- (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)

to fix NULL pointer deref and fake authloop breakage in PAM code.

ChangeLog

@@ -17,6 +17,8 @@
    - markus@cvs.openbsd.org 2001/01/18 17:12:43
      [auth-chall.c auth2-chall.c]
      rename *-skey.c *-chall.c since the files are not skey specific
+ - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
+   to fix NULL pointer deref and fake authloop breakage in PAM code.
  
 20010118
  - (bal) Super Sized OpenBSD Resync

auth-pam.c

@@ -29,7 +29,7 @@
 #include "xmalloc.h"
 #include "servconf.h"
 
-RCSID("$Id: auth-pam.c,v 1.20 2000/12/20 02:34:49 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@@ -323,13 +323,13 @@ void finish_pam(void)
 }
 
 /* Start PAM authentication for specified account */
-void start_pam(struct passwd *pw)
+void start_pam(const char *user)
 {
 	int pam_retval;
 
-	debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
+	debug("Starting up PAM with username \"%.200s\"", user);
 
-	pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh);
+	pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
 
 	if (pam_retval != PAM_SUCCESS) {
 		fatal("PAM initialisation failed[%d]: %.200s", 

auth-pam.h

@@ -3,7 +3,7 @@
 
 #include <pwd.h> /* For struct passwd */
 
-void start_pam(struct passwd *pw);
+void start_pam(const char *user);
 void finish_pam(void);
 int auth_pam_password(struct passwd *pw, const char *password);
 char **fetch_pam_environment(void);

auth1.c

@@ -414,7 +414,7 @@ do_authentication()
 
 #ifdef USE_PAM
 	if (pw)
-		start_pam(pw);
+		start_pam(user);
 #endif
 
 	/*

auth2-pam.c

@@ -1,5 +1,5 @@
 #include "includes.h"
-RCSID("$Id: auth2-pam.c,v 1.3 2001/01/19 04:26:52 mouring Exp $");
+RCSID("$Id: auth2-pam.c,v 1.4 2001/01/19 04:46:38 djm Exp $");
 
 #ifdef USE_PAM
 #include "ssh.h"
@@ -36,10 +36,8 @@ auth2_pam(Authctxt *authctxt)
 	if (authctxt->user == NULL)
 		fatal("auth2_pam: internal error: no user");
 
-	if (authctxt->valid) {
+	conv2.appdata_ptr = authctxt;
-		conv2.appdata_ptr = authctxt;
+	pam_set_conv(&conv2);
-		pam_set_conv(&conv2);
-	}
 
 	dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
 		     &input_userauth_info_response_pam);

auth2.c

@@ -210,10 +210,13 @@ input_userauth_request(int type, int plen, void *ctxt)
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
 #ifdef USE_PAM
-			start_pam(pw);
+			start_pam(pw->pw_name);
 #endif
 		} else {
 			log("input_userauth_request: illegal user %s", user);
+#ifdef USE_PAM
+			start_pam("NOUSER");
+#endif
 		}
 		authctxt->user = xstrdup(user);
 		authctxt->service = xstrdup(service);