Attachment #503 for bug #695

View | Details | Raw Unified | Return to bug 695
Collapse All | Expand All

Lines 424-429 Link Here

(-)acconfig.h (+3 lines)
424	/* Define if HEADER.ad exists in arpa/nameser.h */	424	/* Define if HEADER.ad exists in arpa/nameser.h */
425	#undef HAVE_HEADER_AD	425	#undef HAVE_HEADER_AD
426		426
		427	/* Define to disable pam_chauthtok via keyboard-interactive authentication */
		428	#undef DISABLE_KBDINT_CHAUTHTOK
		429
427	@BOTTOM@	430	@BOTTOM@
428		431
429	/* ***************** Shouldn't need to edit below this line ************ */	432	/* ***************** Shouldn't need to edit below this line ************ */





extern ServerOptions options;
extern Buffer loginmsg;
extern int compat20;

#define __unused


static int sshpam_new_authtok_reqd = 0;
static int sshpam_session_open = 0;
static int sshpam_cred_established = 0;
static int sshpam_account_status = -1;
static char **sshpam_env = NULL;

struct pam_ctxt {

	u_int i, num_env;
	int err;

	/* Import variables set by do_pam_account */
	sshpam_account_status = buffer_get_int(b);
	sshpam_new_authtok_reqd = buffer_get_int(b);

	if (sshpam_new_authtok_reqd == 0) {
		/* Reset forwarding flags */
		no_port_forwarding_flag &= ~2;
		no_agent_forwarding_flag &= ~2;
		no_x11_forwarding_flag &= ~2;
	}

	/* Import environment from subprocess */
	num_env = buffer_get_int(b);
	sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));

	sshpam_err = pam_authenticate(sshpam_handle, 0);
	if (sshpam_err != PAM_SUCCESS)
		goto auth_fail;
#ifndef DISABLE_KBDINT_CHAUTHTOK
	if (compat20) {
		if (do_pam_account() && sshpam_new_authtok_reqd) {
			sshpam_err = pam_chauthtok(sshpam_handle,
			    PAM_CHANGE_EXPIRED_AUTHTOK);
			if (sshpam_err != PAM_SUCCESS)
				goto auth_fail;
			sshpam_new_authtok_reqd = 0;
		}
	}
#endif
	buffer_put_cstring(&buffer, "OK");

#ifndef USE_POSIX_THREADS
	/* Export variables set by do_pam_account */
	buffer_put_int(&buffer, sshpam_account_status);
	buffer_put_int(&buffer, sshpam_new_authtok_reqd);

	/* Export any environment strings set in child */
	for(i = 0; environ[i] != NULL; i++)
		; /* Count */

u_int
do_pam_account(void)
{
	if (sshpam_account_status != -1)
		return (sshpam_account_status);

	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
	debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err);
	
	if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
		sshpam_account_status = 0;
		return (sshpam_account_status);
	}

	if (sshpam_err == PAM_NEW_AUTHTOK_REQD) {
		sshpam_new_authtok_reqd = 1;

		no_x11_forwarding_flag |= 2;
	}

	sshpam_account_status = 1;
	return (sshpam_account_status);
}

void

Lines 105-110 case "$host" in Link Here

(-)configure.ac (+1 lines)
105	AC_DEFINE(DISABLE_LASTLOG)	105	AC_DEFINE(DISABLE_LASTLOG)
106	AC_DEFINE(LOGIN_NEEDS_UTMPX)	106	AC_DEFINE(LOGIN_NEEDS_UTMPX)
107	AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)	107	AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
		108	AC_DEFINE(DISABLE_KBDINT_CHAUTHTOK)
108	;;	109	;;
109	--cygwin*)	110	--cygwin*)
110	check_for_libcrypt_later=1	111	check_for_libcrypt_later=1

Return to bug 695

Lines 53-58 RCSID("$Id: auth-pam.c,v 1.82 2003/11/18 Link Here

(-)auth-pam.c (-3 / +37 lines)
53		53
54	extern ServerOptions options;	54	extern ServerOptions options;
55	extern Buffer loginmsg;	55	extern Buffer loginmsg;
		56	extern int compat20;
56		57
57	#define __unused	58	#define __unused
58		59
Lines 118-123 static int sshpam_authenticated = 0; Link Here
118	static int sshpam_new_authtok_reqd = 0;	119	static int sshpam_new_authtok_reqd = 0;
119	static int sshpam_session_open = 0;	120	static int sshpam_session_open = 0;
120	static int sshpam_cred_established = 0;	121	static int sshpam_cred_established = 0;
		122	static int sshpam_account_status = -1;
121	static char **sshpam_env = NULL;	123	static char **sshpam_env = NULL;
122		124
123	struct pam_ctxt {	125	struct pam_ctxt {
Lines 152-157 import_environments(Buffer *b) Link Here
152	u_int i, num_env;	154	u_int i, num_env;
153	int err;	155	int err;
154		156
		157	/* Import variables set by do_pam_account */
		158	sshpam_account_status = buffer_get_int(b);
		159	sshpam_new_authtok_reqd = buffer_get_int(b);
		160
		161	if (sshpam_new_authtok_reqd == 0) {
		162	/* Reset forwarding flags */
		163	no_port_forwarding_flag &= ~2;
		164	no_agent_forwarding_flag &= ~2;
		165	no_x11_forwarding_flag &= ~2;
		166	}
		167
155	/* Import environment from subprocess */	168	/* Import environment from subprocess */
156	num_env = buffer_get_int(b);	169	num_env = buffer_get_int(b);
157	sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));	170	sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));
Lines 290-298 sshpam_thread(void *ctxtp) Link Here
290	sshpam_err = pam_authenticate(sshpam_handle, 0);	303	sshpam_err = pam_authenticate(sshpam_handle, 0);
291	if (sshpam_err != PAM_SUCCESS)	304	if (sshpam_err != PAM_SUCCESS)
292	goto auth_fail;	305	goto auth_fail;
		306	#ifndef DISABLE_KBDINT_CHAUTHTOK
		307	if (compat20) {
		308	if (do_pam_account() && sshpam_new_authtok_reqd) {
		309	sshpam_err = pam_chauthtok(sshpam_handle,
		310	PAM_CHANGE_EXPIRED_AUTHTOK);
		311	if (sshpam_err != PAM_SUCCESS)
		312	goto auth_fail;
		313	sshpam_new_authtok_reqd = 0;
		314	}
		315	}
		316	#endif
293	buffer_put_cstring(&buffer, "OK");	317	buffer_put_cstring(&buffer, "OK");
294		318
295	#ifndef USE_POSIX_THREADS	319	#ifndef USE_POSIX_THREADS
		320	/* Export variables set by do_pam_account */
		321	buffer_put_int(&buffer, sshpam_account_status);
		322	buffer_put_int(&buffer, sshpam_new_authtok_reqd);
		323
296	/* Export any environment strings set in child */	324	/* Export any environment strings set in child */
297	for(i = 0; environ[i] != NULL; i++)	325	for(i = 0; environ[i] != NULL; i++)
298	; /* Count */	326	; /* Count */
Lines 611-621 finish_pam(void) Link Here
611	u_int	639	u_int
612	do_pam_account(void)	640	do_pam_account(void)
613	{	641	{
		642	if (sshpam_account_status != -1)
		643	return (sshpam_account_status);
		644
614	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);	645	sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
615	debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err);	646	debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err);
616		647
617	if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD)	648	if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
618	return (0);	649	sshpam_account_status = 0;
		650	return (sshpam_account_status);
		651	}
619		652
620	if (sshpam_err == PAM_NEW_AUTHTOK_REQD) {	653	if (sshpam_err == PAM_NEW_AUTHTOK_REQD) {
621	sshpam_new_authtok_reqd = 1;	654	sshpam_new_authtok_reqd = 1;
Lines 626-632 do_pam_account(void) Link Here
626	no_x11_forwarding_flag \|= 2;	659	no_x11_forwarding_flag \|= 2;
627	}	660	}
628		661
629	return (1);	662	sshpam_account_status = 1;
		663	return (sshpam_account_status);
630	}	664	}
631		665
632	void	666	void