auth-pam.c (181103) | auth-pam.c (181111) |
---|---|
1/*- 2 * Copyright (c) 2002 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and 6 * NAI Labs, the Security Research Division of Network Associates, Inc. 7 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8 * DARPA CHATS research program. --- 147 unchanged lines hidden (view full) --- 156 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) 157 <= 0) 158 return; /* could not wait */ 159 } 160 if (WIFSIGNALED(sshpam_thread_status) && 161 WTERMSIG(sshpam_thread_status) == SIGTERM) 162 return; /* terminated by pthread_cancel */ 163 if (!WIFEXITED(sshpam_thread_status)) | 1/*- 2 * Copyright (c) 2002 Networks Associates Technology, Inc. 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by ThinkSec AS and 6 * NAI Labs, the Security Research Division of Network Associates, Inc. 7 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 8 * DARPA CHATS research program. --- 147 unchanged lines hidden (view full) --- 156 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) 157 <= 0) 158 return; /* could not wait */ 159 } 160 if (WIFSIGNALED(sshpam_thread_status) && 161 WTERMSIG(sshpam_thread_status) == SIGTERM) 162 return; /* terminated by pthread_cancel */ 163 if (!WIFEXITED(sshpam_thread_status)) |
164 fatal("PAM: authentication thread exited unexpectedly"); | 164 sigdie("PAM: authentication thread exited unexpectedly"); |
165 if (WEXITSTATUS(sshpam_thread_status) != 0) | 165 if (WEXITSTATUS(sshpam_thread_status) != 0) |
166 fatal("PAM: authentication thread exited uncleanly"); | 166 sigdie("PAM: authentication thread exited uncleanly"); |
167} 168 169/* ARGSUSED */ 170static void 171pthread_exit(void *value) 172{ 173 _exit(0); 174} --- 418 unchanged lines hidden (view full) --- 593 return (PAM_CONV_ERR); 594} 595 596static struct pam_conv store_conv = { sshpam_store_conv, NULL }; 597 598void 599sshpam_cleanup(void) 600{ | 167} 168 169/* ARGSUSED */ 170static void 171pthread_exit(void *value) 172{ 173 _exit(0); 174} --- 418 unchanged lines hidden (view full) --- 593 return (PAM_CONV_ERR); 594} 595 596static struct pam_conv store_conv = { sshpam_store_conv, NULL }; 597 598void 599sshpam_cleanup(void) 600{ |
601 debug("PAM: cleanup"); 602 if (sshpam_handle == NULL) | 601 if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor())) |
603 return; | 602 return; |
603 debug("PAM: cleanup"); |
|
604 pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); 605 if (sshpam_cred_established) { | 604 pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); 605 if (sshpam_cred_established) { |
606 debug("PAM: deleting credentials"); |
|
606 pam_setcred(sshpam_handle, PAM_DELETE_CRED); 607 sshpam_cred_established = 0; 608 } 609 if (sshpam_session_open) { | 607 pam_setcred(sshpam_handle, PAM_DELETE_CRED); 608 sshpam_cred_established = 0; 609 } 610 if (sshpam_session_open) { |
611 debug("PAM: closing session"); |
|
610 pam_close_session(sshpam_handle, PAM_SILENT); 611 sshpam_session_open = 0; 612 } 613 sshpam_authenticated = 0; 614 pam_end(sshpam_handle, sshpam_err); 615 sshpam_handle = NULL; 616} 617 --- 63 unchanged lines hidden (view full) --- 681 return NULL; 682 683 /* Initialize PAM */ 684 if (sshpam_init(authctxt) == -1) { 685 error("PAM: initialization failed"); 686 return (NULL); 687 } 688 | 612 pam_close_session(sshpam_handle, PAM_SILENT); 613 sshpam_session_open = 0; 614 } 615 sshpam_authenticated = 0; 616 pam_end(sshpam_handle, sshpam_err); 617 sshpam_handle = NULL; 618} 619 --- 63 unchanged lines hidden (view full) --- 683 return NULL; 684 685 /* Initialize PAM */ 686 if (sshpam_init(authctxt) == -1) { 687 error("PAM: initialization failed"); 688 return (NULL); 689 } 690 |
689 ctxt = xmalloc(sizeof *ctxt); 690 memset(ctxt, 0, sizeof(*ctxt)); | 691 ctxt = xcalloc(1, sizeof *ctxt); |
691 692 /* Start the authentication thread */ 693 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { 694 error("PAM: failed create sockets: %s", strerror(errno)); 695 xfree(ctxt); 696 return (NULL); 697 } 698 ctxt->pam_psock = socks[0]; --- 281 unchanged lines hidden (view full) --- 980 case PAM_PROMPT_ECHO_OFF: 981 reply[i].resp = 982 read_passphrase(PAM_MSG_MEMBER(msg, i, msg), 983 RP_ALLOW_STDIN); 984 reply[i].resp_retcode = PAM_SUCCESS; 985 break; 986 case PAM_PROMPT_ECHO_ON: 987 fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg)); | 692 693 /* Start the authentication thread */ 694 if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { 695 error("PAM: failed create sockets: %s", strerror(errno)); 696 xfree(ctxt); 697 return (NULL); 698 } 699 ctxt->pam_psock = socks[0]; --- 281 unchanged lines hidden (view full) --- 981 case PAM_PROMPT_ECHO_OFF: 982 reply[i].resp = 983 read_passphrase(PAM_MSG_MEMBER(msg, i, msg), 984 RP_ALLOW_STDIN); 985 reply[i].resp_retcode = PAM_SUCCESS; 986 break; 987 case PAM_PROMPT_ECHO_ON: 988 fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg)); |
988 fgets(input, sizeof input, stdin); | 989 if (fgets(input, sizeof input, stdin) == NULL) 990 input[0] = '\0'; |
989 if ((reply[i].resp = strdup(input)) == NULL) 990 goto fail; 991 reply[i].resp_retcode = PAM_SUCCESS; 992 break; 993 case PAM_ERROR_MSG: 994 case PAM_TEXT_INFO: 995 fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg)); 996 reply[i].resp_retcode = PAM_SUCCESS; --- 128 unchanged lines hidden (view full) --- 1125 1126 debug3("PAM: %s called with %d messages", __func__, n); 1127 1128 *resp = NULL; 1129 1130 if (n <= 0 || n > PAM_MAX_NUM_MSG) 1131 return (PAM_CONV_ERR); 1132 | 991 if ((reply[i].resp = strdup(input)) == NULL) 992 goto fail; 993 reply[i].resp_retcode = PAM_SUCCESS; 994 break; 995 case PAM_ERROR_MSG: 996 case PAM_TEXT_INFO: 997 fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg)); 998 reply[i].resp_retcode = PAM_SUCCESS; --- 128 unchanged lines hidden (view full) --- 1127 1128 debug3("PAM: %s called with %d messages", __func__, n); 1129 1130 *resp = NULL; 1131 1132 if (n <= 0 || n > PAM_MAX_NUM_MSG) 1133 return (PAM_CONV_ERR); 1134 |
1133 if ((reply = malloc(n * sizeof(*reply))) == NULL) | 1135 if ((reply = calloc(n, sizeof(*reply))) == NULL) |
1134 return (PAM_CONV_ERR); | 1136 return (PAM_CONV_ERR); |
1135 memset(reply, 0, n * sizeof(*reply)); | |
1136 1137 for (i = 0; i < n; ++i) { 1138 switch (PAM_MSG_MEMBER(msg, i, msg_style)) { 1139 case PAM_PROMPT_ECHO_OFF: 1140 if (sshpam_password == NULL) 1141 goto fail; 1142 if ((reply[i].resp = strdup(sshpam_password)) == NULL) 1143 goto fail; --- 77 unchanged lines hidden --- | 1137 1138 for (i = 0; i < n; ++i) { 1139 switch (PAM_MSG_MEMBER(msg, i, msg_style)) { 1140 case PAM_PROMPT_ECHO_OFF: 1141 if (sshpam_password == NULL) 1142 goto fail; 1143 if ((reply[i].resp = strdup(sshpam_password)) == NULL) 1144 goto fail; --- 77 unchanged lines hidden --- |