From e8f474554e3bda102a797a2fbab0594ccc66f097 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 6 Apr 2018 14:11:44 +1000 Subject: [PATCH] Expose SSH_AUTH_INFO_0 to PAM auth modules bz#2408, patch from Radoslaw Ejsmont; ok dtucker@ --- auth-pam.c | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/auth-pam.c b/auth-pam.c index 00ba87775..456259577 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -674,6 +674,27 @@ sshpam_init(Authctxt *authctxt) return (0); } +static void +expose_authinfo(const char *caller) +{ + char *auth_info; + + /* + * Expose authentication information to PAM. + * The environment variable is versioned. Please increment the + * version suffix if the format of session_info changes. + */ + if (sshpam_authctxt->session_info == NULL) + auth_info = xstrdup(""); + else if ((auth_info = sshbuf_dup_string( + sshpam_authctxt->session_info)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); + + debug2("%s: auth information in SSH_AUTH_INFO_0", caller); + do_pam_putenv("SSH_AUTH_INFO_0", auth_info); + free(auth_info); +} + static void * sshpam_init_ctx(Authctxt *authctxt) { @@ -694,6 +715,7 @@ sshpam_init_ctx(Authctxt *authctxt) return (NULL); } + expose_authinfo(__func__); ctxt = xcalloc(1, sizeof *ctxt); /* Start the authentication thread */ @@ -935,26 +957,6 @@ finish_pam(void) sshpam_cleanup(); } -static void -expose_authinfo(const char *caller) -{ - char *auth_info; - - /* - * Expose authentication information to PAM. - * The enviornment variable is versioned. Please increment the - * version suffix if the format of session_info changes. - */ - if (sshpam_authctxt->session_info == NULL) - auth_info = xstrdup(""); - else if ((auth_info = sshbuf_dup_string( - sshpam_authctxt->session_info)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); - - debug2("%s: auth information in SSH_AUTH_INFO_0", caller); - do_pam_putenv("SSH_AUTH_INFO_0", auth_info); - free(auth_info); -} u_int do_pam_account(void)