- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@
This commit is contained in:
parent
928a19ad9e
commit
69687f4b65
|
@ -1,5 +1,8 @@
|
|||
20040911
|
||||
- (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
|
||||
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
|
||||
failing PAM session modules to user then exit, similar to the way
|
||||
/etc/nologin is handled. ok djm@
|
||||
|
||||
20040830
|
||||
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
|
||||
|
@ -1719,4 +1722,4 @@
|
|||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3540 2004/09/11 05:18:05 djm Exp $
|
||||
$Id: ChangeLog,v 1.3541 2004/09/11 12:17:26 dtucker Exp $
|
||||
|
|
19
auth-pam.c
19
auth-pam.c
|
@ -47,7 +47,7 @@
|
|||
|
||||
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-pam.c,v 1.114 2004/08/16 13:12:06 dtucker Exp $");
|
||||
RCSID("$Id: auth-pam.c,v 1.115 2004/09/11 12:17:26 dtucker Exp $");
|
||||
|
||||
#ifdef USE_PAM
|
||||
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
||||
|
@ -949,10 +949,21 @@ do_pam_session(void)
|
|||
fatal("PAM: failed to set PAM_CONV: %s",
|
||||
pam_strerror(sshpam_handle, sshpam_err));
|
||||
sshpam_err = pam_open_session(sshpam_handle, 0);
|
||||
if (sshpam_err != PAM_SUCCESS)
|
||||
fatal("PAM: pam_open_session(): %s",
|
||||
if (sshpam_err == PAM_SUCCESS)
|
||||
sshpam_session_open = 1;
|
||||
else {
|
||||
sshpam_session_open = 0;
|
||||
disable_forwarding();
|
||||
error("PAM: pam_open_session(): %s",
|
||||
pam_strerror(sshpam_handle, sshpam_err));
|
||||
sshpam_session_open = 1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
int
|
||||
is_pam_session_open(void)
|
||||
{
|
||||
return sshpam_session_open;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: auth-pam.h,v 1.26 2004/05/30 10:43:59 dtucker Exp $ */
|
||||
/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Damien Miller. All rights reserved.
|
||||
|
@ -45,5 +45,6 @@ void free_pam_environment(char **);
|
|||
void sshpam_thread_cleanup(void);
|
||||
void sshpam_cleanup(void);
|
||||
int sshpam_auth_passwd(Authctxt *, const char *);
|
||||
int is_pam_session_open(void);
|
||||
|
||||
#endif /* USE_PAM */
|
||||
|
|
|
@ -1439,6 +1439,13 @@ do_child(Session *s, const char *command)
|
|||
#endif /* HAVE_OSF_SIA */
|
||||
}
|
||||
|
||||
#ifdef USE_PAM
|
||||
if (options.use_pam && !is_pam_session_open()) {
|
||||
display_loginmsg();
|
||||
exit(254);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Get the shell from the password data. An empty shell field is
|
||||
* legal, and means /bin/sh.
|
||||
|
|
Loading…
Reference in New Issue