integration Architecture */
828	#undef HAVE_OSF_SIA	828	#undef HAVE_OSF_SIA
829		829
		830	/* Define if you have PAM_AUSER PAM item */
		831	#undef HAVE_PAM_AUSER
		832
830	/* Define to 1 if you have the `pam_getenvlist' function. */	833	/* Define to 1 if you have the `pam_getenvlist' function. */
831	#undef HAVE_PAM_GETENVLIST	834	#undef HAVE_PAM_GETENVLIST
832		835

Lines 10870-10875 fi Link Here

(-)old/configure (+1 lines)
10870	fi	10870	fi
10871		10871
10872	TEST_SHELL=$SHELL # let configure find us a capable shell	10872	TEST_SHELL=$SHELL # let configure find us a capable shell
		10873	$as_echo "#define HAVE_PAM_AUSER 1" >>confdefs.h
10873	;;	10874	;;
10874	--sunos4*)	10875	--sunos4*)
10875	CPPFLAGS="$CPPFLAGS -DSUNOS4"	10876	CPPFLAGS="$CPPFLAGS -DSUNOS4"

Lines 902-907 mips-sony-bsd\|mips-sony-newsos4) Link Here

(-)old/configure.ac (+1 lines)
902	],	902	],
903	)	903	)
904	TEST_SHELL=$SHELL # let configure find us a capable shell	904	TEST_SHELL=$SHELL # let configure find us a capable shell
		905	AC_DEFINE([HAVE_PAM_AUSER])
905	;;	906	;;
906	--sunos4*)	907	--sunos4*)
907	CPPFLAGS="$CPPFLAGS -DSUNOS4"	908	CPPFLAGS="$CPPFLAGS -DSUNOS4"

Lines 409-414 monitor_child_preauth(Authctxt *_authctx Link Here

(-)old/monitor.c (-1 / +14 lines)
409	}	409	}
410	}	410	}
411		411
		412	#if defined(HAVE_PAM_AUSER) && defined(USE_PAM)
		413	if (hostbased_cuser != NULL) {
		414	free(hostbased_cuser);
		415	hostbased_cuser = NULL;
		416	}
		417	#endif
412	if (!authctxt->valid)	418	if (!authctxt->valid)
413	fatal("%s: authenticated invalid user", __func__);	419	fatal("%s: authenticated invalid user", __func__);
414	if (strcmp(auth_method, "unknown") == 0)	420	if (strcmp(auth_method, "unknown") == 0)
Lines 638-649 monitor_reset_key_state(void) Link Here
638	{	644	{
639	/* reset state */	645	/* reset state */
640	free(key_blob);	646	free(key_blob);
		647	#if !defined(HAVE_PAM_AUSER) \|\| !defined(USE_PAM)
641	free(hostbased_cuser);	648	free(hostbased_cuser);
		649	hostbased_cuser = NULL;
		650	#endif
642	free(hostbased_chost);	651	free(hostbased_chost);
643	key_blob = NULL;	652	key_blob = NULL;
644	key_bloblen = 0;	653	key_bloblen = 0;
645	key_blobtype = MM_NOKEY;	654	key_blobtype = MM_NOKEY;
646	hostbased_cuser = NULL;
647	hostbased_chost = NULL;	655	hostbased_chost = NULL;
648	}	656	}
649		657
Lines 1068-1073 mm_answer_pam_account(int sock, Buffer * Link Here
1068	if (!options.use_pam)	1076	if (!options.use_pam)
1069	fatal("UsePAM not set, but ended up in %s anyway", __func__);	1077	fatal("UsePAM not set, but ended up in %s anyway", __func__);
1070		1078
		1079	#ifdef HAVE_PAM_AUSER
		1080	if (hostbased_cuser != NULL)
		1081	do_pam_set_auser(hostbased_cuser);
		1082	#endif
		1083
1071	ret = do_pam_account();	1084	ret = do_pam_account();
1072		1085
1073	buffer_put_int(m, ret);	1086	buffer_put_int(m, ret);

Return to bug 2378

Lines 919-924 do_pam_account(void) Link Here

(-)old/auth-pam.c (+14 lines)
919	return (sshpam_account_status);	919	return (sshpam_account_status);
920	}	920	}
921		921
		922	#ifdef HAVE_PAM_AUSER
		923	void
		924	do_pam_set_auser(const char* auser)
		925	{
		926	if (auser != NULL) {
		927	debug("PAM: setting PAM_AUSER to \"%s\"", auser);
		928	sshpam_err = pam_set_item(sshpam_handle, PAM_AUSER, auser);
		929	if (sshpam_err != PAM_SUCCESS)
		930	error("PAM: failed to set PAM_AUSER: %s",
		931	pam_strerror(sshpam_handle, sshpam_err));
		932	}
		933	}
		934	#endif
		935
922	void	936	void
923	do_pam_set_tty(const char *tty)	937	do_pam_set_tty(const char *tty)
924	{	938	{