[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Sep 1 16:51:08 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=423
------- Additional Comments From djm at mindrot.org 2003-09-01 16:51 -------
(From update of attachment 376)
>--- auth-pam.c-orig Tue Aug 26 03:58:16 2003
>+++ auth-pam.c Mon Sep 1 08:04:13 2003
>@@ -199,10 +199,15 @@
> {
> struct pam_ctxt *ctxt = ctxtp;
> Buffer buffer;
>- struct pam_conv sshpam_conv = { sshpam_thread_conv, ctxt };
>+ struct pam_conv sshpam_conv;
> #ifndef USE_POSIX_THREADS
> const char *pam_user;
>+#endif
>+
>+ sshpam_conv.conv = sshpam_thread_conv;
>+ sshpam_conv.appdata_ptr = ctxt;
I don't understand this part of the patch. Why does break the initialisation
from the declaration?
>+#ifndef USE_POSIX_THREADS
I'm not sure which version you are diffing against, but CVS HEAD already has
this test.
> #if defined(USE_PAM)
> if (options.use_pam) {
>- do_pam_session(s->pw->pw_name, NULL);
> do_pam_setcred(1);
> if (is_pam_password_change_required())
> packet_disconnect("Password change required but no "
>@@ -561,7 +560,7 @@
>
> #if defined(USE_PAM)
> if (options.use_pam) {
>- do_pam_session(s->pw->pw_name, s->tty);
>+ do_pam_set_tty(s->tty);
> do_pam_setcred(1);
> }
> #endif
>@@ -1235,6 +1234,7 @@
> */
> if (options.use_pam)
> do_pam_setcred(0);
>+ do_pam_session(pw->pw_name,NULL);
This is missing braces after the "if" statement. I.e
if (options.use_pam) {
do_pam_setcred(0);
do_pam_session(pw->pw_name,NULL);
}
I agree that do_pam_session makes more sense is setusercontext, but if we split
the PAM_TTY setting, then we should remove do_pam_session's second argument
entirely.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list