Mercurial > illumos > illumos-gate

changeset 3908:211a66d0821f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6203206 sshd should set PAM_AUSER for hostbased userauth for audited logins to roles
author jp161948
date Wed, 28 Mar 2007 05:47:04 -0700
parents 06a70d1289cb
children 9f4024db0edf
files usr/src/cmd/ssh/include/auth.h usr/src/cmd/ssh/sshd/auth-pam.c usr/src/cmd/ssh/sshd/auth2-hostbased.c
diffstat 3 files changed, 17 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/ssh/include/auth.h	Wed Mar 28 00:46:13 2007 -0700
+++ b/usr/src/cmd/ssh/include/auth.h	Wed Mar 28 05:47:04 2007 -0700
@@ -35,7 +35,7 @@
  *
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -98,6 +98,9 @@
 					   v1 still needs this*/
 #ifdef USE_PAM
 	pam_stuff	*pam;
+	char		*cuser; /* client side user, needed for setting
+				   PAM_AUSER for hostbased authentication
+				   using roles */
 	u_long		 last_login_time; /* need to get the time of
 					     last login before calling
 					     pam_open_session() */
--- a/usr/src/cmd/ssh/sshd/auth-pam.c	Wed Mar 28 00:46:13 2007 -0700
+++ b/usr/src/cmd/ssh/sshd/auth-pam.c	Wed Mar 28 05:47:04 2007 -0700
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -207,6 +207,13 @@
 			get_method_name(authctxt));
 	}
 
+	if (authctxt->cuser != NULL) 
+		if ((retval = pam_set_item(pamh, PAM_AUSER, authctxt->cuser)) != PAM_SUCCESS) {
+			(void) pam_end(pamh, retval);
+			fatal("Could not set PAM_AUSER item during %s userauth",
+				get_method_name(authctxt));
+		}
+
 	authctxt->pam->h = pamh;
 }
 
--- a/usr/src/cmd/ssh/sshd/auth2-hostbased.c	Wed Mar 28 00:46:13 2007 -0700
+++ b/usr/src/cmd/ssh/sshd/auth2-hostbased.c	Wed Mar 28 05:47:04 2007 -0700
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -136,8 +136,12 @@
 	 */
 #ifdef USE_PAM
 	if (authenticated) {
+		authctxt->cuser = cuser;
 		if (!do_pam_non_initial_userauth(authctxt))
 			authenticated = 0;
+		/* Make sure nobody else will use this pointer since we are
+		 * going to free that string. */
+		authctxt->cuser = NULL;
 	}
 #endif /* USE_PAM */