equal
deleted
inserted
replaced
2 # This patch contains an important bug fix for the PAM password userauth |
2 # This patch contains an important bug fix for the PAM password userauth |
3 # conversation function. This bug fix was contributed back to the upstream in |
3 # conversation function. This bug fix was contributed back to the upstream in |
4 # 2009, but it was not accepted by the upstream. For more information, see |
4 # 2009, but it was not accepted by the upstream. For more information, see |
5 # https://bugzilla.mindrot.org/show_bug.cgi?id=1681. |
5 # https://bugzilla.mindrot.org/show_bug.cgi?id=1681. |
6 # |
6 # |
7 --- orig/auth-pam.c Fri Jun 20 14:55:27 2014 |
7 --- orig/auth-pam.c Mon Oct 27 14:40:01 2014 |
8 +++ new/auth-pam.c Fri Jun 20 14:54:39 2014 |
8 +++ new/auth-pam.c Tue Oct 28 12:40:59 2014 |
9 @@ -1111,11 +1111,13 @@ |
9 @@ -1111,11 +1111,13 @@ |
10 free(env); |
10 free(env); |
11 } |
11 } |
12 |
12 |
13 +#ifndef PAM_BUGFIX |
13 +#ifndef PAM_BUGFIX |
44 break; |
44 break; |
45 +#endif |
45 +#endif |
46 case PAM_ERROR_MSG: |
46 case PAM_ERROR_MSG: |
47 case PAM_TEXT_INFO: |
47 case PAM_TEXT_INFO: |
48 len = strlen(PAM_MSG_MEMBER(msg, i, msg)); |
48 len = strlen(PAM_MSG_MEMBER(msg, i, msg)); |
49 @@ -1197,6 +1211,15 @@ |
49 @@ -1178,6 +1192,9 @@ |
|
50 int |
|
51 sshpam_auth_passwd(Authctxt *authctxt, const char *password) |
|
52 { |
|
53 +#ifdef PAM_BUGFIX |
|
54 + int set_item_rtn; |
|
55 +#endif |
|
56 int flags = (options.permit_empty_passwd == 0 ? |
|
57 PAM_DISALLOW_NULL_AUTHTOK : 0); |
|
58 |
|
59 @@ -1197,6 +1214,15 @@ |
50 options.permit_root_login != PERMIT_YES)) |
60 options.permit_root_login != PERMIT_YES)) |
51 sshpam_password = badpw; |
61 sshpam_password = badpw; |
52 |
62 |
53 +#ifdef PAM_BUGFIX |
63 +#ifdef PAM_BUGFIX |
54 + sshpam_err = pam_set_item(sshpam_handle, PAM_AUTHTOK, password); |
64 + sshpam_err = pam_set_item(sshpam_handle, PAM_AUTHTOK, password); |
60 +#endif |
70 +#endif |
61 + |
71 + |
62 sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, |
72 sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, |
63 (const void *)&passwd_conv); |
73 (const void *)&passwd_conv); |
64 if (sshpam_err != PAM_SUCCESS) |
74 if (sshpam_err != PAM_SUCCESS) |
|
75 @@ -1205,6 +1231,16 @@ |
|
76 |
|
77 sshpam_err = pam_authenticate(sshpam_handle, flags); |
|
78 sshpam_password = NULL; |
|
79 + |
|
80 +#ifdef PAM_BUGFIX |
|
81 + set_item_rtn = pam_set_item(sshpam_handle, PAM_AUTHTOK, NULL); |
|
82 + if (set_item_rtn != PAM_SUCCESS) { |
|
83 + debug("PAM: %s: failed to set PAM_AUTHTOK: %s", __func__, |
|
84 + pam_strerror(sshpam_handle, set_item_rtn)); |
|
85 + return 0; |
|
86 + } |
|
87 +#endif |
|
88 + |
|
89 if (sshpam_err == PAM_SUCCESS && authctxt->valid) { |
|
90 debug("PAM: password authentication accepted for %.100s", |
|
91 authctxt->user); |