diff options
author | des <des@FreeBSD.org> | 2004-04-20 09:35:04 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2004-04-20 09:35:04 +0000 |
commit | c69db9c5a2d88a51f8d2394cf37717ba93f07152 (patch) | |
tree | aaca3b36adea134d5ba39fa7c38bf759a9ef49c6 /crypto/openssh/auth-pam.c | |
parent | 7d1750f1d6c24163bf22790f8527f1783315c5e7 (diff) | |
download | FreeBSD-src-c69db9c5a2d88a51f8d2394cf37717ba93f07152.zip FreeBSD-src-c69db9c5a2d88a51f8d2394cf37717ba93f07152.tar.gz |
Vendor import of OpenSSH 3.8.1p1.
Diffstat (limited to 'crypto/openssh/auth-pam.c')
-rw-r--r-- | crypto/openssh/auth-pam.c | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index 1a30026..91f0030 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -31,7 +31,7 @@ /* Based on $FreeBSD$ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.100 2004/04/18 01:00:26 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -58,6 +58,7 @@ RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $"); extern ServerOptions options; extern Buffer loginmsg; extern int compat20; +extern u_int utmp_len; #ifdef USE_POSIX_THREADS #include <pthread.h> @@ -117,6 +118,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused, { pid_t pid; + sshpam_thread_status = -1; switch ((pid = fork())) { case -1: error("fork(): %s", strerror(errno)); @@ -159,7 +161,7 @@ static int sshpam_session_open = 0; static int sshpam_cred_established = 0; static int sshpam_account_status = -1; static char **sshpam_env = NULL; -static int *force_pwchange; +static Authctxt *sshpam_authctxt = NULL; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -179,7 +181,9 @@ void pam_password_change_required(int reqd) { debug3("%s %d", __func__, reqd); - *force_pwchange = reqd; + if (sshpam_authctxt == NULL) + fatal("%s: PAM authctxt not initialized", __func__); + sshpam_authctxt->force_pwchange = reqd; if (reqd) { no_port_forwarding_flag |= 2; no_agent_forwarding_flag |= 2; @@ -201,6 +205,7 @@ import_environments(Buffer *b) debug3("PAM: %s entering", __func__); +#ifndef USE_POSIX_THREADS /* Import variables set by do_pam_account */ sshpam_account_status = buffer_get_int(b); pam_password_change_required(buffer_get_int(b)); @@ -228,6 +233,7 @@ import_environments(Buffer *b) } #endif } +#endif } /* @@ -336,6 +342,9 @@ sshpam_thread(void *ctxtp) sshpam_conv.conv = sshpam_thread_conv; sshpam_conv.appdata_ptr = ctxt; + if (sshpam_authctxt == NULL) + fatal("%s: PAM authctxt not initialized", __func__); + buffer_init(&buffer); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (const void *)&sshpam_conv); @@ -348,7 +357,7 @@ sshpam_thread(void *ctxtp) if (compat20) { if (!do_pam_account()) goto auth_fail; - if (*force_pwchange) { + if (sshpam_authctxt->force_pwchange) { sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK); if (sshpam_err != PAM_SUCCESS) @@ -362,7 +371,7 @@ sshpam_thread(void *ctxtp) #ifndef USE_POSIX_THREADS /* Export variables set by do_pam_account */ buffer_put_int(&buffer, sshpam_account_status); - buffer_put_int(&buffer, *force_pwchange); + buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); /* Export any environment strings set in child */ for(i = 0; environ[i] != NULL; i++) @@ -443,11 +452,10 @@ sshpam_cleanup(void) } static int -sshpam_init(const char *user) +sshpam_init(Authctxt *authctxt) { - extern u_int utmp_len; extern char *__progname; - const char *pam_rhost, *pam_user; + const char *pam_rhost, *pam_user, *user = authctxt->user; if (sshpam_handle != NULL) { /* We already have a PAM context; check if the user matches */ @@ -461,6 +469,8 @@ sshpam_init(const char *user) debug("PAM: initializing for \"%s\"", user); sshpam_err = pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); + sshpam_authctxt = authctxt; + if (sshpam_err != PAM_SUCCESS) { pam_end(sshpam_handle, sshpam_err); sshpam_handle = NULL; @@ -503,7 +513,7 @@ sshpam_init_ctx(Authctxt *authctxt) return NULL; /* Initialize PAM */ - if (sshpam_init(authctxt->user) == -1) { + if (sshpam_init(authctxt) == -1) { error("PAM: initialization failed"); return (NULL); } @@ -511,8 +521,6 @@ sshpam_init_ctx(Authctxt *authctxt) ctxt = xmalloc(sizeof *ctxt); memset(ctxt, 0, sizeof(*ctxt)); - force_pwchange = &(authctxt->force_pwchange); - /* Start the authentication thread */ if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { error("PAM: failed create sockets: %s", strerror(errno)); @@ -591,7 +599,10 @@ sshpam_query(void *ctx, char **name, char **info, xfree(msg); return (0); } - error("PAM: %s", msg); + error("PAM: %s for %s%.100s from %.100s", msg, + sshpam_authctxt->valid ? "" : "illegal user ", + sshpam_authctxt->user, + get_remote_name_or_ip(utmp_len, options.use_dns)); /* FALLTHROUGH */ default: *num = 0; @@ -671,12 +682,12 @@ KbdintDevice mm_sshpam_device = { * This replaces auth-pam.c */ void -start_pam(const char *user) +start_pam(Authctxt *authctxt) { if (!options.use_pam) fatal("PAM: initialisation requested when UsePAM=no"); - if (sshpam_init(user) == -1) + if (sshpam_init(authctxt) == -1) fatal("PAM: initialisation failed"); } |