From ac3a4b4a96d952a467e1cdf660f9d471e1141f6f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 29 Dec 1999 10:25:40 +1100 Subject: [PATCH] - Calls to pam_setcred, patch from Nalin Dahyabhai --- ChangeLog | 2 ++ sshd.c | 25 ++++++++++++++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f3a1108fd..2947cc7c0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ - Print whether OpenSSH was compiled with RSARef, patch from Nalin Dahyabhai + - Calls to pam_setcred, patch from Nalin Dahyabhai + 19991228 - Replacement for getpagesize() for systems which lack it diff --git a/sshd.c b/sshd.c index 8620e4951..73a33b785 100644 --- a/sshd.c +++ b/sshd.c @@ -11,7 +11,7 @@ */ #include "includes.h" -RCSID("$Id: sshd.c,v 1.47 1999/12/28 23:17:09 damien Exp $"); +RCSID("$Id: sshd.c,v 1.48 1999/12/28 23:25:41 damien Exp $"); #ifdef HAVE_POLL_H # include @@ -149,6 +149,7 @@ static int pamconv(int num_msg, const struct pam_message **msg, int do_pam_auth(const char *user, const char *password); void do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, char *ttyname); +void do_pam_setcred(); void pam_cleanup_proc(void *context); static struct pam_conv conv = { @@ -230,6 +231,12 @@ void pam_cleanup_proc(void *context) PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); + if (pam_retval != PAM_SUCCESS) { + log("Cannot delete credentials: %.200s", + PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + } + pam_retval = pam_end((pam_handle_t *)pamh, pam_retval); if (pam_retval != PAM_SUCCESS) { log("Cannot release PAM authentication: %.200s", @@ -301,6 +308,16 @@ void do_pam_session(char *username, char *ttyname) if (pam_retval != PAM_SUCCESS) fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + +void do_pam_setcred() +{ + int pam_retval; + + debug("PAM establishing creds"); + pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED); + if (pam_retval != PAM_SUCCESS) + fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); +} #endif /* USE_PAM */ /* @@ -1906,6 +1923,9 @@ do_authenticated(struct passwd * pw) packet_set_interactive(have_pty || display != NULL, options.keepalives); +#ifdef USE_PAM + do_pam_setcred(); +#endif if (forced_command != NULL) goto do_forced_command; debug("Forking shell."); @@ -1921,6 +1941,9 @@ do_authenticated(struct passwd * pw) packet_set_interactive(have_pty || display != NULL, options.keepalives); +#ifdef USE_PAM + do_pam_setcred(); +#endif if (forced_command != NULL) goto do_forced_command; /* Get command from the packet. */