Bugzilla – Attachment 679 Details for
Bug 890
Allow users to see output from failing PAM session modules.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Make work for privsep=no too
openssh-pam-returnfromsession.patch (text/plain), 1.95 KB, created by
Darren Tucker
on 2004-07-04 11:21:34 AEST
(
hide
)
Description:
Make work for privsep=no too
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-07-04 11:21:34 AEST
Size:
1.95 KB
patch
obsolete
>Index: auth-pam.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v >retrieving revision 1.110 >diff -u -p -r1.110 auth-pam.c >--- auth-pam.c 1 Jul 2004 04:00:15 -0000 1.110 >+++ auth-pam.c 3 Jul 2004 15:27:47 -0000 >@@ -919,10 +919,20 @@ do_pam_session(void) > fatal("PAM: failed to set PAM_CONV: %s", > pam_strerror(sshpam_handle, sshpam_err)); > sshpam_err = pam_open_session(sshpam_handle, 0); >- if (sshpam_err != PAM_SUCCESS) >- fatal("PAM: pam_open_session(): %s", >+ if (sshpam_err == PAM_SUCCESS) >+ sshpam_session_open = 1; >+ else { >+ disable_forwarding(); >+ error("PAM: pam_open_session(): %s", > pam_strerror(sshpam_handle, sshpam_err)); >- sshpam_session_open = 1; >+ } >+ >+} >+ >+int >+is_pam_session_open(void) >+{ >+ return sshpam_session_open; > } > > /* >Index: auth-pam.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.h,v >retrieving revision 1.26 >diff -u -p -r1.26 auth-pam.h >--- auth-pam.h 30 May 2004 10:43:59 -0000 1.26 >+++ auth-pam.h 3 Jul 2004 08:34:53 -0000 >@@ -45,5 +45,6 @@ void free_pam_environment(char **); > void sshpam_thread_cleanup(void); > void sshpam_cleanup(void); > int sshpam_auth_passwd(Authctxt *, const char *); >+int is_pam_session_open(void); > > #endif /* USE_PAM */ >Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v >retrieving revision 1.284 >diff -u -p -r1.284 session.c >--- session.c 30 Jun 2004 23:48:29 -0000 1.284 >+++ session.c 3 Jul 2004 15:24:15 -0000 >@@ -1441,6 +1441,13 @@ do_child(Session *s, const char *command > #endif /* HAVE_OSF_SIA */ > } > >+#ifdef USE_PAM >+ if (options.use_pam && !is_pam_session_open()) { >+ display_loginmsg(); >+ exit(254); >+ } >+#endif >+ > /* > * Get the shell from the password data. An empty shell field is > * legal, and means /bin/sh.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=679">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
djm
:
ok+
Actions:
View
|
Diff
Attachments on
bug 890
:
678
| 679