tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 07:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) Workaround PAM inconsistencies between Solaris derived PAM code

Browse Source 
and Linux-PAM. Based on report and fix from Andrew Morgan
   <morgan@transmeta.com>
This commit is contained in:
Damien Miller 2000-12-20 13:34:48 +11:00
parent 28bfc0da69
commit 82cf0ceea8
7 changed files with 41 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CREDITS
View File

@ -8,6 +8,7 @@ Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes
Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
Andrew McGill <andrewm@datrix.co.za> - SCO fixes Andrew McGill <andrewm@datrix.co.za> - SCO fixes
Andrew Morgan <morgan@transmeta.com> - PAM bugfixes
Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
Andy Sloane <andy@guildsoftware.com> - bugfixes Andy Sloane <andy@guildsoftware.com> - bugfixes
Aran Cox <acox@cv.telegroup.com> - SCO bugfixes Aran Cox <acox@cv.telegroup.com> - SCO bugfixes

5
ChangeLog
View File

@ -1,3 +1,8 @@
20001220
- (djm) Workaround PAM inconsistencies between Solaris derived PAM code
and Linux-PAM. Based on report and fix from Andrew Morgan
<morgan@transmeta.com>
20001218 20001218
- (stevesk) rsa.c: entropy.h not needed. - (stevesk) rsa.c: entropy.h not needed.
- (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile. - (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.

4
acconfig.h
View File

@ -218,6 +218,10 @@
/* to pam_strerror */ /* to pam_strerror */
#undef HAVE_OLD_PAM #undef HAVE_OLD_PAM
/* Define if you are using Solaris-derived PAM which passes pam_messages */
/* to the conversation function with an extra level of indirection */
#undef PAM_SUN_CODEBASE
/* Set this to your mail directory if you don't have maillock.h */ /* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY #undef MAIL_DIRECTORY

12
auth-pam.c
View File

@ -29,7 +29,7 @@
#include "xmalloc.h" #include "xmalloc.h"
#include "servconf.h" #include "servconf.h"
RCSID("$Id: auth-pam.c,v 1.19 2000/12/03 00:51:51 djm Exp $"); RCSID("$Id: auth-pam.c,v 1.20 2000/12/20 02:34:49 djm Exp $");
#define NEW_AUTHTOK_MSG \ #define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now" "Warning: Your password has expired, please change it now"
@ -97,13 +97,13 @@ static int pamconv(int num_msg, const struct pam_message **msg,
return PAM_CONV_ERR; return PAM_CONV_ERR;
for (count = 0; count < num_msg; count++) { for (count = 0; count < num_msg; count++) {
switch ((*msg)[count].msg_style) { switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_ON:
if (pamstate == INITIAL_LOGIN) { if (pamstate == INITIAL_LOGIN) {
free(reply); free(reply);
return PAM_CONV_ERR; return PAM_CONV_ERR;
} else { } else {
fputs((*msg)[count].msg, stderr); fputs(PAM_MSG_MEMBER(msg, count, msg), stderr);
fgets(buf, sizeof(buf), stdin); fgets(buf, sizeof(buf), stdin);
reply[count].resp = xstrdup(buf); reply[count].resp = xstrdup(buf);
reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp_retcode = PAM_SUCCESS;
@ -118,7 +118,7 @@ static int pamconv(int num_msg, const struct pam_message **msg,
reply[count].resp = xstrdup(pampasswd); reply[count].resp = xstrdup(pampasswd);
} else { } else {
reply[count].resp = reply[count].resp =
xstrdup(read_passphrase((*msg)[count].msg, 1)); xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1));
} }
reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp_retcode = PAM_SUCCESS;
break; break;
@ -126,9 +126,9 @@ static int pamconv(int num_msg, const struct pam_message **msg,
case PAM_TEXT_INFO: case PAM_TEXT_INFO:
if ((*msg)[count].msg != NULL) { if ((*msg)[count].msg != NULL) {
if (pamstate == INITIAL_LOGIN) if (pamstate == INITIAL_LOGIN)
pam_msg_cat((*msg)[count].msg); pam_msg_cat(PAM_MSG_MEMBER(msg, count, msg));
else { else {
fputs((*msg)[count].msg, stderr); fputs(PAM_MSG_MEMBER(msg, count, msg), stderr);
fputs("\n", stderr); fputs("\n", stderr);
} }
} }

18
auth2-pam.c
View File

@ -1,5 +1,5 @@
#include "includes.h" #include "includes.h"
RCSID("$Id: auth2-pam.c,v 1.1 2000/12/03 00:51:51 djm Exp $"); RCSID("$Id: auth2-pam.c,v 1.2 2000/12/20 02:34:49 djm Exp $");
#ifdef USE_PAM #ifdef USE_PAM
#include "ssh.h" #include "ssh.h"
@ -70,8 +70,8 @@ do_conversation2(int num_msg, const struct pam_message **msg,
packet_put_cstring(""); /* Instructions */ packet_put_cstring(""); /* Instructions */
packet_put_cstring(""); /* Language */ packet_put_cstring(""); /* Language */
for (i = 0, j = 0; i < num_msg; i++) { for (i = 0, j = 0; i < num_msg; i++) {
if(((*msg)[i].msg_style == PAM_PROMPT_ECHO_ON) || if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) ||
((*msg)[i].msg_style == PAM_PROMPT_ECHO_OFF) || (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) ||
(i == num_msg - 1)) { (i == num_msg - 1)) {
j++; j++;
} }
@ -79,7 +79,7 @@ do_conversation2(int num_msg, const struct pam_message **msg,
packet_put_int(j); /* Number of prompts. */ packet_put_int(j); /* Number of prompts. */
context_pam2.num_expected = j; context_pam2.num_expected = j;
for (i = 0, j = 0; i < num_msg; i++) { for (i = 0, j = 0; i < num_msg; i++) {
switch((*msg)[i].msg_style) { switch(PAM_MSG_MEMBER(msg, i, msg_style)) {
case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_ON:
echo = 1; echo = 1;
break; break;
@ -91,18 +91,18 @@ do_conversation2(int num_msg, const struct pam_message **msg,
break; break;
} }
if(text) { if(text) {
tmp = xmalloc(strlen(text) + strlen((*msg)[i].msg) + 2); tmp = xmalloc(strlen(text) + strlen(PAM_MSG_MEMBER(msg, i, msg)) + 2);
strcpy(tmp, text); strcpy(tmp, text);
strcat(tmp, "\n"); strcat(tmp, "\n");
strcat(tmp, (*msg)[i].msg); strcat(tmp, PAM_MSG_MEMBER(msg, i, msg));
xfree(text); xfree(text);
text = tmp; text = tmp;
tmp = NULL; tmp = NULL;
} else { } else {
text = xstrdup((*msg)[i].msg); text = xstrdup(PAM_MSG_MEMBER(msg, i, msg));
} }
if(((*msg)[i].msg_style == PAM_PROMPT_ECHO_ON) || if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) ||
((*msg)[i].msg_style == PAM_PROMPT_ECHO_OFF) || (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) ||
(i == num_msg - 1)) { (i == num_msg - 1)) {
debug("sending prompt ssh-%d(pam-%d) = \"%s\"", debug("sending prompt ssh-%d(pam-%d) = \"%s\"",
j, i, text); j, i, text);

10
configure.in
View File

@ -88,6 +88,7 @@ case "$host" in
*-*-hpux11*) *-*-hpux11*)
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE" CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE"
IPADDR_IN_DISPLAY=yes IPADDR_IN_DISPLAY=yes
AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(USE_PIPES) AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP) AC_DEFINE(DISABLE_UTMP)
@ -149,6 +150,7 @@ mips-sony-bsd|mips-sony-newsos4)
CPPFLAGS="$CPPFLAGS -I/usr/local/include" CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib" LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib"
need_dash_r=1 need_dash_r=1
AC_DEFINE(PAM_SUN_CODEBASE)
# hardwire lastlog location (can't detect it on some versions) # hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog" conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x) AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
@ -164,6 +166,7 @@ mips-sony-bsd|mips-sony-newsos4)
*-*-sunos4*) *-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4" CPPFLAGS="$CPPFLAGS -DSUNOS4"
AC_CHECK_FUNCS(getpwanam) AC_CHECK_FUNCS(getpwanam)
AC_DEFINE(PAM_SUN_CODEBASE)
conf_utmp_location=/etc/utmp conf_utmp_location=/etc/utmp
conf_wtmp_location=/var/adm/wtmp conf_wtmp_location=/var/adm/wtmp
conf_lastlog_location=/var/adm/lastlog conf_lastlog_location=/var/adm/lastlog
@ -1614,6 +1617,13 @@ echo " Libraries: ${LIBS}"
echo "" echo ""
if test "x$PAM_MSG" = "xyes" ; then
echo "PAM is enabled. You may need to install a PAM control file for sshd,"
echo "otherwise password authentication may fail. Example PAM control files"
echo "can be found in the contrib/ subdirectory"
echo ""
fi
if test ! -z "$BUILTIN_RNG" ; then if test ! -z "$BUILTIN_RNG" ; then
echo "WARNING: you are using the builtin random number collection service." echo "WARNING: you are using the builtin random number collection service."
echo "Please read WARNING.RNG and request that your OS vendor includes" echo "Please read WARNING.RNG and request that your OS vendor includes"

6
defines.h
View File

@ -340,6 +340,12 @@ struct winsize {
# define PAM_STRERROR(a,b) pam_strerror((a),(b)) # define PAM_STRERROR(a,b) pam_strerror((a),(b))
#endif #endif
#ifdef PAM_SUN_CODEBASE
# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
#else
# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
#endif
#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) #if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO)
# undef HAVE_GETADDRINFO # undef HAVE_GETADDRINFO
#endif /* defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) */ #endif /* defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) */