[Bug 423] Workaround for pw change in privsep mode (3.5.p1)

Mon Sep 1 16:51:08 EST 2003

http://bugzilla.mindrot.org/show_bug.cgi?id=423

------- Additional Comments From djm at mindrot.org  2003-09-01 16:51 -------
(From update of attachment 376)
>--- auth-pam.c-orig	Tue Aug 26 03:58:16 2003
>+++ auth-pam.c	Mon Sep  1 08:04:13 2003
>@@ -199,10 +199,15 @@
> {
> 	struct pam_ctxt *ctxt = ctxtp;
> 	Buffer buffer;
>-	struct pam_conv sshpam_conv = { sshpam_thread_conv, ctxt };
>+	struct pam_conv sshpam_conv;
> #ifndef USE_POSIX_THREADS
> 	const char *pam_user;
>+#endif
>+
>+	sshpam_conv.conv = sshpam_thread_conv;
>+	sshpam_conv.appdata_ptr = ctxt;

I don't understand this part of the patch. Why does break the initialisation
from the declaration?

>+#ifndef USE_POSIX_THREADS

I'm not sure which version you are diffing against, but CVS HEAD already has
this test.

> #if defined(USE_PAM)
> 	if (options.use_pam) {
>-		do_pam_session(s->pw->pw_name, NULL);
> 		do_pam_setcred(1);
> 		if (is_pam_password_change_required())
> 			packet_disconnect("Password change required but no "
>@@ -561,7 +560,7 @@
> 
> #if defined(USE_PAM)
> 	if (options.use_pam) {
>-		do_pam_session(s->pw->pw_name, s->tty);
>+		do_pam_set_tty(s->tty);
> 		do_pam_setcred(1);
> 	}
> #endif
>@@ -1235,6 +1234,7 @@
> 		 */
> 		if (options.use_pam)
> 			do_pam_setcred(0);
>+			do_pam_session(pw->pw_name,NULL);

This is missing braces after the "if" statement. I.e

if (options.use_pam) {
	do_pam_setcred(0);
	do_pam_session(pw->pw_name,NULL);
}

I agree that do_pam_session makes more sense is setusercontext, but if we split
the PAM_TTY setting, then we should remove do_pam_session's second argument
entirely.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.