Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 05 Feb 2002 01:20:05 +0900
From:      Takanori Saneto <sanewo@ba2.so-net.ne.jp>
To:        Dag-Erling Smorgrav <des@FreeBSD.org>
Cc:        Takanori Saneto <sanewo@ba2.so-net.ne.jp>
Subject:   Re: cvs commit: src/lib/libpam/modules/pam_ssh pam_ssh.c
Message-ID:  <200202041620.g14GK5R06184@muse.sanewo.dyn.to>
In-Reply-To: <200201241726.g0OHQSN97700@freefall.freebsd.org> (Dag-Erling Smorgrav's message of "Thu, 24 Jan 2002 09:26:28 -0800 (PST)")
References:  <200201241726.g0OHQSN97700@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In article <200201241726.g0OHQSN97700@freefall.freebsd.org>,
	Dag-Erling Smorgrav <des@FreeBSD.org> wrote:
>  PAM modules shouldn't call putenv(); pam_putenv() is sufficient.  The
>  caller is supposed to check the PAM envlist and export the variables it
>  contains; if it doesn't, it's broken.

This commit seems to make xdm fail to communicate with ssh-agent.

In pam_ssh.so, communication socket with ssh-agent is obtained by
ssh_get_authentication_connection, which requires specific information
(SSH_AGENT_xxx) should be in the process's environment.

Instead of using putenv(), how about using temporaly environment
generated from pam's environment as in the following patch?

Index: pam_ssh.c
===================================================================
RCS file: /export/cvsup/cvs/src/lib/libpam/modules/pam_ssh/pam_ssh.c,v
retrieving revision 1.24
diff -u -r1.24 pam_ssh.c
--- pam_ssh.c	24 Jan 2002 18:37:16 -0000	1.24
+++ pam_ssh.c	2 Feb 2002 10:14:08 -0000
@@ -482,7 +482,15 @@
 	PAM_LOG("Environment saved");
 
 	/* connect to the agent */
+	{
+	    extern char **environ;
+	    char **save, **evp;
+	    environ = pam_getenvlist(pamh);
 	ac = ssh_get_authentication_connection();
+	    for (evp = environ; *evp; evp++) (void)free(*evp);
+	    (void)free(environ);
+	    environ = save;
+	}
 	if (!ac) {
 		syslog(LOG_ERR, "%s: %s: %m", MODULE_NAME, agent_socket);
 		PAM_RETURN(PAM_SESSION_ERR);

-- 
sanewo

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202041620.g14GK5R06184>