Bugzilla – Attachment 3643 Details for
Bug 3508
Simplify handling of SSH_CONNECTION in auth-pam
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Do not store sshpam_conninfo across calls to sshpam_init
openssh-pam-conninfo.patch (text/plain), 1.72 KB, created by
Darren Tucker
on 2022-12-16 15:35:28 AEDT
(
hide
)
Description:
Do not store sshpam_conninfo across calls to sshpam_init
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2022-12-16 15:35:28 AEDT
Size:
1.72 KB
patch
obsolete
>diff --git a/auth-pam.c b/auth-pam.c >index 29034e40..0bf13df5 100644 >--- a/auth-pam.c >+++ b/auth-pam.c >@@ -252,7 +252,6 @@ static Authctxt *sshpam_authctxt = NULL; > static const char *sshpam_password = NULL; > static char *sshpam_rhost = NULL; > static char *sshpam_laddr = NULL; >-static char *sshpam_conninfo = NULL; > > /* Some PAM implementations don't implement this */ > #ifndef HAVE_PAM_GETENVLIST >@@ -688,6 +687,8 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt) > { > const char *pam_user, *user = authctxt->user; > const char **ptr_pam_user = &pam_user; >+ char *conninfo = NULL; >+ int r; > > #if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE) > /* Protect buggy PAM implementations from excessively long usernames */ >@@ -729,9 +730,6 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt) > options.use_dns)); > sshpam_laddr = get_local_ipaddr( > ssh_packet_get_connection_in(ssh)); >- xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", >- ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), >- sshpam_laddr, ssh_local_port(ssh)); > } > if (sshpam_rhost != NULL) { > debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost); >@@ -742,9 +740,14 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt) > sshpam_handle = NULL; > return (-1); > } >- /* Put SSH_CONNECTION in the PAM environment too */ >- pam_putenv(sshpam_handle, sshpam_conninfo); > } >+ /* Put SSH_CONNECTION in the PAM environment too */ >+ xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", >+ ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), >+ sshpam_laddr, ssh_local_port(ssh)); >+ if ((r = pam_putenv(sshpam_handle, conninfo)) != PAM_SUCCESS) >+ logit("pam_putenv: %s", pam_strerror(sshpam_handle, r)); >+ free(conninfo); > > #ifdef PAM_TTY_KLUDGE > /*
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3643">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3508
:
3643
|
3644