author | Huie-Ying Lee <huieying.lee@oracle.com> |
Wed, 20 May 2015 15:14:17 -0700 | |
branch | s11-update |
changeset 4329 | 771a6f41f496 |
permissions | -rw-r--r-- |
4329
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
1 |
# |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
2 |
# This patch contains bug fixes to the PAM credential and session operations. |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
3 |
# In the original OpenSSH, the server only gives warnings and still allows |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
4 |
# users to log in when pam_setcred() or pam_open_session() fail, if user auth |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
5 |
# method is not keyboard-interactive or password. This is not a correct |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
6 |
# behavior. The server should just fatal out, when these functions fail. |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
7 |
# |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
8 |
# We have contributed back these bug fixes to the OpenSSH upstream community. |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
9 |
# For more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2399 |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
10 |
# In the future, if these bug fixes are accepted by the upsteam in a later |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
11 |
# release, we will remove this patch when we upgrade to that release. |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
12 |
# |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
13 |
--- orig/auth-pam.c Tue May 12 12:57:25 2015 |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
14 |
+++ new/auth-pam.c Thu May 14 15:21:54 2015 |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
15 |
@@ -950,6 +950,12 @@ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
16 |
sshpam_cred_established = 1; |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
17 |
return; |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
18 |
} |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
19 |
+ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
20 |
+#ifdef PAM_BUGFIX |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
21 |
+ /* Server will fatal out when pam_setcred() failed. */ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
22 |
+ fatal("PAM: pam_setcred(): %s", pam_strerror(sshpam_handle, |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
23 |
+ sshpam_err)); |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
24 |
+#else /* orig */ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
25 |
if (sshpam_authenticated) |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
26 |
fatal("PAM: pam_setcred(): %s", |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
27 |
pam_strerror(sshpam_handle, sshpam_err)); |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
28 |
@@ -956,6 +962,7 @@ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
29 |
else |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
30 |
debug("PAM: pam_setcred(): %s", |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
31 |
pam_strerror(sshpam_handle, sshpam_err)); |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
32 |
+#endif /* PAM_BUGFIX */ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
33 |
} |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
34 |
|
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
35 |
static int |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
36 |
@@ -1048,10 +1055,16 @@ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
37 |
if (sshpam_err == PAM_SUCCESS) |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
38 |
sshpam_session_open = 1; |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
39 |
else { |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
40 |
+#ifdef PAM_BUGFIX |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
41 |
+ /* Server will fatal out when pam_open_session() failed */ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
42 |
+ fatal("PAM: pam_open_session(): %s", |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
43 |
+ pam_strerror(sshpam_handle, sshpam_err)); |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
44 |
+#else /* orig */ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
45 |
sshpam_session_open = 0; |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
46 |
disable_forwarding(); |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
47 |
error("PAM: pam_open_session(): %s", |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
48 |
pam_strerror(sshpam_handle, sshpam_err)); |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
49 |
+#endif /* PAM_BUGFIX */ |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
50 |
} |
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
51 |
|
771a6f41f496
21078900 openssh server should fatal out when pam_setcred and pam_open_session fail
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
52 |
} |