Date: Tue, 24 Jul 2001 18:27:53 +0200 (CEST) From: Volker Stolz <vs@i2.informatik.rwth-aachen.de> To: FreeBSD-gnats-submit@freebsd.org Cc: Volker Stolz <vs@i2.informatik.rwth-aachen.de> Subject: bin/29193: [PATCH] /usr/bin/login.c doesn´t save variables from pam_open_session Message-ID: <200107241627.f6OGRrI00740@monster.ikea.net>
index | next in thread | raw e-mail
>Number: 29193
>Category: bin
>Synopsis: [PATCH] /usr/bin/login.c doesn´t save variables from pam_open_session
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jul 24 09:30:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Volker Stolz
>Release: FreeBSD 4.3-STABLE i386
>Organization:
Lehrstuhl für Informatik II
>Environment:
System: FreeBSD monster.ikea.net 4.3-STABLE FreeBSD 4.3-STABLE #22: Sun Jul 15 12:26:32 CEST 2001 vs@monster.ikea.net:/opt/obj/opt/src/sys/MONSTER i386
>Description:
The recent changes to login.c still don´t take care of variables set by pam_open_session.
The pam-environment is copied too early. However, you will only note the differences if
you´re using pam extensively, e.g. /usr/ports/security/pam_ssh. [The default pam_ssh
plugin in the base system seems to be a NOP]
>How-To-Repeat:
Install /usr/ports/security/pam_ssh, setup /etc/pam.conf (take care, the port installs
the plugin in /usr/*local*/lib!). You won´t get the SSH-variables set after logging in
on the console until you apply the patch.
>Fix:
--- login.orig Fri Jul 20 11:05:23 2001
+++ login.c Tue Jul 24 18:16:07 2001
@@ -575,18 +575,6 @@
if (!pflag)
environ = envinit;
-#ifdef USE_PAM
- /*
- * Add any environmental variables that the
- * PAM modules may have set.
- */
- if (pamh) {
- environ_pam = pam_getenvlist(pamh);
- if (environ_pam)
- export_pam_environment();
- }
-#endif /* USE_PAM */
-
/*
* PAM modules might add supplementary groups during pam_setcred().
*/
@@ -605,6 +593,15 @@
syslog(LOG_ERR, "pam_setcred: %s",
pam_strerror(pamh, e));
}
+
+ /*
+ * Add any environmental variables that the
+ * PAM modules may have set.
+ * Call *after* opening session!
+ */
+ environ_pam = pam_getenvlist(pamh);
+ if (environ_pam)
+ export_pam_environment();
/*
* We must fork() before setuid() because we need to call
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107241627.f6OGRrI00740>