Date: Sun, 6 May 2001 19:22:23 +0200 From: Volker Stolz <stolz@I2.Informatik.RWTH-Aachen.DE> To: gnats-admin@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Patch (Re: bin/27153: =?iso-8859-1?Q?login?= =?iso-8859-1?B?KDEpIGRvZXNutHQ=?= call pam_open_session) Message-ID: <20010506192223.A24272@i2.informatik.rwth-aachen.de> In-Reply-To: <200105061240.f46Ce1b15863@freefall.freebsd.org>; from gnats-admin@FreeBSD.org on Sun, May 06, 2001 at 05:40:01AM -0700 References: <200105061240.f46Ce7119059@monster.ikea.net> <200105061240.f46Ce1b15863@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--vOmOzSkFvhd7u8Ms
Content-Type: multipart/mixed; boundary="XOIedfhf+7KOe/yw"
Content-Disposition: inline
--XOIedfhf+7KOe/yw
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
This patch works(tm), pam_ssh.so from /usr/src works now, too.
--=20
Abstrakte Syntaxtr=E4ume.
Volker Stolz * stolz@i2.informatik.rwth-aachen.de * PGP + S/MIME
--XOIedfhf+7KOe/yw
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename="login.patch"
Content-Transfer-Encoding: quoted-printable
--- login.c.orig Sun May 6 17:02:55 2001
+++ login.c Sun May 6 19:18:14 2001
@@ -132,6 +132,7 @@
char full_hostname[MAXHOSTNAMELEN];
#ifndef NO_PAM
static char **environ_pam;
+pam_handle_t *pamh =3D NULL;
#endif
=20
int
@@ -147,6 +148,9 @@
int rootok, retries, backoff;
int ask, ch, cnt, fflag, hflag, pflag, quietlog, rootlogin, rval;
int changepass;
+#ifndef NO_PAM
+ int e=3DPAM_SUCCESS; /* pam_end() error code*/
+#endif
time_t warntime;
uid_t uid, euid;
gid_t egid;
@@ -321,6 +325,13 @@
* then fall back to using traditional Unix authentication.
*/
if ((rval =3D auth_pam()) =3D=3D -1)
+ if ((pamh) && (e =3D pam_end(pamh, e)) !=3D PAM_SUCCESS) {
+ syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
+ }
+ if (rval =3D=3D -1) /* auth_pam/ifdef-stupidity :-/
+ FIXME: Rewrite auth_pam() to call pam_end()
+ on errors instead of just returning.
+ */
#endif /* NO_PAM */
rval =3D auth_traditional();
=20
@@ -560,6 +571,15 @@
*/
if (environ_pam)
export_pam_environment();
+
+ /*
+ * NOTE: Don=B4t call pam_end()! Otherwise all the resources
+ * allocated will be freed. pam_end() is for ending *all*
+ * interaction with PAM, i.e. on logout.
+ *
+ * FIXME: We=B4ve got nowhere to call pam_end()/pam_session_close
+ * after the user logs out?!
+ */
#endif
=20
/*
@@ -677,7 +697,6 @@
static int
auth_pam()
{
- pam_handle_t *pamh =3D NULL;
const char *tmpl_user;
const void *item;
int rval;
@@ -732,6 +751,7 @@
PAM_SUCCESS)
syslog(LOG_ERR, "Couldn't establish credentials: %s",
pam_strerror(pamh, e));
+ if (pamh) pam_open_session(pamh, 0);
environ_pam =3D pam_getenvlist(pamh);
rval =3D 0;
break;
@@ -747,10 +767,6 @@
rval =3D -1;
break;
}
- if ((e =3D pam_end(pamh, e)) !=3D PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
- rval =3D -1;
- }
return rval;
}
=20
@@ -762,7 +778,7 @@
for (pp =3D environ_pam; *pp !=3D NULL; pp++) {
if (ok_to_export(*pp))
(void) putenv(*pp);
- free(*pp);
+ /* pp is not ours to free!*/
}
return PAM_SUCCESS;
}
--XOIedfhf+7KOe/yw--
--vOmOzSkFvhd7u8Ms
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (SunOS)
Comment: For info see http://www.gnupg.org
iQCVAwUBOvWITRLpPok/0ba1AQGkRAP/aJFXEHFt/KP5TFaRphQl6vXIvvRZRiYA
nQJZ4C77DxyIz1fJk93M+LOri0+6bLaXPTuKJYF37kxG5H7caBsR536JBzRoZg/h
3xK+ofybW0gtT+02D7CiQ/Xm+qgNtUCKL9A7+BHdH7xcqyB+Kdwhq4Bxhbs7vHhQ
FlA/+t99nqg=
=HXRh
-----END PGP SIGNATURE-----
--vOmOzSkFvhd7u8Ms--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010506192223.A24272>