Date: Sun, 6 May 2001 19:22:23 +0200 From: Volker Stolz <stolz@I2.Informatik.RWTH-Aachen.DE> To: gnats-admin@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Patch (Re: bin/27153: =?iso-8859-1?Q?login?= =?iso-8859-1?B?KDEpIGRvZXNutHQ=?= call pam_open_session) Message-ID: <20010506192223.A24272@i2.informatik.rwth-aachen.de> In-Reply-To: <200105061240.f46Ce1b15863@freefall.freebsd.org>; from gnats-admin@FreeBSD.org on Sun, May 06, 2001 at 05:40:01AM -0700 References: <200105061240.f46Ce7119059@monster.ikea.net> <200105061240.f46Ce1b15863@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--vOmOzSkFvhd7u8Ms Content-Type: multipart/mixed; boundary="XOIedfhf+7KOe/yw" Content-Disposition: inline --XOIedfhf+7KOe/yw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This patch works(tm), pam_ssh.so from /usr/src works now, too. --=20 Abstrakte Syntaxtr=E4ume. Volker Stolz * stolz@i2.informatik.rwth-aachen.de * PGP + S/MIME --XOIedfhf+7KOe/yw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: attachment; filename="login.patch" Content-Transfer-Encoding: quoted-printable --- login.c.orig Sun May 6 17:02:55 2001 +++ login.c Sun May 6 19:18:14 2001 @@ -132,6 +132,7 @@ char full_hostname[MAXHOSTNAMELEN]; #ifndef NO_PAM static char **environ_pam; +pam_handle_t *pamh =3D NULL; #endif =20 int @@ -147,6 +148,9 @@ int rootok, retries, backoff; int ask, ch, cnt, fflag, hflag, pflag, quietlog, rootlogin, rval; int changepass; +#ifndef NO_PAM + int e=3DPAM_SUCCESS; /* pam_end() error code*/ +#endif time_t warntime; uid_t uid, euid; gid_t egid; @@ -321,6 +325,13 @@ * then fall back to using traditional Unix authentication. */ if ((rval =3D auth_pam()) =3D=3D -1) + if ((pamh) && (e =3D pam_end(pamh, e)) !=3D PAM_SUCCESS) { + syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); + } + if (rval =3D=3D -1) /* auth_pam/ifdef-stupidity :-/ + FIXME: Rewrite auth_pam() to call pam_end() + on errors instead of just returning. + */ #endif /* NO_PAM */ rval =3D auth_traditional(); =20 @@ -560,6 +571,15 @@ */ if (environ_pam) export_pam_environment(); + + /* + * NOTE: Don=B4t call pam_end()! Otherwise all the resources + * allocated will be freed. pam_end() is for ending *all* + * interaction with PAM, i.e. on logout. + * + * FIXME: We=B4ve got nowhere to call pam_end()/pam_session_close + * after the user logs out?! + */ #endif =20 /* @@ -677,7 +697,6 @@ static int auth_pam() { - pam_handle_t *pamh =3D NULL; const char *tmpl_user; const void *item; int rval; @@ -732,6 +751,7 @@ PAM_SUCCESS) syslog(LOG_ERR, "Couldn't establish credentials: %s", pam_strerror(pamh, e)); + if (pamh) pam_open_session(pamh, 0); environ_pam =3D pam_getenvlist(pamh); rval =3D 0; break; @@ -747,10 +767,6 @@ rval =3D -1; break; } - if ((e =3D pam_end(pamh, e)) !=3D PAM_SUCCESS) { - syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); - rval =3D -1; - } return rval; } =20 @@ -762,7 +778,7 @@ for (pp =3D environ_pam; *pp !=3D NULL; pp++) { if (ok_to_export(*pp)) (void) putenv(*pp); - free(*pp); + /* pp is not ours to free!*/ } return PAM_SUCCESS; } --XOIedfhf+7KOe/yw-- --vOmOzSkFvhd7u8Ms Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (SunOS) Comment: For info see http://www.gnupg.org iQCVAwUBOvWITRLpPok/0ba1AQGkRAP/aJFXEHFt/KP5TFaRphQl6vXIvvRZRiYA nQJZ4C77DxyIz1fJk93M+LOri0+6bLaXPTuKJYF37kxG5H7caBsR536JBzRoZg/h 3xK+ofybW0gtT+02D7CiQ/Xm+qgNtUCKL9A7+BHdH7xcqyB+Kdwhq4Bxhbs7vHhQ FlA/+t99nqg= =HXRh -----END PGP SIGNATURE----- --vOmOzSkFvhd7u8Ms-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010506192223.A24272>