summaryrefslogtreecommitdiffstats
path: root/crypto/openssh
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2003-02-16 11:03:55 +0000
committerdes <des@FreeBSD.org>2003-02-16 11:03:55 +0000
commitfc3e30fe3bc53bc0bbdd6c1ee4c48e187e511abf (patch)
treea68ca0462042d8f1ae0fad1b478158e417da74a8 /crypto/openssh
parentde87d496d3c8f9ff6c6669d4289e62426e3e6664 (diff)
downloadFreeBSD-src-fc3e30fe3bc53bc0bbdd6c1ee4c48e187e511abf.zip
FreeBSD-src-fc3e30fe3bc53bc0bbdd6c1ee4c48e187e511abf.tar.gz
Paranoia: instead of a NULL conversation function, use one that always
returns PAM_CONV_ERR; moreover, make sure we always have the right conversation function installed before calling PAM service functions. Also unwrap some not-so-long lines. MFC after: 3 days
Diffstat (limited to 'crypto/openssh')
-rw-r--r--crypto/openssh/auth2-pam-freebsd.c30
1 files changed, 24 insertions, 6 deletions
diff --git a/crypto/openssh/auth2-pam-freebsd.c b/crypto/openssh/auth2-pam-freebsd.c
index 87033f3..e62b232 100644
--- a/crypto/openssh/auth2-pam-freebsd.c
+++ b/crypto/openssh/auth2-pam-freebsd.c
@@ -188,8 +188,7 @@ pam_thread(void *ctxtp)
struct pam_conv pam_conv = { pam_thread_conv, ctxt };
buffer_init(&buffer);
- pam_err = pam_set_item(pam_handle,
- PAM_CONV, (const void *)&pam_conv);
+ pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&pam_conv);
if (pam_err != PAM_SUCCESS)
goto auth_fail;
pam_err = pam_authenticate(pam_handle, 0);
@@ -221,11 +220,24 @@ pam_thread_cleanup(void *ctxtp)
close(ctxt->pam_csock);
}
+static int
+pam_null_conv(int n,
+ const struct pam_message **msg,
+ struct pam_response **resp,
+ void *data)
+{
+
+ return (PAM_CONV_ERR);
+}
+
+static struct pam_conv null_conv = { pam_null_conv, NULL };
+
static void
pam_cleanup(void *arg)
{
(void)arg;
debug("PAM: cleanup");
+ pam_set_item(pam_handle, PAM_CONV, (const void *)&null_conv);
if (pam_cred_established) {
pam_setcred(pam_handle, PAM_DELETE_CRED);
pam_cred_established = 0;
@@ -242,7 +254,6 @@ pam_cleanup(void *arg)
static int
pam_init(const char *user)
{
- struct pam_conv no_conv = { NULL, NULL };
extern ServerOptions options;
extern u_int utmp_len;
const char *pam_rhost, *pam_user;
@@ -258,7 +269,7 @@ pam_init(const char *user)
pam_handle = NULL;
}
debug("PAM: initializing for \"%s\"", user);
- pam_err = pam_start("sshd", user, &no_conv, &pam_handle);
+ pam_err = pam_start("sshd", user, &null_conv, &pam_handle);
if (pam_err != PAM_SUCCESS)
return (-1);
pam_rhost = get_remote_name_or_ip(utmp_len,
@@ -465,6 +476,10 @@ do_pam_account(const char *user, const char *ruser)
void
do_pam_session(const char *user, const char *tty)
{
+ pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&null_conv);
+ if (pam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(pam_handle, pam_err));
debug("PAM: setting PAM_TTY to \"%s\"", tty);
pam_err = pam_set_item(pam_handle, PAM_TTY, tty);
if (pam_err != PAM_SUCCESS)
@@ -480,6 +495,10 @@ do_pam_session(const char *user, const char *tty)
void
do_pam_setcred(int init)
{
+ pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&null_conv);
+ if (pam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_CONV: %s",
+ pam_strerror(pam_handle, pam_err));
if (init) {
debug("PAM: establishing credentials");
pam_err = pam_setcred(pam_handle, PAM_ESTABLISH_CRED);
@@ -559,8 +578,7 @@ do_pam_chauthtok(void)
if (use_privsep)
fatal("PAM: chauthtok not supprted with privsep");
- pam_err = pam_set_item(pam_handle,
- PAM_CONV, (const void *)&pam_conv);
+ pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&pam_conv);
if (pam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(pam_handle, pam_err));
OpenPOWER on IntegriCloud