- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way /etc/nologin is handled. ok djm@
This commit is contained in:
parent
928a19ad9e
commit
69687f4b65
|
@ -1,5 +1,8 @@
|
||||||
20040911
|
20040911
|
||||||
- (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
|
- (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
|
||||||
|
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
|
||||||
|
failing PAM session modules to user then exit, similar to the way
|
||||||
|
/etc/nologin is handled. ok djm@
|
||||||
|
|
||||||
20040830
|
20040830
|
||||||
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
|
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
|
||||||
|
@ -1719,4 +1722,4 @@
|
||||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.3540 2004/09/11 05:18:05 djm Exp $
|
$Id: ChangeLog,v 1.3541 2004/09/11 12:17:26 dtucker Exp $
|
||||||
|
|
19
auth-pam.c
19
auth-pam.c
|
@ -47,7 +47,7 @@
|
||||||
|
|
||||||
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
|
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
|
||||||
#include "includes.h"
|
#include "includes.h"
|
||||||
RCSID("$Id: auth-pam.c,v 1.114 2004/08/16 13:12:06 dtucker Exp $");
|
RCSID("$Id: auth-pam.c,v 1.115 2004/09/11 12:17:26 dtucker Exp $");
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
#if defined(HAVE_SECURITY_PAM_APPL_H)
|
||||||
|
@ -949,10 +949,21 @@ do_pam_session(void)
|
||||||
fatal("PAM: failed to set PAM_CONV: %s",
|
fatal("PAM: failed to set PAM_CONV: %s",
|
||||||
pam_strerror(sshpam_handle, sshpam_err));
|
pam_strerror(sshpam_handle, sshpam_err));
|
||||||
sshpam_err = pam_open_session(sshpam_handle, 0);
|
sshpam_err = pam_open_session(sshpam_handle, 0);
|
||||||
if (sshpam_err != PAM_SUCCESS)
|
if (sshpam_err == PAM_SUCCESS)
|
||||||
fatal("PAM: pam_open_session(): %s",
|
|
||||||
pam_strerror(sshpam_handle, sshpam_err));
|
|
||||||
sshpam_session_open = 1;
|
sshpam_session_open = 1;
|
||||||
|
else {
|
||||||
|
sshpam_session_open = 0;
|
||||||
|
disable_forwarding();
|
||||||
|
error("PAM: pam_open_session(): %s",
|
||||||
|
pam_strerror(sshpam_handle, sshpam_err));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
is_pam_session_open(void)
|
||||||
|
{
|
||||||
|
return sshpam_session_open;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $Id: auth-pam.h,v 1.26 2004/05/30 10:43:59 dtucker Exp $ */
|
/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Damien Miller. All rights reserved.
|
* Copyright (c) 2000 Damien Miller. All rights reserved.
|
||||||
|
@ -45,5 +45,6 @@ void free_pam_environment(char **);
|
||||||
void sshpam_thread_cleanup(void);
|
void sshpam_thread_cleanup(void);
|
||||||
void sshpam_cleanup(void);
|
void sshpam_cleanup(void);
|
||||||
int sshpam_auth_passwd(Authctxt *, const char *);
|
int sshpam_auth_passwd(Authctxt *, const char *);
|
||||||
|
int is_pam_session_open(void);
|
||||||
|
|
||||||
#endif /* USE_PAM */
|
#endif /* USE_PAM */
|
||||||
|
|
|
@ -1439,6 +1439,13 @@ do_child(Session *s, const char *command)
|
||||||
#endif /* HAVE_OSF_SIA */
|
#endif /* HAVE_OSF_SIA */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef USE_PAM
|
||||||
|
if (options.use_pam && !is_pam_session_open()) {
|
||||||
|
display_loginmsg();
|
||||||
|
exit(254);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get the shell from the password data. An empty shell field is
|
* Get the shell from the password data. An empty shell field is
|
||||||
* legal, and means /bin/sh.
|
* legal, and means /bin/sh.
|
||||||
|
|
Loading…
Reference in New Issue