Attachment #377 for bug #423

Lines 34-40 Link Here

(-)auth-pam.h-orig (-1 / +2 lines)
34	void start_pam(const char *);	34	void start_pam(const char *);
35	void finish_pam(void);	35	void finish_pam(void);
36	u_int do_pam_account(void);	36	u_int do_pam_account(void);
37	void do_pam_session(const char , const char );	37	void do_pam_session(const char *);
		38	void do_pam_set_tty(const char *);
38	void do_pam_setcred(int );	39	void do_pam_setcred(int );
39	int is_pam_password_change_required(void);	40	int is_pam_password_change_required(void);
40	void do_pam_chauthtok(void);	41	void do_pam_chauthtok(void);




{
	struct pam_ctxt *ctxt = ctxtp;
	Buffer buffer;
	struct pam_conv sshpam_conv;
#ifndef USE_POSIX_THREADS
	const char *pam_user;
#endif

	sshpam_conv.conv = sshpam_thread_conv;
	sshpam_conv.appdata_ptr = ctxt;

#ifndef USE_POSIX_THREADS
	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
	setproctitle("%s [pam]", pam_user);
#endif

}

void
do_pam_session(const char *user)
{
	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, 
	    (const void *)&null_conv);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: failed to set PAM_CONV: %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	if (tty != NULL) {
		debug("PAM: setting PAM_TTY to \"%s\"", tty);
		sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
		if (sshpam_err != PAM_SUCCESS)
			fatal("PAM: failed to set PAM_TTY: %s",
			    pam_strerror(sshpam_handle, sshpam_err));
	}
	sshpam_err = pam_open_session(sshpam_handle, 0);
	if (sshpam_err != PAM_SUCCESS)
		fatal("PAM: pam_open_session(): %s",
		    pam_strerror(sshpam_handle, sshpam_err));
	sshpam_session_open = 1;
}

void
do_pam_set_tty(const char *ttyname) {
	if (ttyname != NULL) {
		debug("PAM setting tty to \"%.200s\"", ttyname);
		sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, ttyname);
		if (sshpam_err != PAM_SUCCESS)
			fatal("PAM set tty failed[%d]: %.200s",
			    sshpam_err, pam_strerror(sshpam_handle, sshpam_err));
	}
}

void





#if defined(USE_PAM)
	if (options.use_pam) {
		do_pam_session(s->pw->pw_name, NULL);
		do_pam_setcred(1);
		if (is_pam_password_change_required())
			packet_disconnect("Password change required but no "


#if defined(USE_PAM)
	if (options.use_pam) {
		do_pam_set_tty(s->tty);
		do_pam_setcred(1);
	}
#endif

		 * These will have been wiped by the above initgroups() call.
		 * Reestablish them here.
		 */
		if (options.use_pam) {
			do_pam_setcred(0);
			do_pam_session(pw->pw_name);
		}
# endif /* USE_PAM */
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
		irix_setusercontext(pw);

Return to bug 423

Lines 199-208 Link Here

(-)auth-pam.c-orig (-9 / +18 lines)
199	{	199	{
200	struct pam_ctxt *ctxt = ctxtp;	200	struct pam_ctxt *ctxt = ctxtp;
201	Buffer buffer;	201	Buffer buffer;
202	struct pam_conv sshpam_conv = { sshpam_thread_conv, ctxt };	202	struct pam_conv sshpam_conv;
203	#ifndef USE_POSIX_THREADS	203	#ifndef USE_POSIX_THREADS
204	const char *pam_user;	204	const char *pam_user;
		205	#endif
		206
		207	sshpam_conv.conv = sshpam_thread_conv;
		208	sshpam_conv.appdata_ptr = ctxt;
205		209
		210	#ifndef USE_POSIX_THREADS
206	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);	211	pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
207	setproctitle("%s [pam]", pam_user);	212	setproctitle("%s [pam]", pam_user);
208	#endif	213	#endif
Lines 531-555 Link Here
531	}	536	}
532		537
533	void	538	void
534	do_pam_session(const char user, const char tty)	539	do_pam_session(const char *user)
535	{	540	{
536	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,	541	sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
537	(const void *)&null_conv);	542	(const void *)&null_conv);
538	if (sshpam_err != PAM_SUCCESS)	543	if (sshpam_err != PAM_SUCCESS)
539	fatal("PAM: failed to set PAM_CONV: %s",	544	fatal("PAM: failed to set PAM_CONV: %s",
540	pam_strerror(sshpam_handle, sshpam_err));	545	pam_strerror(sshpam_handle, sshpam_err));
541	if (tty != NULL) {
542	debug("PAM: setting PAM_TTY to \"%s\"", tty);
543	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
544	if (sshpam_err != PAM_SUCCESS)
545	fatal("PAM: failed to set PAM_TTY: %s",
546	pam_strerror(sshpam_handle, sshpam_err));
547	}
548	sshpam_err = pam_open_session(sshpam_handle, 0);	546	sshpam_err = pam_open_session(sshpam_handle, 0);
549	if (sshpam_err != PAM_SUCCESS)	547	if (sshpam_err != PAM_SUCCESS)
550	fatal("PAM: pam_open_session(): %s",	548	fatal("PAM: pam_open_session(): %s",
551	pam_strerror(sshpam_handle, sshpam_err));	549	pam_strerror(sshpam_handle, sshpam_err));
552	sshpam_session_open = 1;	550	sshpam_session_open = 1;
		551	}
		552
		553	void
		554	do_pam_set_tty(const char *ttyname) {
		555	if (ttyname != NULL) {
		556	debug("PAM setting tty to \"%.200s\"", ttyname);
		557	sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, ttyname);
		558	if (sshpam_err != PAM_SUCCESS)
		559	fatal("PAM set tty failed[%d]: %.200s",
		560	sshpam_err, pam_strerror(sshpam_handle, sshpam_err));
		561	}
553	}	562	}
554		563
555	void	564	void

Lines 426-432 Link Here

(-)session.c-orig (-3 / +4 lines)
426		426
427	#if defined(USE_PAM)	427	#if defined(USE_PAM)
428	if (options.use_pam) {	428	if (options.use_pam) {
429	do_pam_session(s->pw->pw_name, NULL);
430	do_pam_setcred(1);	429	do_pam_setcred(1);
431	if (is_pam_password_change_required())	430	if (is_pam_password_change_required())
432	packet_disconnect("Password change required but no "	431	packet_disconnect("Password change required but no "
Lines 561-567 Link Here
561		560
562	#if defined(USE_PAM)	561	#if defined(USE_PAM)
563	if (options.use_pam) {	562	if (options.use_pam) {
564	do_pam_session(s->pw->pw_name, s->tty);	563	do_pam_set_tty(s->tty);
565	do_pam_setcred(1);	564	do_pam_setcred(1);
566	}	565	}
567	#endif	566	#endif
Lines 1233-1240 Link Here
1233	* These will have been wiped by the above initgroups() call.	1232	* These will have been wiped by the above initgroups() call.
1234	* Reestablish them here.	1233	* Reestablish them here.
1235	*/	1234	*/
1236	if (options.use_pam)	1235	if (options.use_pam) {
1237	do_pam_setcred(0);	1236	do_pam_setcred(0);
		1237	do_pam_session(pw->pw_name);
		1238	}
1238	# endif /* USE_PAM */	1239	# endif /* USE_PAM */
1239	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)	1240	# if defined(WITH_IRIX_PROJECT) \|\| defined(WITH_IRIX_JOBS) \|\| defined(WITH_IRIX_ARRAY)
1240	irix_setusercontext(pw);	1241	irix_setusercontext(pw);