Attachment #375 for bug #423

Lines 35-40 Link Here

(-)auth-pam.h-orig (+1 lines)
35	void finish_pam(void);	35	void finish_pam(void);
36	u_int do_pam_account(void);	36	u_int do_pam_account(void);
37	void do_pam_session(const char , const char );	37	void do_pam_session(const char , const char );
		38	void do_pam_set_tty(const char *ttyname);
38	void do_pam_setcred(int );	39	void do_pam_setcred(int );
39	int is_pam_password_change_required(void);	40	int is_pam_password_change_required(void);
40	void do_pam_chauthtok(void);	41	void do_pam_chauthtok(void);

Lines 199-208 Link Here

(-)auth-pam.c-orig (-1 / +15 lines)
199	{	199	{
200	struct pam_ctxt *ctxt = ctxtp;	200	struct pam_ctxt *ctxt = ctxtp;
201	Buffer buffer;	201	Buffer buffer;
202	struct pam_conv sshpam_conv = { sshpam_thread_conv, ctxt };	202	struct pam_conv sshpam_conv;
203	#ifndef USE_POSIX_THREADS	203	#ifndef USE_POSIX_THREADS
204	const char *pam_user;	204	const char *pam_user;
205		205
		206	sshpam_conv.conv = sshpam_thread_conv;
		207	sshpam_conv.appdata_ptr = ctxt;
		208
206	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);	209	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
207	setproctitle("%s [pam]", pam_user);	210	setproctitle("%s [pam]", pam_user);
208	#endif	211	#endif
Lines 550-555 Link Here
550	fatal("PAM: pam_open_session(): %s",	553	fatal("PAM: pam_open_session(): %s",
551	pam_strerror(sshpam_handle, sshpam_err));	554	pam_strerror(sshpam_handle, sshpam_err));
552	sshpam_session_open = 1;	555	sshpam_session_open = 1;
		556	}
		557
		558	void
		559	do_pam_set_tty(const char *ttyname) {
		560	if (ttyname != NULL) {
		561	debug("PAM setting tty to \"%.200s\"", ttyname);
		562	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, ttyname);
		563	if (sshpam_err != PAM_SUCCESS)
		564	fatal("PAM set tty failed[%d]: %.200s",
		565	sshpam_err, pam_strerror(sshpam_handle, sshpam_err));
		566	}
553	}	567	}
554		568
555	void	569	void





#if defined(USE_PAM)
	if (options.use_pam) {
		do_pam_session(s->pw->pw_name, NULL);
		do_pam_setcred(1);
		if (is_pam_password_change_required())
			packet_disconnect("Password change required but no "


#if defined(USE_PAM)
	if (options.use_pam) {
		do_pam_set_tty(s->tty);
		do_pam_setcred(1);
	}
#endif

		 */
		if (options.use_pam)
			do_pam_setcred(0);
			do_pam_session(pw->pw_name,NULL);
# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
		irix_setusercontext(pw);

Return to bug 423

Lines 426-432 Link Here

(-)session.c-orig (-2 / +2 lines)
426		426
427	#if defined(USE_PAM)	427	#if defined(USE_PAM)
428	if (options.use_pam) {	428	if (options.use_pam) {
429	do_pam_session(s->pw->pw_name, NULL);
430	do_pam_setcred(1);	429	do_pam_setcred(1);
431	if (is_pam_password_change_required())	430	if (is_pam_password_change_required())
432	packet_disconnect("Password change required but no "	431	packet_disconnect("Password change required but no "
Lines 561-567 Link Here
561		560
562	#if defined(USE_PAM)	561	#if defined(USE_PAM)
563	if (options.use_pam) {	562	if (options.use_pam) {
564	do_pam_session(s->pw->pw_name, s->tty);	563	do_pam_set_tty(s->tty);
565	do_pam_setcred(1);	564	do_pam_setcred(1);
566	}	565	}
567	#endif	566	#endif
Lines 1235-1240 Link Here
1235	*/	1234	*/
1236	if (options.use_pam)	1235	if (options.use_pam)
1237	do_pam_setcred(0);	1236	do_pam_setcred(0);
		1237	do_pam_session(pw->pw_name,NULL);
1238	# endif /* USE_PAM */	1238	# endif /* USE_PAM */
1239	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)	1239	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)
1240	irix_setusercontext(pw);	1240	irix_setusercontext(pw);