Bugzilla – Attachment 645 Details for
Bug 874
(Re)Add PAM PasswordAuthentication support
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
re-add PasswordAuthentication and UsePAM take 2
openssh-pam-passwd.patch (text/plain), 3.69 KB, created by
Darren Tucker
on 2004-05-28 21:42:40 AEST
(
hide
)
Description:
re-add PasswordAuthentication and UsePAM take 2
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-05-28 21:42:40 AEST
Size:
3.69 KB
patch
obsolete
>Index: auth-pam.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v >retrieving revision 1.102 >diff -u -p -r1.102 auth-pam.c >--- auth-pam.c 24 May 2004 01:55:36 -0000 1.102 >+++ auth-pam.c 28 May 2004 11:26:32 -0000 >@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0; > static int sshpam_account_status = -1; > static char **sshpam_env = NULL; > static Authctxt *sshpam_authctxt = NULL; >+static const char *sshpam_password = NULL; > > /* Some PAM implementations don't implement this */ > #ifndef HAVE_PAM_GETENVLIST >@@ -951,4 +952,82 @@ free_pam_environment(char **env) > xfree(env); > } > >+static int >+sshpam_passwd_conv(int n, const struct pam_message **msg, >+ struct pam_response **resp, void *data) >+{ >+ struct pam_response *reply; >+ int i; >+ size_t len; >+ >+ debug3("PAM: %s called with %d messages", __func__, n); >+ >+ *resp = NULL; >+ >+ if (n <= 0 || n > PAM_MAX_NUM_MSG) >+ return (PAM_CONV_ERR); >+ >+ if ((reply = malloc(n * sizeof(*reply))) == NULL) >+ return (PAM_CONV_ERR); >+ memset(reply, 0, n * sizeof(*reply)); >+ >+ for (i = 0; i < n; ++i) { >+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) { >+ case PAM_PROMPT_ECHO_OFF: >+ if (sshpam_password == NULL) >+ goto fail; >+ reply[i].resp = xstrdup(sshpam_password); >+ reply[i].resp_retcode = PAM_SUCCESS; >+ break; >+ case PAM_ERROR_MSG: >+ case PAM_TEXT_INFO: >+ len = strlen(PAM_MSG_MEMBER(msg, i, msg)); >+ if (len > 0) { >+ buffer_append(&loginmsg, >+ PAM_MSG_MEMBER(msg, i, msg), len); >+ buffer_append(&loginmsg, "\n", 1); >+ } >+ reply[i].resp = xstrdup(""); >+ reply[i].resp_retcode = PAM_SUCCESS; >+ break; >+ case PAM_AUTH_ERR: >+ /* XXX: log error */ >+ /* FALLTHROUGH */ >+ default: >+ goto fail; >+ } >+ } >+ *resp = reply; >+ return (PAM_SUCCESS); >+ >+ fail: >+ for(i = 0; i < n; i++) { >+ if (reply[i].resp != NULL) >+ xfree(reply[i].resp); >+ } >+ xfree(reply); >+ return (PAM_CONV_ERR); >+} >+ >+static struct pam_conv passwd_conv = { sshpam_passwd_conv, NULL }; >+ >+int >+sshpam_auth_passwd(Authctxt *authctxt, const char *password) >+{ >+ int result, flags = (options.permit_empty_passwd == 0 ? >+ PAM_DISALLOW_NULL_AUTHTOK : 0); >+ >+ sshpam_password = password; >+ sshpam_authctxt = authctxt; >+ >+ sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, >+ (const void *)&passwd_conv); >+ if (sshpam_err != PAM_SUCCESS) >+ fatal("PAM: %s: failed to set PAM_CONV: %s", __func__, >+ pam_strerror(sshpam_handle, sshpam_err)); >+ >+ result = pam_authenticate(sshpam_handle, flags); >+ sshpam_password = NULL; >+ return (result == PAM_SUCCESS); >+} > #endif /* USE_PAM */ >Index: auth-pam.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.h,v >retrieving revision 1.25 >diff -u -p -r1.25 auth-pam.h >--- auth-pam.h 8 Mar 2004 12:04:07 -0000 1.25 >+++ auth-pam.h 28 May 2004 11:18:05 -0000 >@@ -44,5 +44,6 @@ char ** fetch_pam_child_environment(void > void free_pam_environment(char **); > void sshpam_thread_cleanup(void); > void sshpam_cleanup(void); >+int sshpam_auth_passwd(Authctxt *, const char *); > > #endif /* USE_PAM */ >Index: auth-passwd.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-passwd.c,v >retrieving revision 1.73 >diff -u -p -r1.73 auth-passwd.c >--- auth-passwd.c 4 Mar 2004 11:59:37 -0000 1.73 >+++ auth-passwd.c 28 May 2004 11:18:30 -0000 >@@ -91,6 +91,10 @@ auth_password(Authctxt *authctxt, const > return ok; > } > #endif >+#ifdef USE_PAM >+ if (options.use_pam) >+ return (sshpam_auth_passwd(authctxt, password) && ok); >+#endif > #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) > if (!expire_checked) { > expire_checked = 1;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=645">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 874
:
644
|
645
|
646