Bug#150968: patch for ssh PAM handling
tags 150968 patch
thanks
Here's a patch for 3.3p1-0.0.woody1 to do the PAM session and setcred
handling in the parent rather than the child; seems to work for me.
Thanks to Steve Langasek for help with the patch .
Index: auth-pam.c
===================================================================
RCS file: /afs/sipb/project/debian/cvs/openssh-krb5/auth-pam.c,v
retrieving revision 1.4
diff -u -r1.4 auth-pam.c
--- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4
+++ auth-pam.c 25 Jun 2002 20:33:41 -0000
@@ -286,6 +286,8 @@
pam_retval, PAM_STRERROR(__pamh, pam_retval));
}
+ if (session_opened)
+ return; /*Be idempotent so we can be called in monitor and child*/
pam_retval = pam_open_session(__pamh, 0);
if (pam_retval != PAM_SUCCESS)
fatal("PAM session setup failed[%d]: %.200s",
@@ -304,6 +306,8 @@
do_pam_set_conv(&conv);
+ if (init&&creds_set)
+ return; /*be idempotent so we can be called in monitor and child*/
debug("PAM establishing creds");
pam_retval = pam_setcred(__pamh,
init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
Index: monitor.c
===================================================================
RCS file: /afs/sipb/project/debian/cvs/openssh-krb5/monitor.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 monitor.c
--- monitor.c 24 Jun 2002 23:29:52 -0000 1.1.1.1
+++ monitor.c 25 Jun 2002 20:33:41 -0000
@@ -278,6 +278,8 @@
#ifdef USE_PAM
if (!do_pam_account(authctxt->pw->pw_name, NULL))
authenticated = 0;
+ do_pam_session(authctxt->pw->pw_name, NULL);
+ do_pam_setcred(1);
#endif
}
--
To UNSUBSCRIBE, email to debian-ssh-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: