Problem with -current on Solaris 8 + PAM?

Darren Tucker dtucker at zip.com.au
Fri Aug 8 12:15:53 EST 2003


Hi All.
	Has anyone else tried the current tree on Solaris 8?  I installed a
recommended patch cluster and now I get PAM errors, but only on a
non-interactive (ie no TTY) login.  I think this behaviour was introduced
with the patch cluster.

	First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty
which is null, and segfaults.  This occurs in debug mode only and is easy
to fix.

	The next problem is that pam_open_session now seems to fail when PAM_TTY
is set to NULL.

debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
debug1: PAM: setting PAM_TTY to "(null)"
PAM: pam_open_session(): Can not make/remove entry for session

	The code from 3.6.1p2 is doesn't set PAM_TTY at all when tty is NULL. 
Doing that fixes -current for me.  Should it be changed to do the same
thing, ie

--- auth-pam.c  3 Jun 2003 00:25:48 -0000       1.64
+++ auth-pam.c  8 Aug 2003 02:13:34 -0000
@@ -531,11 +531,13 @@
        if (sshpam_err != PAM_SUCCESS)
                fatal("PAM: failed to set PAM_CONV: %s",
                    pam_strerror(sshpam_handle, sshpam_err));
-       debug("PAM: setting PAM_TTY to \"%s\"", tty);
-       sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
-       if (sshpam_err != PAM_SUCCESS)
-               fatal("PAM: failed to set PAM_TTY: %s",
-                   pam_strerror(sshpam_handle, sshpam_err));
+       if (tty != NULL) {
+               debug("PAM: setting PAM_TTY to \"%s\"", tty);
+               sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
+               if (sshpam_err != PAM_SUCCESS)
+                       fatal("PAM: failed to set PAM_TTY: %s",
+                           pam_strerror(sshpam_handle, sshpam_err));
+       }
        sshpam_err = pam_open_session(sshpam_handle, 0);
        if (sshpam_err != PAM_SUCCESS)
                fatal("PAM: pam_open_session(): %s",


-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list