Attachment #3213 for bug #2741

View | Details | Raw Unified | Return to bug 2741
Collapse All | Expand All




{
	const char *pam_rhost, *pam_user, *user = authctxt->user;
	const char **ptr_pam_user = &pam_user;
	char *laddr, *conninfo;
	struct ssh *ssh = active_state; /* XXX */

	if (sshpam_handle != NULL) {

		sshpam_handle = NULL;
		return (-1);
	}

        laddr = get_local_ipaddr(packet_get_connection_in());
        xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
	    laddr, ssh_local_port(ssh));
	pam_putenv(sshpam_handle, conninfo);
	free(laddr);
	free(conninfo);

#ifdef PAM_TTY_KLUDGE
	/*
	 * Some silly PAM modules (e.g. pam_time) require a TTY to operate.




		char **p;

		/*
		 * Don't allow PAM-internal env vars to leak
		 * back into the session environment.
		 */
#define PAM_ENV_BLACKLIST  "SSH_AUTH_INFO*,SSH_CONNECTION*"
		p = fetch_pam_child_environment();
		copy_environment_blacklist(p, &env, &envsize,
		    PAM_ENV_BLACKLIST);
		free_pam_environment(p);

		p = fetch_pam_environment();
		copy_environment_blacklist(p, &env, &envsize,
		    PAM_ENV_BLACKLIST);
		free_pam_environment(p);
	}
#endif /* USE_PAM */

Return to bug 2741

Lines 673-678 sshpam_init(Authctxt *authctxt) Link Here

(-)a/auth-pam.c (+10 lines)
673	{	673	{
674	const char pam_rhost, pam_user, *user = authctxt->user;	674	const char pam_rhost, pam_user, *user = authctxt->user;
675	const char **ptr_pam_user = &pam_user;	675	const char **ptr_pam_user = &pam_user;
		676	char laddr, conninfo;
676	struct ssh ssh = active_state; / XXX */	677	struct ssh ssh = active_state; / XXX */
677		678
678	if (sshpam_handle != NULL) {	679	if (sshpam_handle != NULL) {
Lines 702-707 sshpam_init(Authctxt *authctxt) Link Here
702	sshpam_handle = NULL;	703	sshpam_handle = NULL;
703	return (-1);	704	return (-1);
704	}	705	}
		706
		707	laddr = get_local_ipaddr(packet_get_connection_in());
		708	xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
		709	ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
		710	laddr, ssh_local_port(ssh));
		711	pam_putenv(sshpam_handle, conninfo);
		712	free(laddr);
		713	free(conninfo);
		714
705	#ifdef PAM_TTY_KLUDGE	715	#ifdef PAM_TTY_KLUDGE
706	/*	716	/*
707	* Some silly PAM modules (e.g. pam_time) require a TTY to operate.	717	* Some silly PAM modules (e.g. pam_time) require a TTY to operate.

Lines 1162-1176 do_setup_env(struct ssh ssh, Session s, const char *shell) Link Here

(-)a/session.c (-4 / +7 lines)
1162	char **p;	1162	char **p;
1163		1163
1164	/*	1164	/*
1165	* Don't allow SSH_AUTH_INFO variables posted to PAM to leak	1165	* Don't allow PAM-internal env vars to leak
1166	* back into the environment.	1166	* back into the session environment.
1167	*/	1167	*/
		1168	#define PAM_ENV_BLACKLIST "SSH_AUTH_INFO,SSH_CONNECTION"
1168	p = fetch_pam_child_environment();	1169	p = fetch_pam_child_environment();
1169	copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");	1170	copy_environment_blacklist(p, &env, &envsize,
		1171	PAM_ENV_BLACKLIST);
1170	free_pam_environment(p);	1172	free_pam_environment(p);
1171		1173
1172	p = fetch_pam_environment();	1174	p = fetch_pam_environment();
1173	copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");	1175	copy_environment_blacklist(p, &env, &envsize,
		1176	PAM_ENV_BLACKLIST);
1174	free_pam_environment(p);	1177	free_pam_environment(p);
1175	}	1178	}
1176	#endif /* USE_PAM */	1179	#endif /* USE_PAM */