Mercurial > illumos > illumos-gate
changeset 3908:211a66d0821f
6203206 sshd should set PAM_AUSER for hostbased userauth for audited logins to roles
author | jp161948 |
---|---|
date | Wed, 28 Mar 2007 05:47:04 -0700 |
parents | 06a70d1289cb |
children | 9f4024db0edf |
files | usr/src/cmd/ssh/include/auth.h usr/src/cmd/ssh/sshd/auth-pam.c usr/src/cmd/ssh/sshd/auth2-hostbased.c |
diffstat | 3 files changed, 17 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/ssh/include/auth.h Wed Mar 28 00:46:13 2007 -0700 +++ b/usr/src/cmd/ssh/include/auth.h Wed Mar 28 05:47:04 2007 -0700 @@ -35,7 +35,7 @@ * */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -98,6 +98,9 @@ v1 still needs this*/ #ifdef USE_PAM pam_stuff *pam; + char *cuser; /* client side user, needed for setting + PAM_AUSER for hostbased authentication + using roles */ u_long last_login_time; /* need to get the time of last login before calling pam_open_session() */
--- a/usr/src/cmd/ssh/sshd/auth-pam.c Wed Mar 28 00:46:13 2007 -0700 +++ b/usr/src/cmd/ssh/sshd/auth-pam.c Wed Mar 28 05:47:04 2007 -0700 @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* - * Copyright 2006 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -207,6 +207,13 @@ get_method_name(authctxt)); } + if (authctxt->cuser != NULL) + if ((retval = pam_set_item(pamh, PAM_AUSER, authctxt->cuser)) != PAM_SUCCESS) { + (void) pam_end(pamh, retval); + fatal("Could not set PAM_AUSER item during %s userauth", + get_method_name(authctxt)); + } + authctxt->pam->h = pamh; }
--- a/usr/src/cmd/ssh/sshd/auth2-hostbased.c Wed Mar 28 00:46:13 2007 -0700 +++ b/usr/src/cmd/ssh/sshd/auth2-hostbased.c Wed Mar 28 05:47:04 2007 -0700 @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* - * Copyright 2004 Sun Microsystems, Inc. All rights reserved. + * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -136,8 +136,12 @@ */ #ifdef USE_PAM if (authenticated) { + authctxt->cuser = cuser; if (!do_pam_non_initial_userauth(authctxt)) authenticated = 0; + /* Make sure nobody else will use this pointer since we are + * going to free that string. */ + authctxt->cuser = NULL; } #endif /* USE_PAM */