8 # |
8 # |
9 # Patch offered upstream: |
9 # Patch offered upstream: |
10 # https://bugzilla.mindrot.org/show_bug.cgi?id=2378 |
10 # https://bugzilla.mindrot.org/show_bug.cgi?id=2378 |
11 # |
11 # |
12 diff -pur old/auth-pam.c new/auth-pam.c |
12 diff -pur old/auth-pam.c new/auth-pam.c |
13 --- old/auth-pam.c 2015-04-13 07:40:15.102801416 -0700 |
13 --- old/auth-pam.c 2015-05-21 04:08:41.910932322 -0700 |
14 +++ new/auth-pam.c 2015-04-13 07:40:15.170507123 -0700 |
14 +++ new/auth-pam.c 2015-05-21 04:08:42.024831668 -0700 |
15 @@ -1038,6 +1038,20 @@ do_pam_account(void) |
15 @@ -1038,6 +1038,20 @@ do_pam_account(void) |
16 return (sshpam_account_status); |
16 return (sshpam_account_status); |
17 } |
17 } |
18 |
18 |
19 +#ifdef HAVE_PAM_AUSER |
19 +#ifdef HAVE_PAM_AUSER |
32 + |
32 + |
33 void |
33 void |
34 do_pam_set_tty(const char *tty) |
34 do_pam_set_tty(const char *tty) |
35 { |
35 { |
36 diff -pur old/auth-pam.h new/auth-pam.h |
36 diff -pur old/auth-pam.h new/auth-pam.h |
37 --- old/auth-pam.h 2004-09-11 05:17:26.000000000 -0700 |
37 --- old/auth-pam.h 2015-03-16 22:49:20.000000000 -0700 |
38 +++ new/auth-pam.h 2015-04-13 07:40:15.170675124 -0700 |
38 +++ new/auth-pam.h 2015-05-21 04:08:42.025160216 -0700 |
39 @@ -35,6 +35,9 @@ void start_pam(Authctxt *); |
39 @@ -35,6 +35,9 @@ void start_pam(Authctxt *); |
40 void finish_pam(void); |
40 void finish_pam(void); |
41 u_int do_pam_account(void); |
41 u_int do_pam_account(void); |
42 void do_pam_session(void); |
42 void do_pam_session(void); |
43 +#ifdef HAVE_PAM_AUSER |
43 +#ifdef HAVE_PAM_AUSER |
45 +#endif |
45 +#endif |
46 void do_pam_set_tty(const char *); |
46 void do_pam_set_tty(const char *); |
47 void do_pam_setcred(int ); |
47 void do_pam_setcred(int ); |
48 void do_pam_chauthtok(void); |
48 void do_pam_chauthtok(void); |
49 diff -pur old/auth.h new/auth.h |
49 diff -pur old/auth.h new/auth.h |
50 --- old/auth.h 2015-04-13 07:40:15.102912510 -0700 |
50 --- old/auth.h 2015-05-21 04:08:41.911346027 -0700 |
51 +++ new/auth.h 2015-04-13 07:40:15.170773363 -0700 |
51 +++ new/auth.h 2015-05-21 04:08:42.025504068 -0700 |
52 @@ -79,6 +79,9 @@ struct Authctxt { |
52 @@ -84,6 +84,9 @@ struct Authctxt { |
53 #ifdef PAM_ENHANCEMENT |
53 #ifdef PAM_ENHANCEMENT |
54 char *authmethod_name; |
54 char *authmethod_name; |
55 #endif |
55 #endif |
56 +#ifdef HAVE_PAM_AUSER |
56 +#ifdef HAVE_PAM_AUSER |
57 + char *auser; |
57 + char *auser; |
58 +#endif |
58 +#endif |
59 }; |
59 }; |
60 /* |
60 /* |
61 * Every authentication method has to handle authentication requests for |
61 * Every authentication method has to handle authentication requests for |
62 diff -pur old/auth2-hostbased.c new/auth2-hostbased.c |
62 diff -pur old/auth2-hostbased.c new/auth2-hostbased.c |
63 --- old/auth2-hostbased.c 2013-12-30 17:25:41.000000000 -0800 |
63 --- old/auth2-hostbased.c 2015-03-16 22:49:20.000000000 -0700 |
64 +++ new/auth2-hostbased.c 2015-04-13 07:40:15.170883166 -0700 |
64 +++ new/auth2-hostbased.c 2015-05-21 04:08:42.026208843 -0700 |
65 @@ -83,6 +83,9 @@ userauth_hostbased(Authctxt *authctxt) |
65 @@ -85,6 +85,9 @@ userauth_hostbased(Authctxt *authctxt) |
66 buffer_dump(&b); |
66 buffer_dump(&b); |
67 buffer_free(&b); |
67 buffer_free(&b); |
68 #endif |
68 #endif |
69 +#ifdef HAVE_PAM_AUSER |
69 +#ifdef HAVE_PAM_AUSER |
70 + authctxt->auser = NULL; |
70 + authctxt->auser = NULL; |
71 +#endif |
71 +#endif |
72 pktype = key_type_from_name(pkalg); |
72 pktype = key_type_from_name(pkalg); |
73 if (pktype == KEY_UNSPEC) { |
73 if (pktype == KEY_UNSPEC) { |
74 /* this is perfectly legal */ |
74 /* this is perfectly legal */ |
75 @@ -133,6 +136,13 @@ userauth_hostbased(Authctxt *authctxt) |
75 @@ -143,6 +146,13 @@ userauth_hostbased(Authctxt *authctxt) |
76 buffer_len(&b))) == 1) |
76 buffer_len(&b))) == 1) |
77 authenticated = 1; |
77 authenticated = 1; |
78 |
78 |
79 +#ifdef HAVE_PAM_AUSER |
79 +#ifdef HAVE_PAM_AUSER |
80 + if (authenticated) { |
80 + if (authenticated) { |
85 + |
85 + |
86 buffer_free(&b); |
86 buffer_free(&b); |
87 done: |
87 done: |
88 debug2("userauth_hostbased: authenticated %d", authenticated); |
88 debug2("userauth_hostbased: authenticated %d", authenticated); |
89 diff -pur old/auth2.c new/auth2.c |
89 diff -pur old/auth2.c new/auth2.c |
90 --- old/auth2.c 2015-04-13 07:40:15.125748357 -0700 |
90 --- old/auth2.c 2015-05-21 04:08:41.947286493 -0700 |
91 +++ new/auth2.c 2015-04-13 07:54:08.589929143 -0700 |
91 +++ new/auth2.c 2015-05-21 04:08:42.026846014 -0700 |
92 @@ -347,6 +347,14 @@ userauth_finish(Authctxt *authctxt, int |
92 @@ -339,6 +339,14 @@ userauth_finish(Authctxt *authctxt, int |
93 #endif |
93 #endif |
94 } |
94 } |
95 |
95 |
96 +#ifdef HAVE_PAM_AUSER |
96 +#ifdef HAVE_PAM_AUSER |
97 + if (!use_privsep) { |
97 + if (!use_privsep) { |
103 + |
103 + |
104 if (authenticated && options.num_auth_methods != 0) { |
104 if (authenticated && options.num_auth_methods != 0) { |
105 |
105 |
106 #if defined(USE_PAM) && defined(PAM_ENHANCEMENT) |
106 #if defined(USE_PAM) && defined(PAM_ENHANCEMENT) |
107 diff -pur old/config.h.in new/config.h.in |
107 diff -pur old/config.h.in new/config.h.in |
108 --- old/config.h.in 2015-04-13 07:40:15.118922540 -0700 |
108 --- old/config.h.in 2015-05-21 04:08:41.938119429 -0700 |
109 +++ new/config.h.in 2015-04-13 07:40:15.171493102 -0700 |
109 +++ new/config.h.in 2015-05-21 04:08:42.027796887 -0700 |
110 @@ -814,6 +814,9 @@ |
110 @@ -827,6 +827,9 @@ |
111 /* Define if you have Digital Unix Security Integration Architecture */ |
111 /* Define if you have Digital Unix Security Integration Architecture */ |
112 #undef HAVE_OSF_SIA |
112 #undef HAVE_OSF_SIA |
113 |
113 |
114 +/* Define if you have PAM_AUSER PAM item */ |
114 +/* Define if you have PAM_AUSER PAM item */ |
115 +#undef HAVE_PAM_AUSER |
115 +#undef HAVE_PAM_AUSER |
116 + |
116 + |
117 /* Define to 1 if you have the `pam_getenvlist' function. */ |
117 /* Define to 1 if you have the `pam_getenvlist' function. */ |
118 #undef HAVE_PAM_GETENVLIST |
118 #undef HAVE_PAM_GETENVLIST |
119 |
119 |
120 diff -pur old/configure new/configure |
120 diff -pur old/configure new/configure |
121 --- old/configure 2015-04-13 07:40:15.121667931 -0700 |
121 --- old/configure 2015-05-21 04:08:41.952127851 -0700 |
122 +++ new/configure 2015-04-13 07:40:15.174438856 -0700 |
122 +++ new/configure 2015-05-21 04:09:34.214165539 -0700 |
123 @@ -7799,6 +7799,7 @@ fi |
123 @@ -10872,6 +10872,7 @@ fi |
124 |
124 cat >>confdefs.h <<\_ACEOF |
125 $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h |
125 #define USE_GSS_STORE_CRED 1 |
126 $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h |
126 #define GSSAPI_STORECREDS_NEEDS_RUID 1 |
127 + $as_echo "#define HAVE_PAM_AUSER 1" >>confdefs.h |
127 +#define HAVE_PAM_AUSER 1 |
|
128 _ACEOF |
128 |
129 |
129 TEST_SHELL=$SHELL # let configure find us a capable shell |
130 TEST_SHELL=$SHELL # let configure find us a capable shell |
130 ;; |
|
131 diff -pur old/configure.ac new/configure.ac |
131 diff -pur old/configure.ac new/configure.ac |
132 --- old/configure.ac 2015-04-13 07:40:15.085660430 -0700 |
132 --- old/configure.ac 2015-05-21 04:08:41.886514252 -0700 |
133 +++ new/configure.ac 2015-04-13 07:40:15.175130655 -0700 |
133 +++ new/configure.ac 2015-05-21 04:08:42.052981088 -0700 |
134 @@ -868,6 +868,7 @@ mips-sony-bsd|mips-sony-newsos4) |
134 @@ -904,6 +904,7 @@ mips-sony-bsd|mips-sony-newsos4) |
135 TEST_SHELL=$SHELL # let configure find us a capable shell |
135 TEST_SHELL=$SHELL # let configure find us a capable shell |
136 AC_DEFINE([USE_GSS_STORE_CRED]) |
136 AC_DEFINE([USE_GSS_STORE_CRED]) |
137 AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID]) |
137 AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID]) |
138 + AC_DEFINE([HAVE_PAM_AUSER]) |
138 + AC_DEFINE([HAVE_PAM_AUSER]) |
139 ;; |
139 ;; |
140 *-*-sunos4*) |
140 *-*-sunos4*) |
141 CPPFLAGS="$CPPFLAGS -DSUNOS4" |
141 CPPFLAGS="$CPPFLAGS -DSUNOS4" |
142 diff -pur old/monitor.c new/monitor.c |
142 diff -pur old/monitor.c new/monitor.c |
143 --- old/monitor.c 2015-04-13 07:40:15.136922050 -0700 |
143 --- old/monitor.c 2015-05-21 04:08:41.964048305 -0700 |
144 +++ new/monitor.c 2015-04-13 07:40:15.175533060 -0700 |
144 +++ new/monitor.c 2015-05-21 04:08:42.054374639 -0700 |
145 @@ -490,6 +490,12 @@ monitor_child_preauth(Authctxt *_authctx |
145 @@ -461,6 +461,12 @@ monitor_child_preauth(Authctxt *_authctx |
146 #endif |
146 } |
147 } |
147 } |
148 |
148 |
149 +#if defined(HAVE_PAM_AUSER) && defined(USE_PAM) |
149 +#if defined(HAVE_PAM_AUSER) && defined(USE_PAM) |
150 + if (hostbased_cuser != NULL) { |
150 + if (hostbased_cuser != NULL) { |
151 + free(hostbased_cuser); |
151 + free(hostbased_cuser); |
169 key_blobtype = MM_NOKEY; |
169 key_blobtype = MM_NOKEY; |
170 - hostbased_cuser = NULL; |
170 - hostbased_cuser = NULL; |
171 hostbased_chost = NULL; |
171 hostbased_chost = NULL; |
172 } |
172 } |
173 |
173 |
174 @@ -1111,6 +1119,11 @@ mm_answer_pam_account(int sock, Buffer * |
174 @@ -1146,6 +1154,11 @@ mm_answer_pam_account(int sock, Buffer * |
175 if (!options.use_pam) |
175 if (!options.use_pam) |
176 fatal("UsePAM not set, but ended up in %s anyway", __func__); |
176 fatal("UsePAM not set, but ended up in %s anyway", __func__); |
177 |
177 |
178 +#ifdef HAVE_PAM_AUSER |
178 +#ifdef HAVE_PAM_AUSER |
179 + if (hostbased_cuser != NULL) |
179 + if (hostbased_cuser != NULL) |