From owner-freebsd-bugs Sun May 6 10:22:44 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from r220-1.rz.RWTH-Aachen.DE (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by hub.freebsd.org (Postfix) with ESMTP id 72A5337B424; Sun, 6 May 2001 10:22:36 -0700 (PDT) (envelope-from stolz@I2.Informatik.RWTH-Aachen.DE) Received: from r220-1.rz.RWTH-Aachen.DE (relay2.RWTH-Aachen.DE [134.130.3.1]) by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3-2) with ESMTP id f46HMZp22234; Sun, 6 May 2001 19:22:35 +0200 (MEST) Received: from hyperion.informatik.rwth-aachen.de (hyperion.Informatik.RWTH-Aachen.DE [137.226.112.212]) by r220-1.rz.RWTH-Aachen.DE (8.10.1/8.11.3/3) with ESMTP id f46HMYH22230; Sun, 6 May 2001 19:22:34 +0200 (MEST) Received: from agamemnon.informatik.rwth-aachen.de (agamemnon.Informatik.RWTH-Aachen.DE [137.226.194.74]) by hyperion.informatik.rwth-aachen.de (8.9.1b+Sun/8.9.1/2) with ESMTP id TAA26219; Sun, 6 May 2001 19:18:24 +0200 (MET DST) Received: (from stolz@localhost) by agamemnon.informatik.rwth-aachen.de (8.9.1b+Sun/8.9.1-gb-2) id TAA24282; Sun, 6 May 2001 19:22:23 +0200 (MET DST) Date: Sun, 6 May 2001 19:22:23 +0200 From: Volker Stolz To: gnats-admin@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Patch (Re: bin/27153: =?iso-8859-1?Q?login?= =?iso-8859-1?B?KDEpIGRvZXNutHQ=?= call pam_open_session) Message-ID: <20010506192223.A24272@i2.informatik.rwth-aachen.de> References: <200105061240.f46Ce7119059@monster.ikea.net> <200105061240.f46Ce1b15863@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="vOmOzSkFvhd7u8Ms" Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <200105061240.f46Ce1b15863@freefall.freebsd.org>; from gnats-admin@FreeBSD.org on Sun, May 06, 2001 at 05:40:01AM -0700 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --vOmOzSkFvhd7u8Ms Content-Type: multipart/mixed; boundary="XOIedfhf+7KOe/yw" Content-Disposition: inline --XOIedfhf+7KOe/yw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This patch works(tm), pam_ssh.so from /usr/src works now, too. --=20 Abstrakte Syntaxtr=E4ume. Volker Stolz * stolz@i2.informatik.rwth-aachen.de * PGP + S/MIME --XOIedfhf+7KOe/yw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: attachment; filename="login.patch" Content-Transfer-Encoding: quoted-printable --- login.c.orig Sun May 6 17:02:55 2001 +++ login.c Sun May 6 19:18:14 2001 @@ -132,6 +132,7 @@ char full_hostname[MAXHOSTNAMELEN]; #ifndef NO_PAM static char **environ_pam; +pam_handle_t *pamh =3D NULL; #endif =20 int @@ -147,6 +148,9 @@ int rootok, retries, backoff; int ask, ch, cnt, fflag, hflag, pflag, quietlog, rootlogin, rval; int changepass; +#ifndef NO_PAM + int e=3DPAM_SUCCESS; /* pam_end() error code*/ +#endif time_t warntime; uid_t uid, euid; gid_t egid; @@ -321,6 +325,13 @@ * then fall back to using traditional Unix authentication. */ if ((rval =3D auth_pam()) =3D=3D -1) + if ((pamh) && (e =3D pam_end(pamh, e)) !=3D PAM_SUCCESS) { + syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); + } + if (rval =3D=3D -1) /* auth_pam/ifdef-stupidity :-/ + FIXME: Rewrite auth_pam() to call pam_end() + on errors instead of just returning. + */ #endif /* NO_PAM */ rval =3D auth_traditional(); =20 @@ -560,6 +571,15 @@ */ if (environ_pam) export_pam_environment(); + + /* + * NOTE: Don=B4t call pam_end()! Otherwise all the resources + * allocated will be freed. pam_end() is for ending *all* + * interaction with PAM, i.e. on logout. + * + * FIXME: We=B4ve got nowhere to call pam_end()/pam_session_close + * after the user logs out?! + */ #endif =20 /* @@ -677,7 +697,6 @@ static int auth_pam() { - pam_handle_t *pamh =3D NULL; const char *tmpl_user; const void *item; int rval; @@ -732,6 +751,7 @@ PAM_SUCCESS) syslog(LOG_ERR, "Couldn't establish credentials: %s", pam_strerror(pamh, e)); + if (pamh) pam_open_session(pamh, 0); environ_pam =3D pam_getenvlist(pamh); rval =3D 0; break; @@ -747,10 +767,6 @@ rval =3D -1; break; } - if ((e =3D pam_end(pamh, e)) !=3D PAM_SUCCESS) { - syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); - rval =3D -1; - } return rval; } =20 @@ -762,7 +778,7 @@ for (pp =3D environ_pam; *pp !=3D NULL; pp++) { if (ok_to_export(*pp)) (void) putenv(*pp); - free(*pp); + /* pp is not ours to free!*/ } return PAM_SUCCESS; } --XOIedfhf+7KOe/yw-- --vOmOzSkFvhd7u8Ms Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (SunOS) Comment: For info see http://www.gnupg.org iQCVAwUBOvWITRLpPok/0ba1AQGkRAP/aJFXEHFt/KP5TFaRphQl6vXIvvRZRiYA nQJZ4C77DxyIz1fJk93M+LOri0+6bLaXPTuKJYF37kxG5H7caBsR536JBzRoZg/h 3xK+ofybW0gtT+02D7CiQ/Xm+qgNtUCKL9A7+BHdH7xcqyB+Kdwhq4Bxhbs7vHhQ FlA/+t99nqg= =HXRh -----END PGP SIGNATURE----- --vOmOzSkFvhd7u8Ms-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message