patch to add a PAMServiceName config option

pod pod at herald.ox.ac.uk
Thu Dec 5 22:44:11 EST 2002 

I append a patch against openssh-3.5p1.tar.gz which adds a config option
PAMServiceName.  The option allows one to specify the PAM service at
runtime in the config file rather than using __progname or having it
hardwired to SSHD_PAM_SERVICE at compile time.  I expect this to be useful
if one wants to run multiple instances of sshd using different PAM
configurations.

With this patch SSHD_PAM_SERVICE is not used in auth-pam.c so I moved the
definition out of auth-pam.h into servconf.h.  Effectively
SSHD_PAM_SERVICE now merely supplies the default service name.  I'm not
convinced that servconf.h is the correct place for it.

==========pam-service.diff follows==========
diff -ru openssh-3.5p1.orig/auth-pam.c openssh-3.5p1/auth-pam.c
--- openssh-3.5p1.orig/auth-pam.c	Sun Jul 28 21:24:08 2002
+++ openssh-3.5p1/auth-pam.c	Tue Dec  3 14:22:16 2002
@@ -34,8 +34,6 @@
 #include "canohost.h"
 #include "readpass.h"
 
-extern char *__progname;
-
 extern int use_privsep;
 
 RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $");
@@ -381,7 +379,7 @@
 
 	debug("Starting up PAM with username \"%.200s\"", user);
 
-	pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh);
+	pam_retval = pam_start(options.pam_service_name, user, &conv, &__pamh);
 
 	if (pam_retval != PAM_SUCCESS)
 		fatal("PAM initialisation failed[%d]: %.200s",
diff -ru openssh-3.5p1.orig/auth-pam.h openssh-3.5p1/auth-pam.h
--- openssh-3.5p1.orig/auth-pam.h	Tue Jul 23 01:44:07 2002
+++ openssh-3.5p1/auth-pam.h	Tue Dec  3 14:13:52 2002
@@ -27,10 +27,6 @@
 #include "includes.h"
 #ifdef USE_PAM
 
-#if !defined(SSHD_PAM_SERVICE)
-# define SSHD_PAM_SERVICE		__progname
-#endif
-
 void start_pam(const char *user);
 void finish_pam(void);
 int auth_pam_password(Authctxt *authctxt, const char *password);
diff -ru openssh-3.5p1.orig/servconf.c openssh-3.5p1/servconf.c
--- openssh-3.5p1.orig/servconf.c	Thu Sep  5 05:35:15 2002
+++ openssh-3.5p1/servconf.c	Tue Dec  3 14:22:00 2002
@@ -48,6 +48,8 @@
 /* Use of privilege separation or not */
 extern int use_privsep;
 
+extern char *__progname;
+
 /* Initializes the server options to their default values. */
 
 void
@@ -57,6 +59,7 @@
 
 	/* Portable-specific options */
 	options->pam_authentication_via_kbd_int = -1;
+	options->pam_service_name = NULL;
 
 	/* Standard Options */
 	options->num_ports = 0;
@@ -134,6 +137,8 @@
 	/* Portable-specific options */
 	if (options->pam_authentication_via_kbd_int == -1)
 		options->pam_authentication_via_kbd_int = 0;
+	if (options->pam_service_name == NULL )
+		options->pam_service_name = SSHD_PAM_SERVICE;
 
 	/* Standard Options */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
@@ -276,6 +281,7 @@
 	sBadOption,		/* == unknown option */
 	/* Portable-specific options */
 	sPAMAuthenticationViaKbdInt,
+	sPAMServiceName,
 	/* Standard Options */
 	sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
 	sPermitRootLogin, sLogFacility, sLogLevel,
@@ -312,6 +318,7 @@
 } keywords[] = {
 	/* Portable-specific options */
 	{ "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt },
+	{ "PAMServiceName", sPAMServiceName },
 	/* Standard Options */
 	{ "port", sPort },
 	{ "hostkey", sHostKeyFile },
@@ -461,6 +468,16 @@
 	case sPAMAuthenticationViaKbdInt:
 		intptr = &options->pam_authentication_via_kbd_int;
 		goto parse_flag;
+
+	case sPAMServiceName:
+		charptr=&options->pam_service_name;
+		arg=strdelim(&cp);
+		if (!arg || *arg == '\0' )
+			fatal("%s line %d: missing PAM service name",
+			      filename, linenum);
+		if( *charptr==NULL )
+			*charptr=xstrdup(arg);
+		break;
 
 	/* Standard Options */
 	case sBadOption:
diff -ru openssh-3.5p1.orig/servconf.h openssh-3.5p1/servconf.h
--- openssh-3.5p1.orig/servconf.h	Thu Aug  1 02:28:39 2002
+++ openssh-3.5p1/servconf.h	Tue Dec  3 14:10:55 2002
@@ -132,6 +132,7 @@
 	char   *authorized_keys_file;	/* File containing public keys */
 	char   *authorized_keys_file2;
 	int	pam_authentication_via_kbd_int;
+	char   *pam_service_name;
 }       ServerOptions;
 
 void	 initialize_server_options(ServerOptions *);
@@ -139,5 +140,8 @@
 void	 fill_default_server_options(ServerOptions *);
 int	 process_server_config_line(ServerOptions *, char *, const char *, int);
 
+#if !defined(SSHD_PAM_SERVICE)
+# define SSHD_PAM_SERVICE		__progname
+#endif
 
 #endif				/* SERVCONF_H */
diff -ru openssh-3.5p1.orig/sshd_config.5 openssh-3.5p1/sshd_config.5
--- openssh-3.5p1.orig/sshd_config.5	Thu Sep 19 02:51:22 2002
+++ openssh-3.5p1/sshd_config.5	Tue Dec  3 14:19:34 2002
@@ -427,6 +427,8 @@
 it will allow password authentication regardless of whether
 .Cm PasswordAuthentication
 is enabled.
+.It Cm PAMServiceName
+Specifies the PAM service name to use when initialising PAM services.
 .It Cm PasswordAuthentication
 Specifies whether password authentication is allowed.
 The default is

More information about the openssh-unix-dev mailing list