Bugzilla – Attachment 709 Details for
Bug 926
pam_session_close called as user or not at all
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Set session_open flag in parent
openssh-pam-session-close.patch (text/plain), 2.09 KB, created by
Darren Tucker
on 2004-09-04 14:11:26 AEST
(
hide
)
Description:
Set session_open flag in parent
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2004-09-04 14:11:26 AEST
Size:
2.09 KB
patch
obsolete
>Index: auth-pam.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v >retrieving revision 1.114 >diff -u -p -r1.114 auth-pam.c >--- auth-pam.c 16 Aug 2004 13:12:06 -0000 1.114 >+++ auth-pam.c 4 Sep 2004 04:11:43 -0000 >@@ -952,7 +952,17 @@ do_pam_session(void) > if (sshpam_err != PAM_SUCCESS) > fatal("PAM: pam_open_session(): %s", > pam_strerror(sshpam_handle, sshpam_err)); >- sshpam_session_open = 1; >+} >+ >+/* >+ * Because the session modules are run by the forked child just before >+ * do_setusercontext, the cleanup must be run (as root) in the parent, so >+ * we set this flag in the parent instead. >+ */ >+void >+sshpam_set_session_open(int isopen) >+{ >+ sshpam_session_open = isopen; > } > > /* >Index: auth-pam.h >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.h,v >retrieving revision 1.26 >diff -u -p -r1.26 auth-pam.h >--- auth-pam.h 30 May 2004 10:43:59 -0000 1.26 >+++ auth-pam.h 4 Sep 2004 04:12:11 -0000 >@@ -35,6 +35,7 @@ void start_pam(Authctxt *); > void finish_pam(void); > u_int do_pam_account(void); > void do_pam_session(void); >+void sshpam_set_session_open(int); > void do_pam_set_tty(const char *); > void do_pam_setcred(int ); > void do_pam_chauthtok(void); >Index: session.c >=================================================================== >RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v >retrieving revision 1.288 >diff -u -p -r1.288 session.c >--- session.c 30 Aug 2004 10:42:08 -0000 1.288 >+++ session.c 4 Sep 2004 04:11:20 -0000 >@@ -398,8 +398,11 @@ do_exec_no_pty(Session *s, const char *c > session_proctitle(s); > > #if defined(USE_PAM) >- if (options.use_pam && !use_privsep) >- do_pam_setcred(1); >+ if (options.use_pam) { >+ if (!use_privsep) >+ do_pam_setcred(1); >+ sshpam_set_session_open(1); >+ } > #endif /* USE_PAM */ > > /* Fork the child. */ >@@ -537,6 +540,7 @@ do_exec_pty(Session *s, const char *comm > do_pam_set_tty(s->tty); > if (!use_privsep) > do_pam_setcred(1); >+ sshpam_set_session_open(1); > } > #endif >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=709">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 926
:
709
|
1143
|
1216
|
1472