Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/026-pam_setcred_fix.patch
author Huie-Ying Lee <huieying.lee@oracle.com>
Wed, 20 May 2015 15:14:17 -0700
branchs11-update
changeset 4329 771a6f41f496
permissions -rw-r--r--
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4329
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     1
 
#
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     2
 
# This patch contains bug fixes to the PAM credential and session operations.
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     3
 
# In the original OpenSSH, the server only gives warnings and still allows
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     4
 
# users to log in when pam_setcred() or pam_open_session() fail, if user auth
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     5
 
# method is not keyboard-interactive or password.  This is not a correct
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     6
 
# behavior. The server should just fatal out, when these functions fail.
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     7
 
#
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     8
 
# We have contributed back these bug fixes to the OpenSSH upstream community.
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
     9
 
# For more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2399
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    10
 
# In the future, if these bug fixes are accepted by the upsteam in a later
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    11
 
# release, we will remove this patch when we upgrade to that release.
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    12
 
#
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    13
 
--- orig/auth-pam.c	Tue May 12 12:57:25 2015
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    14
 
+++ new/auth-pam.c	Thu May 14 15:21:54 2015
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    15
 
@@ -950,6 +950,12 @@
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    16
 
 		sshpam_cred_established = 1;
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    17
 
 		return;
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    18
 
 	}
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    19
 
+
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    20
 
+#ifdef PAM_BUGFIX
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    21
 
+	/* Server will fatal out when pam_setcred() failed. */
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    22
 
+	fatal("PAM: pam_setcred(): %s", pam_strerror(sshpam_handle,
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    23
 
+	    sshpam_err));
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    24
 
+#else /* orig */
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    25
 
 	if (sshpam_authenticated)
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    26
 
 		fatal("PAM: pam_setcred(): %s",
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    27
 
 		    pam_strerror(sshpam_handle, sshpam_err));
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    28
 
@@ -956,6 +962,7 @@
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    29
 
 	else
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    30
 
 		debug("PAM: pam_setcred(): %s",
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    31
 
 		    pam_strerror(sshpam_handle, sshpam_err));
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    32
 
+#endif /* PAM_BUGFIX */
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    33
 
 }
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    34
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    35
 
 static int
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    36
 
@@ -1048,10 +1055,16 @@
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    37
 
 	if (sshpam_err == PAM_SUCCESS)
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    38
 
 		sshpam_session_open = 1;
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    39
 
 	else {
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    40
 
+#ifdef PAM_BUGFIX
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    41
 
+		/* Server will fatal out when pam_open_session() failed */
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    42
 
+		fatal("PAM: pam_open_session(): %s",
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    43
 
+		    pam_strerror(sshpam_handle, sshpam_err));
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    44
 
+#else /* orig */
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    45
 
 		sshpam_session_open = 0;
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    46
 
 		disable_forwarding();
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    47
 
 		error("PAM: pam_open_session(): %s",
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    48
 
 		    pam_strerror(sshpam_handle, sshpam_err));
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    49
 
+#endif /* PAM_BUGFIX */
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    50
 
 	}
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    51
771a6f41f496 21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff changeset 
    52
 
 }
upstream/oracle/userland-gate