Configurable PAM Service name

Gary Algier gaa at ulticom.com
Tue May 16 02:29:30 EST 2000


I have created patches to allow for a configurable PAM service
name.  I use this with the ListenAddress configuration parameters,
along with ipaliasing and firewall blocking, to force a SecurID
authentication on remote connections but still allow for "normal"
access internally.

If anyone is interested, here they are:


Index: auth-pam.c
===================================================================
RCS file: /u/itsrc/cvs/security/openssh/auth-pam.c,v
retrieving revision 1.1.1.3
retrieving revision 1.1.1.3.2.1
diff -u -r1.1.1.3 -r1.1.1.3.2.1
--- auth-pam.c	2000/05/11 21:28:36	1.1.1.3
+++ auth-pam.c	2000/05/13 17:33:09	1.1.1.3.2.1
@@ -211,11 +211,12 @@
 /* Start PAM authentication for specified account */
 void start_pam(struct passwd *pw)
 {
+	extern ServerOptions options;
 	int pam_retval;
 
-	debug("Starting up PAM with username \"%.200s\"", pw->pw_name);
+	debug("Starting up PAM with service \"%s\" and username \"%.200s\"", options.pam_service, pw->pw_name);
 
-	pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, 
+	pam_retval = pam_start(options.pam_service, pw->pw_name, &conv, 
 		(pam_handle_t**)&pamh);
 	if (pam_retval != PAM_SUCCESS)
 		fatal("PAM initialisation failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
Index: servconf.c
===================================================================
RCS file: /u/itsrc/cvs/security/openssh/servconf.c,v
retrieving revision 1.1.1.3
retrieving revision 1.1.1.3.2.1
diff -u -r1.1.1.3 -r1.1.1.3.2.1
--- servconf.c	2000/05/11 21:28:52	1.1.1.3
+++ servconf.c	2000/05/13 17:33:09	1.1.1.3.2.1
@@ -34,6 +34,7 @@
 	options->host_key_file = NULL;
 	options->host_dsa_key_file = NULL;
 	options->pid_file = NULL;
+	options->pam_service = NULL;
 	options->server_key_bits = -1;
 	options->login_grace_time = -1;
 	options->key_regeneration_time = -1;
@@ -89,6 +90,8 @@
 		options->host_dsa_key_file = HOST_DSA_KEY_FILE;
 	if (options->pid_file == NULL)
 		options->pid_file = SSH_DAEMON_PID_FILE;
+	if (options->pam_service == NULL)
+		options->pam_service = SSHD_PAM_SERVICE;
 	if (options->server_key_bits == -1)
 		options->server_key_bits = 768;
 	if (options->login_grace_time == -1)
@@ -177,7 +180,7 @@
 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
 	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
 	sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,
-	sGatewayPorts, sDSAAuthentication
+	sPAMService, sGatewayPorts, sDSAAuthentication
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -189,6 +192,7 @@
 	{ "hostkey", sHostKeyFile },
 	{ "hostdsakey", sHostDSAKeyFile },
  	{ "pidfile", sPidFile },
+ 	{ "pamservice", sPAMService },
 	{ "serverkeybits", sServerKeyBits },
 	{ "logingracetime", sLoginGraceTime },
 	{ "keyregenerationinterval", sKeyRegenerationTime },
@@ -385,6 +389,18 @@
 			}
 			if (*charptr == NULL)
 				*charptr = tilde_expand_filename(cp, getuid());
+			break;
+
+		case sPAMService:
+			charptr = &options->pam_service;
+			cp = strtok(NULL, WHITESPACE);
+			if (!cp) {
+				fprintf(stderr, "%s line %d: missing PAM service name.\n",
+				    filename, linenum);
+				exit(1);
+			}
+			if (*charptr == NULL)
+				*charptr = xstrdup(cp);
 			break;
 
 		case sRandomSeedFile:
Index: servconf.h
===================================================================
RCS file: /u/itsrc/cvs/security/openssh/servconf.h,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.2.1
diff -u -r1.1.1.2 -r1.1.1.2.2.1
--- servconf.h	2000/05/11 21:28:53	1.1.1.2
+++ servconf.h	2000/05/13 17:33:10	1.1.1.2.2.1
@@ -34,6 +34,7 @@
 	char   *host_key_file;	/* File containing host key. */
 	char   *host_dsa_key_file;	/* File containing dsa host key. */
 	char   *pid_file;	/* Where to put our pid */
+	char   *pam_service;	/* Service name for PAM */
 	int     server_key_bits;/* Size of the server key. */
 	int     login_grace_time;	/* Disconnect if no auth in this time
 					 * (sec). */





More information about the openssh-unix-dev mailing list