- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from

failing PAM session modules to user then exit, similar to the way
   /etc/nologin is handled.  ok djm@
This commit is contained in:
Darren Tucker 2004-09-11 22:17:26 +10:00
parent 928a19ad9e
commit 69687f4b65
4 changed files with 28 additions and 6 deletions

View File

@ -1,5 +1,8 @@
20040911
- (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@
- (dtucker) [auth-pam.c auth-pam.h session.c] Bug #890: Send output from
failing PAM session modules to user then exit, similar to the way
/etc/nologin is handled. ok djm@
20040830
- (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only
@ -1719,4 +1722,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3540 2004/09/11 05:18:05 djm Exp $
$Id: ChangeLog,v 1.3541 2004/09/11 12:17:26 dtucker Exp $

View File

@ -47,7 +47,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
RCSID("$Id: auth-pam.c,v 1.114 2004/08/16 13:12:06 dtucker Exp $");
RCSID("$Id: auth-pam.c,v 1.115 2004/09/11 12:17:26 dtucker Exp $");
#ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H)
@ -949,10 +949,21 @@ do_pam_session(void)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
sshpam_err = pam_open_session(sshpam_handle, 0);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: pam_open_session(): %s",
pam_strerror(sshpam_handle, sshpam_err));
if (sshpam_err == PAM_SUCCESS)
sshpam_session_open = 1;
else {
sshpam_session_open = 0;
disable_forwarding();
error("PAM: pam_open_session(): %s",
pam_strerror(sshpam_handle, sshpam_err));
}
}
int
is_pam_session_open(void)
{
return sshpam_session_open;
}
/*

View File

@ -1,4 +1,4 @@
/* $Id: auth-pam.h,v 1.26 2004/05/30 10:43:59 dtucker Exp $ */
/* $Id: auth-pam.h,v 1.27 2004/09/11 12:17:26 dtucker Exp $ */
/*
* Copyright (c) 2000 Damien Miller. All rights reserved.
@ -45,5 +45,6 @@ void free_pam_environment(char **);
void sshpam_thread_cleanup(void);
void sshpam_cleanup(void);
int sshpam_auth_passwd(Authctxt *, const char *);
int is_pam_session_open(void);
#endif /* USE_PAM */

View File

@ -1439,6 +1439,13 @@ do_child(Session *s, const char *command)
#endif /* HAVE_OSF_SIA */
}
#ifdef USE_PAM
if (options.use_pam && !is_pam_session_open()) {
display_loginmsg();
exit(254);
}
#endif
/*
* Get the shell from the password data. An empty shell field is
* legal, and means /bin/sh.