From 22e22bf9bab94862c860ad4ed652f308dda63f81 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 19 Jan 2001 15:46:38 +1100 Subject: [PATCH] - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai ) to fix NULL pointer deref and fake authloop breakage in PAM code. --- ChangeLog | 2 ++ auth-pam.c | 8 ++++---- auth-pam.h | 2 +- auth1.c | 2 +- auth2-pam.c | 8 +++----- auth2.c | 5 ++++- 6 files changed, 15 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8b5df6fde..261ca19ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ - markus@cvs.openbsd.org 2001/01/18 17:12:43 [auth-chall.c auth2-chall.c] rename *-skey.c *-chall.c since the files are not skey specific + - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai ) + to fix NULL pointer deref and fake authloop breakage in PAM code. 20010118 - (bal) Super Sized OpenBSD Resync diff --git a/auth-pam.c b/auth-pam.c index 07847cb9d..befb84c08 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -29,7 +29,7 @@ #include "xmalloc.h" #include "servconf.h" -RCSID("$Id: auth-pam.c,v 1.20 2000/12/20 02:34:49 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -323,13 +323,13 @@ void finish_pam(void) } /* Start PAM authentication for specified account */ -void start_pam(struct passwd *pw) +void start_pam(const char *user) { int pam_retval; - debug("Starting up PAM with username \"%.200s\"", pw->pw_name); + debug("Starting up PAM with username \"%.200s\"", user); - pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh); + pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh); if (pam_retval != PAM_SUCCESS) { fatal("PAM initialisation failed[%d]: %.200s", diff --git a/auth-pam.h b/auth-pam.h index ca261afeb..68d446592 100644 --- a/auth-pam.h +++ b/auth-pam.h @@ -3,7 +3,7 @@ #include /* For struct passwd */ -void start_pam(struct passwd *pw); +void start_pam(const char *user); void finish_pam(void); int auth_pam_password(struct passwd *pw, const char *password); char **fetch_pam_environment(void); diff --git a/auth1.c b/auth1.c index 0f21c4c7c..ee165a442 100644 --- a/auth1.c +++ b/auth1.c @@ -414,7 +414,7 @@ do_authentication() #ifdef USE_PAM if (pw) - start_pam(pw); + start_pam(user); #endif /* diff --git a/auth2-pam.c b/auth2-pam.c index 498cc7461..d1d840972 100644 --- a/auth2-pam.c +++ b/auth2-pam.c @@ -1,5 +1,5 @@ #include "includes.h" -RCSID("$Id: auth2-pam.c,v 1.3 2001/01/19 04:26:52 mouring Exp $"); +RCSID("$Id: auth2-pam.c,v 1.4 2001/01/19 04:46:38 djm Exp $"); #ifdef USE_PAM #include "ssh.h" @@ -36,10 +36,8 @@ auth2_pam(Authctxt *authctxt) if (authctxt->user == NULL) fatal("auth2_pam: internal error: no user"); - if (authctxt->valid) { - conv2.appdata_ptr = authctxt; - pam_set_conv(&conv2); - } + conv2.appdata_ptr = authctxt; + pam_set_conv(&conv2); dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, &input_userauth_info_response_pam); diff --git a/auth2.c b/auth2.c index 348c2f3a4..bab1c2ed8 100644 --- a/auth2.c +++ b/auth2.c @@ -210,10 +210,13 @@ input_userauth_request(int type, int plen, void *ctxt) authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); #ifdef USE_PAM - start_pam(pw); + start_pam(pw->pw_name); #endif } else { log("input_userauth_request: illegal user %s", user); +#ifdef USE_PAM + start_pam("NOUSER"); +#endif } authctxt->user = xstrdup(user); authctxt->service = xstrdup(service);