Attachment #3644 for bug #3508




static const char *sshpam_password = NULL;
static char *sshpam_rhost = NULL;
static char *sshpam_laddr = NULL;
static char *sshpam_conninfo = NULL;

/* Some PAM implementations don't implement this */
#ifndef HAVE_PAM_GETENVLIST

{
	const char *pam_user, *user = authctxt->user;
	const char **ptr_pam_user = &pam_user;
	char *conninfo = NULL;
	int r;

#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
	/* Protect buggy PAM implementations from excessively long usernames */

		    options.use_dns));
		sshpam_laddr = get_local_ipaddr(
		    ssh_packet_get_connection_in(ssh));
		xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
		    sshpam_laddr, ssh_local_port(ssh));
	}
	if (sshpam_rhost != NULL) {
		debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);

			sshpam_handle = NULL;
			return (-1);
		}
	}
	if (ssh != NULL && sshpam_laddr != NULL) {
		/* Put SSH_CONNECTION in the PAM environment too */
		xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
		    sshpam_laddr, ssh_local_port(ssh));
		if ((r = pam_putenv(sshpam_handle, conninfo)) != PAM_SUCCESS)
			logit("pam_putenv: %s", pam_strerror(sshpam_handle, r));
		free(conninfo);
	}

#ifdef PAM_TTY_KLUDGE

Return to bug 3508

Lines 252-258 static Authctxt *sshpam_authctxt = NULL; Link Here

(-)a/auth-pam.c (-5 / +10 lines)
252	static const char *sshpam_password = NULL;	252	static const char *sshpam_password = NULL;
253	static char *sshpam_rhost = NULL;	253	static char *sshpam_rhost = NULL;
254	static char *sshpam_laddr = NULL;	254	static char *sshpam_laddr = NULL;
255	static char *sshpam_conninfo = NULL;
256		255
257	/* Some PAM implementations don't implement this */	256	/* Some PAM implementations don't implement this */
258	#ifndef HAVE_PAM_GETENVLIST	257	#ifndef HAVE_PAM_GETENVLIST
Lines 688-693 sshpam_init(struct ssh ssh, Authctxt authctxt) Link Here
688	{	687	{
689	const char pam_user, user = authctxt->user;	688	const char pam_user, user = authctxt->user;
690	const char **ptr_pam_user = &pam_user;	689	const char **ptr_pam_user = &pam_user;
		690	char *conninfo = NULL;
		691	int r;
691		692
692	#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)	693	#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
693	/* Protect buggy PAM implementations from excessively long usernames */	694	/* Protect buggy PAM implementations from excessively long usernames */
Lines 729-737 sshpam_init(struct ssh ssh, Authctxt authctxt) Link Here
729	options.use_dns));	730	options.use_dns));
730	sshpam_laddr = get_local_ipaddr(	731	sshpam_laddr = get_local_ipaddr(
731	ssh_packet_get_connection_in(ssh));	732	ssh_packet_get_connection_in(ssh));
732	xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
733	ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
734	sshpam_laddr, ssh_local_port(ssh));
735	}	733	}
736	if (sshpam_rhost != NULL) {	734	if (sshpam_rhost != NULL) {
737	debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);	735	debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
Lines 742-749 sshpam_init(struct ssh ssh, Authctxt authctxt) Link Here
742	sshpam_handle = NULL;	740	sshpam_handle = NULL;
743	return (-1);	741	return (-1);
744	}	742	}
		743	}
		744	if (ssh != NULL && sshpam_laddr != NULL) {
745	/* Put SSH_CONNECTION in the PAM environment too */	745	/* Put SSH_CONNECTION in the PAM environment too */
746	pam_putenv(sshpam_handle, sshpam_conninfo);	746	xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
		747	ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
		748	sshpam_laddr, ssh_local_port(ssh));
		749	if ((r = pam_putenv(sshpam_handle, conninfo)) != PAM_SUCCESS)
		750	logit("pam_putenv: %s", pam_strerror(sshpam_handle, r));
		751	free(conninfo);
747	}	752	}
748		753
749	#ifdef PAM_TTY_KLUDGE	754	#ifdef PAM_TTY_KLUDGE