diff options
| author | des <des@FreeBSD.org> | 2003-02-16 11:03:55 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2003-02-16 11:03:55 +0000 |
| commit | fc3e30fe3bc53bc0bbdd6c1ee4c48e187e511abf (patch) | |
| tree | a68ca0462042d8f1ae0fad1b478158e417da74a8 /crypto | |
| parent | de87d496d3c8f9ff6c6669d4289e62426e3e6664 (diff) | |
| download | FreeBSD-src-fc3e30fe3bc53bc0bbdd6c1ee4c48e187e511abf.zip FreeBSD-src-fc3e30fe3bc53bc0bbdd6c1ee4c48e187e511abf.tar.gz | |
Paranoia: instead of a NULL conversation function, use one that always
returns PAM_CONV_ERR; moreover, make sure we always have the right
conversation function installed before calling PAM service functions.
Also unwrap some not-so-long lines.
MFC after: 3 days
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/openssh/auth2-pam-freebsd.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/crypto/openssh/auth2-pam-freebsd.c b/crypto/openssh/auth2-pam-freebsd.c index 87033f3..e62b232 100644 --- a/crypto/openssh/auth2-pam-freebsd.c +++ b/crypto/openssh/auth2-pam-freebsd.c @@ -188,8 +188,7 @@ pam_thread(void *ctxtp) struct pam_conv pam_conv = { pam_thread_conv, ctxt }; buffer_init(&buffer); - pam_err = pam_set_item(pam_handle, - PAM_CONV, (const void *)&pam_conv); + pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&pam_conv); if (pam_err != PAM_SUCCESS) goto auth_fail; pam_err = pam_authenticate(pam_handle, 0); @@ -221,11 +220,24 @@ pam_thread_cleanup(void *ctxtp) close(ctxt->pam_csock); } +static int +pam_null_conv(int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + + return (PAM_CONV_ERR); +} + +static struct pam_conv null_conv = { pam_null_conv, NULL }; + static void pam_cleanup(void *arg) { (void)arg; debug("PAM: cleanup"); + pam_set_item(pam_handle, PAM_CONV, (const void *)&null_conv); if (pam_cred_established) { pam_setcred(pam_handle, PAM_DELETE_CRED); pam_cred_established = 0; @@ -242,7 +254,6 @@ pam_cleanup(void *arg) static int pam_init(const char *user) { - struct pam_conv no_conv = { NULL, NULL }; extern ServerOptions options; extern u_int utmp_len; const char *pam_rhost, *pam_user; @@ -258,7 +269,7 @@ pam_init(const char *user) pam_handle = NULL; } debug("PAM: initializing for \"%s\"", user); - pam_err = pam_start("sshd", user, &no_conv, &pam_handle); + pam_err = pam_start("sshd", user, &null_conv, &pam_handle); if (pam_err != PAM_SUCCESS) return (-1); pam_rhost = get_remote_name_or_ip(utmp_len, @@ -465,6 +476,10 @@ do_pam_account(const char *user, const char *ruser) void do_pam_session(const char *user, const char *tty) { + pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&null_conv); + if (pam_err != PAM_SUCCESS) + fatal("PAM: failed to set PAM_CONV: %s", + pam_strerror(pam_handle, pam_err)); debug("PAM: setting PAM_TTY to \"%s\"", tty); pam_err = pam_set_item(pam_handle, PAM_TTY, tty); if (pam_err != PAM_SUCCESS) @@ -480,6 +495,10 @@ do_pam_session(const char *user, const char *tty) void do_pam_setcred(int init) { + pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&null_conv); + if (pam_err != PAM_SUCCESS) + fatal("PAM: failed to set PAM_CONV: %s", + pam_strerror(pam_handle, pam_err)); if (init) { debug("PAM: establishing credentials"); pam_err = pam_setcred(pam_handle, PAM_ESTABLISH_CRED); @@ -559,8 +578,7 @@ do_pam_chauthtok(void) if (use_privsep) fatal("PAM: chauthtok not supprted with privsep"); - pam_err = pam_set_item(pam_handle, - PAM_CONV, (const void *)&pam_conv); + pam_err = pam_set_item(pam_handle, PAM_CONV, (const void *)&pam_conv); if (pam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(pam_handle, pam_err)); |
