Attachment #3022 for bug #2408




	sshpam_cleanup();
}

static void
expose_authinfo(const char *caller)
{
	char *auth_info;

	/*
	 * Expose authentication information to PAM.
	 * The enviornment variable is versioned. Please increment the
	 * version suffix if the format of session_info changes.
	 */
	if (sshpam_authctxt->session_info == NULL)
		auth_info = xstrdup("");
	else if ((auth_info = sshbuf_dup_string(
	    sshpam_authctxt->session_info)) == NULL)
		fatal("%s: sshbuf_dup_string failed", __func__);

	debug2("%s: auth information in SSH_AUTH_INFO_0", caller);
	do_pam_putenv("SSH_AUTH_INFO_0", auth_info);
	free(auth_info);
}

u_int
do_pam_account(void)
{

	if (sshpam_account_status != -1)
		return (sshpam_account_status);

	expose_authinfo(__func__);

	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
	debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,
	    pam_strerror(sshpam_handle, sshpam_err));

do_pam_session(void)
{
	debug3("PAM: opening session");

	expose_authinfo(__func__);

	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
	    (const void *)&store_conv);
	if (sshpam_err != PAM_SUCCESS)

Lines 984-991 read_etc_default_login(char **env, u_int envsize, uid_t uid) Link Here

(-)a/session.c (-6 / +20 lines)
984	}	984	}
985	#endif /* HAVE_ETC_DEFAULT_LOGIN */	985	#endif /* HAVE_ETC_DEFAULT_LOGIN */
986		986
987	void	987	static void
988	copy_environment(char source, char env, u_int envsize)	988	copy_environment_blacklist(char source, char env, u_int envsize,
		989	const char *blacklist)
989	{	990	{
990	char var_name, var_val;	991	char var_name, var_val;
991	int i;	992	int i;
Lines 1001-1013 copy_environment(char source, char env, u_int envsize) Link Here
1001	}	1002	}
1002	*var_val++ = '\0';	1003	*var_val++ = '\0';
1003		1004
1004	debug3("Copy environment: %s=%s", var_name, var_val);	1005	if (blacklist == NULL \|\|
1005	child_set_env(env, envsize, var_name, var_val);	1006	match_pattern_list(var_name, blacklist, 0) != 1) {
		1007	debug3("Copy environment: %s=%s", var_name, var_val);
		1008	child_set_env(env, envsize, var_name, var_val);
		1009	}
1006		1010
1007	free(var_name);	1011	free(var_name);
1008	}	1012	}
1009	}	1013	}
1010		1014
		1015	void
		1016	copy_environment(char source, char env, u_int envsize)
		1017	{
		1018	copy_environment_blacklist(source, env, envsize, NULL);
		1019	}
		1020
1011	static char **	1021	static char **
1012	do_setup_env(Session s, const char shell)	1022	do_setup_env(Session s, const char shell)
1013	{	1023	{
Lines 1169-1180 do_setup_env(Session s, const char shell) Link Here
1169	if (options.use_pam) {	1179	if (options.use_pam) {
1170	char **p;	1180	char **p;
1171		1181
		1182	/*
		1183	* Don't allow SSH_AUTH_INFO variables posted to PAM to leak
		1184	* back into the environment.
		1185	*/
1172	p = fetch_pam_child_environment();	1186	p = fetch_pam_child_environment();
1173	copy_environment(p, &env, &envsize);	1187	copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
1174	free_pam_environment(p);	1188	free_pam_environment(p);
1175		1189
1176	p = fetch_pam_environment();	1190	p = fetch_pam_environment();
1177	copy_environment(p, &env, &envsize);	1191	copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
1178	free_pam_environment(p);	1192	free_pam_environment(p);
1179	}	1193	}
1180	#endif /* USE_PAM */	1194	#endif /* USE_PAM */

Return to bug 2408

Lines 926-931 finish_pam(void) Link Here

(-)a/auth-pam.c (+26 lines)
926	sshpam_cleanup();	926	sshpam_cleanup();
927	}	927	}
928		928
		929	static void
		930	expose_authinfo(const char *caller)
		931	{
		932	char *auth_info;
		933
		934	/*
		935	* Expose authentication information to PAM.
		936	* The enviornment variable is versioned. Please increment the
		937	* version suffix if the format of session_info changes.
		938	*/
		939	if (sshpam_authctxt->session_info == NULL)
		940	auth_info = xstrdup("");
		941	else if ((auth_info = sshbuf_dup_string(
		942	sshpam_authctxt->session_info)) == NULL)
		943	fatal("%s: sshbuf_dup_string failed", __func__);
		944
		945	debug2("%s: auth information in SSH_AUTH_INFO_0", caller);
		946	do_pam_putenv("SSH_AUTH_INFO_0", auth_info);
		947	free(auth_info);
		948	}
		949
929	u_int	950	u_int
930	do_pam_account(void)	951	do_pam_account(void)
931	{	952	{
Lines 933-938 do_pam_account(void) Link Here
933	if (sshpam_account_status != -1)	954	if (sshpam_account_status != -1)
934	return (sshpam_account_status);	955	return (sshpam_account_status);
935		956
		957	expose_authinfo(__func__);
		958
936	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);	959	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
937	debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,	960	debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,
938	pam_strerror(sshpam_handle, sshpam_err));	961	pam_strerror(sshpam_handle, sshpam_err));
Lines 1057-1062 void Link Here
1057	do_pam_session(void)	1080	do_pam_session(void)
1058	{	1081	{
1059	debug3("PAM: opening session");	1082	debug3("PAM: opening session");
		1083
		1084	expose_authinfo(__func__);
		1085
1060	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,	1086	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
1061	(const void *)&store_conv);	1087	(const void *)&store_conv);
1062	if (sshpam_err != PAM_SUCCESS)	1088	if (sshpam_err != PAM_SUCCESS)