From owner-cvs-all Mon Feb 4 8:20:20 2002 Delivered-To: cvs-all@freebsd.org Received: from muse.sanewo.dyn.to (p803c26.tokyjk17.ap.so-net.ne.jp [211.128.60.38]) by hub.freebsd.org (Postfix) with ESMTP id 3A86B37B41F; Mon, 4 Feb 2002 08:20:03 -0800 (PST) Received: from muse.sanewo.dyn.to (sanewo@localhost [127.0.0.1]) by muse.sanewo.dyn.to (8.11.6/8.11.6) with ESMTP id g14GK5R06184; Tue, 5 Feb 2002 01:20:05 +0900 (JST) (envelope-from sanewo@muse.sanewo.dyn.to) Message-Id: <200202041620.g14GK5R06184@muse.sanewo.dyn.to> To: Dag-Erling Smorgrav Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_ssh pam_ssh.c References: <200201241726.g0OHQSN97700@freefall.freebsd.org> Cc: Takanori Saneto From: Takanori Saneto In-Reply-To: <200201241726.g0OHQSN97700@freefall.freebsd.org> (Dag-Erling Smorgrav's message of "Thu, 24 Jan 2002 09:26:28 -0800 (PST)") MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII User-Agent: T-gnus/6.15.5 (based on Oort Gnus v0.05) (revision 01) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 MULE XEmacs/21.5 (beta3) (asparagus) (i386-unknown-freebsd5.0) Date: Tue, 05 Feb 2002 01:20:05 +0900 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In article <200201241726.g0OHQSN97700@freefall.freebsd.org>, Dag-Erling Smorgrav wrote: > PAM modules shouldn't call putenv(); pam_putenv() is sufficient. The > caller is supposed to check the PAM envlist and export the variables it > contains; if it doesn't, it's broken. This commit seems to make xdm fail to communicate with ssh-agent. In pam_ssh.so, communication socket with ssh-agent is obtained by ssh_get_authentication_connection, which requires specific information (SSH_AGENT_xxx) should be in the process's environment. Instead of using putenv(), how about using temporaly environment generated from pam's environment as in the following patch? Index: pam_ssh.c =================================================================== RCS file: /export/cvsup/cvs/src/lib/libpam/modules/pam_ssh/pam_ssh.c,v retrieving revision 1.24 diff -u -r1.24 pam_ssh.c --- pam_ssh.c 24 Jan 2002 18:37:16 -0000 1.24 +++ pam_ssh.c 2 Feb 2002 10:14:08 -0000 @@ -482,7 +482,15 @@ PAM_LOG("Environment saved"); /* connect to the agent */ + { + extern char **environ; + char **save, **evp; + environ = pam_getenvlist(pamh); ac = ssh_get_authentication_connection(); + for (evp = environ; *evp; evp++) (void)free(*evp); + (void)free(environ); + environ = save; + } if (!ac) { syslog(LOG_ERR, "%s: %s: %m", MODULE_NAME, agent_socket); PAM_RETURN(PAM_SESSION_ERR); -- sanewo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message