Bugzilla – Attachment 377 Details for
Bug 423
Workaround for pw change in privsep mode (3.5.p1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
3rd version port of Dan's original session setup patch
do_setusercontext-patch (text/plain), 2.87 KB, created by
Michael Steffens
on 2003-09-01 18:31:44 AEST
(
hide
)
Description:
3rd version port of Dan's original session setup patch
Filename:
MIME Type:
Creator:
Michael Steffens
Created:
2003-09-01 18:31:44 AEST
Size:
2.87 KB
patch
obsolete
>--- auth-pam.h-orig Tue Aug 26 03:58:16 2003 >+++ auth-pam.h Mon Sep 1 10:00:06 2003 >@@ -34,7 +34,8 @@ > void start_pam(const char *); > void finish_pam(void); > u_int do_pam_account(void); >-void do_pam_session(const char *, const char *); >+void do_pam_session(const char *); >+void do_pam_set_tty(const char *); > void do_pam_setcred(int ); > int is_pam_password_change_required(void); > void do_pam_chauthtok(void); >--- auth-pam.c-orig Tue Aug 26 03:58:16 2003 >+++ auth-pam.c Mon Sep 1 10:00:06 2003 >@@ -199,10 +199,15 @@ > { > struct pam_ctxt *ctxt = ctxtp; > Buffer buffer; >- struct pam_conv sshpam_conv = { sshpam_thread_conv, ctxt }; >+ struct pam_conv sshpam_conv; > #ifndef USE_POSIX_THREADS > const char *pam_user; >+#endif >+ >+ sshpam_conv.conv = sshpam_thread_conv; >+ sshpam_conv.appdata_ptr = ctxt; > >+#ifndef USE_POSIX_THREADS > pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user); > setproctitle("%s [pam]", pam_user); > #endif >@@ -531,25 +536,29 @@ > } > > void >-do_pam_session(const char *user, const char *tty) >+do_pam_session(const char *user) > { > sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, > (const void *)&null_conv); > if (sshpam_err != PAM_SUCCESS) > fatal("PAM: failed to set PAM_CONV: %s", > pam_strerror(sshpam_handle, sshpam_err)); >- if (tty != NULL) { >- debug("PAM: setting PAM_TTY to \"%s\"", tty); >- sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty); >- if (sshpam_err != PAM_SUCCESS) >- fatal("PAM: failed to set PAM_TTY: %s", >- pam_strerror(sshpam_handle, sshpam_err)); >- } > sshpam_err = pam_open_session(sshpam_handle, 0); > if (sshpam_err != PAM_SUCCESS) > fatal("PAM: pam_open_session(): %s", > pam_strerror(sshpam_handle, sshpam_err)); > sshpam_session_open = 1; >+} >+ >+void >+do_pam_set_tty(const char *ttyname) { >+ if (ttyname != NULL) { >+ debug("PAM setting tty to \"%.200s\"", ttyname); >+ sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, ttyname); >+ if (sshpam_err != PAM_SUCCESS) >+ fatal("PAM set tty failed[%d]: %.200s", >+ sshpam_err, pam_strerror(sshpam_handle, sshpam_err)); >+ } > } > > void >--- session.c-orig Tue Aug 26 03:58:16 2003 >+++ session.c Mon Sep 1 10:00:06 2003 >@@ -426,7 +426,6 @@ > > #if defined(USE_PAM) > if (options.use_pam) { >- do_pam_session(s->pw->pw_name, NULL); > do_pam_setcred(1); > if (is_pam_password_change_required()) > packet_disconnect("Password change required but no " >@@ -561,7 +560,7 @@ > > #if defined(USE_PAM) > if (options.use_pam) { >- do_pam_session(s->pw->pw_name, s->tty); >+ do_pam_set_tty(s->tty); > do_pam_setcred(1); > } > #endif >@@ -1233,8 +1232,10 @@ > * These will have been wiped by the above initgroups() call. > * Reestablish them here. > */ >- if (options.use_pam) >+ if (options.use_pam) { > do_pam_setcred(0); >+ do_pam_session(pw->pw_name); >+ } > # endif /* USE_PAM */ > # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) > irix_setusercontext(pw);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=377">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 423
:
162
|
163
|
198
|
246
|
375
|
376
| 377