Bugzilla – Attachment 472 Details for
Bug 717
AFS tokens are not generated upon login
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Try to export environment from PAM authentication subprocess
pamenvexport.diff (text/plain), 4.76 KB, created by
Damien Miller
on 2003-09-27 11:19:56 AEST
(
hide
)
Description:
Try to export environment from PAM authentication subprocess
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2003-09-27 11:19:56 AEST
Size:
4.76 KB
patch
obsolete
>Index: auth-pam.c >=================================================================== >RCS file: /var/cvs/openssh/auth-pam.c,v >retrieving revision 1.74 >diff -u -r1.74 auth-pam.c >--- auth-pam.c 23 Sep 2003 12:12:38 -0000 1.74 >+++ auth-pam.c 27 Sep 2003 01:13:57 -0000 >@@ -117,6 +117,7 @@ > static int sshpam_new_authtok_reqd = 0; > static int sshpam_session_open = 0; > static int sshpam_cred_established = 0; >+static char **sshpam_env = NULL; > > struct pam_ctxt { > sp_pthread_t pam_thread; >@@ -127,6 +128,53 @@ > > static void sshpam_free_ctx(void *); > >+/* Some PAM implementations don't implement this */ >+#ifndef HAVE_PAM_GETENVLIST >+static char ** >+pam_getenvlist(pam_handle_t *pamh) >+{ >+ /* >+ * XXX - If necessary, we can still support envrionment passing >+ * for platforms without pam_getenvlist by searching for known >+ * env vars (e.g. KRB5CCNAME) from the PAM environment. >+ */ >+ return NULL; >+} >+#endif >+ >+/* Import regular and PAM environment from subprocess */ >+static void >+import_environments(Buffer *b) >+{ >+ char *env; >+ u_int i, num_env; >+ int err; >+ >+ /* Import environment from subprocess */ >+ num_env = buffer_get_int(b); >+ sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); >+ debug("XXX PAM: num env strings %d", num_env); >+ for(i = 0; i < num_env; i++) { >+ sshpam_env[i] = buffer_get_string(b, NULL); >+ debug("XXX PAM: env %d: %s", i, sshpam_env[i]); >+ } >+ sshpam_env[num_env] = NULL; >+ >+ /* Import PAM environment from subprocess */ >+ num_env = buffer_get_int(b); >+ debug("XXX PAM: num PAM env strings %d", num_env); >+ for(i = 0; i < num_env; i++) { >+ env = buffer_get_string(b, NULL); >+ debug("XXX PAM: PAM env %d: %s", i, env); >+ >+ /* Errors are not fatal here */ >+ if ((err = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { >+ error("PAM: pam_putenv: %s", >+ pam_strerror(sshpam_handle, sshpam_err)); >+ } >+ } >+} >+ > /* > * Conversation function for authentication thread. > */ >@@ -213,10 +261,14 @@ > Buffer buffer; > struct pam_conv sshpam_conv; > #ifndef USE_POSIX_THREADS >+ extern char **environ; >+ char **env_from_pam; >+ u_int i; > const char *pam_user; > > pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user); > setproctitle("%s [pam]", pam_user); >+ environ[0] = NULL; > #endif > > sshpam_conv.conv = sshpam_thread_conv; >@@ -231,6 +283,24 @@ > if (sshpam_err != PAM_SUCCESS) > goto auth_fail; > buffer_put_cstring(&buffer, "OK"); >+ >+#ifndef USE_POSIX_THREADS >+ /* Export any environment strings set in child */ >+ for(i = 0; environ[i] != NULL; i++) >+ ; /* Count */ >+ buffer_put_int(&buffer, i); >+ for(i = 0; environ[i] != NULL; i++) >+ buffer_put_cstring(&buffer, environ[i]); >+ >+ /* Export any environment strings set by PAM in child */ >+ env_from_pam = pam_getenvlist(sshpam_handle); >+ for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) >+ ; /* Count */ >+ buffer_put_int(&buffer, i); >+ for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) >+ buffer_put_cstring(&buffer, env_from_pam[i]); >+#endif /* USE_POSIX_THREADS */ >+ > ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); > buffer_free(&buffer); > pthread_exit(NULL); >@@ -430,6 +500,7 @@ > **prompts = NULL; > } > if (type == PAM_SUCCESS) { >+ import_environments(&buffer); > *num = 0; > **echo_on = 0; > ctxt->pam_done = 1; >@@ -692,7 +763,6 @@ > * modules can handle things like Kerberos/GSI credentials that appear > * during the ssh authentication process. > */ >- > int > do_pam_putenv(char *name, char *value) > { >@@ -719,14 +789,15 @@ > } > > char ** >+fetch_pam_child_environment(void) >+{ >+ return sshpam_env; >+} >+ >+char ** > fetch_pam_environment(void) > { >-#ifdef HAVE_PAM_GETENVLIST >- debug("PAM: retrieving environment"); > return (pam_getenvlist(sshpam_handle)); >-#else >- return (NULL); >-#endif > } > > void >Index: auth-pam.h >=================================================================== >RCS file: /var/cvs/openssh/auth-pam.h,v >retrieving revision 1.21 >diff -u -r1.21 auth-pam.h >--- auth-pam.h 2 Sep 2003 13:18:53 -0000 1.21 >+++ auth-pam.h 27 Sep 2003 01:13:57 -0000 >@@ -42,6 +42,7 @@ > int do_pam_putenv(char *, char *); > void print_pam_messages(void); > char ** fetch_pam_environment(void); >+char ** fetch_pam_child_environment(void); > void free_pam_environment(char **); > > #endif /* USE_PAM */ >Index: session.c >=================================================================== >RCS file: /var/cvs/openssh/session.c,v >retrieving revision 1.255 >diff -u -r1.255 session.c >--- session.c 22 Sep 2003 11:04:23 -0000 1.255 >+++ session.c 27 Sep 2003 01:13:57 -0000 >@@ -1104,8 +1104,13 @@ > * been set by PAM. > */ > if (options.use_pam) { >- char **p = fetch_pam_environment(); >+ char **p; >+ >+ p = fetch_pam_child_environment(); >+ copy_environment(p, &env, &envsize); >+ free_pam_environment(p); > >+ p = fetch_pam_environment(); > copy_environment(p, &env, &envsize); > free_pam_environment(p); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=472">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 717
: 472 |
476