# HG changeset patch
# User jp161948
# Date 1175086024 25200
# Node ID 211a66d0821f8dfbad4a019b570e1b69be2521f5
# Parent  06a70d1289cb1ae3a7366c0ee26d39e9a31a854f
6203206 sshd should set PAM_AUSER for hostbased userauth for audited logins to roles

diff -r 06a70d1289cb -r 211a66d0821f usr/src/cmd/ssh/include/auth.h
--- a/usr/src/cmd/ssh/include/auth.h	Wed Mar 28 00:46:13 2007 -0700
+++ b/usr/src/cmd/ssh/include/auth.h	Wed Mar 28 05:47:04 2007 -0700
@@ -35,7 +35,7 @@
  *
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -98,6 +98,9 @@
 					   v1 still needs this*/
 #ifdef USE_PAM
 	pam_stuff	*pam;
+	char		*cuser; /* client side user, needed for setting
+				   PAM_AUSER for hostbased authentication
+				   using roles */
 	u_long		 last_login_time; /* need to get the time of
 					     last login before calling
 					     pam_open_session() */
diff -r 06a70d1289cb -r 211a66d0821f usr/src/cmd/ssh/sshd/auth-pam.c
--- a/usr/src/cmd/ssh/sshd/auth-pam.c	Wed Mar 28 00:46:13 2007 -0700
+++ b/usr/src/cmd/ssh/sshd/auth-pam.c	Wed Mar 28 05:47:04 2007 -0700
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -207,6 +207,13 @@
 			get_method_name(authctxt));
 	}
 
+	if (authctxt->cuser != NULL) 
+		if ((retval = pam_set_item(pamh, PAM_AUSER, authctxt->cuser)) != PAM_SUCCESS) {
+			(void) pam_end(pamh, retval);
+			fatal("Could not set PAM_AUSER item during %s userauth",
+				get_method_name(authctxt));
+		}
+
 	authctxt->pam->h = pamh;
 }
 
diff -r 06a70d1289cb -r 211a66d0821f usr/src/cmd/ssh/sshd/auth2-hostbased.c
--- a/usr/src/cmd/ssh/sshd/auth2-hostbased.c	Wed Mar 28 00:46:13 2007 -0700
+++ b/usr/src/cmd/ssh/sshd/auth2-hostbased.c	Wed Mar 28 05:47:04 2007 -0700
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -136,8 +136,12 @@
 	 */
 #ifdef USE_PAM
 	if (authenticated) {
+		authctxt->cuser = cuser;
 		if (!do_pam_non_initial_userauth(authctxt))
 			authenticated = 0;
+		/* Make sure nobody else will use this pointer since we are
+		 * going to free that string. */
+		authctxt->cuser = NULL;
 	}
 #endif /* USE_PAM */