- Calls to pam_setcred, patch from Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>

commit: ac3a4b4a96d952a467e1cdf660f9d471e1141f6f [log] [tgz]
author: Damien Miller <djm@mindrot.org> Wed Dec 29 10:25:40 1999 +1100
committer: Damien Miller <djm@mindrot.org> Wed Dec 29 10:25:40 1999 +1100
tree: 31e80dc84c6dab5535e307c4c0e02308207ff137
parent: d00d1611e4233b540d0f6f354e37fdd758a44d8f [diff]
diff --git a/ChangeLog b/ChangeLog
index f3a1108..2947cc7 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -6,6 +6,8 @@
    <drankin@bohemians.lexington.ky.us>
  - Print whether OpenSSH was compiled with RSARef, patch from 
    Nalin Dahyabhai <nalin@thermo.stat.ncsu.edu>
+ - Calls to pam_setcred, patch from Nalin Dahyabhai 
+   <nalin@thermo.stat.ncsu.edu>
 
 19991228
  - Replacement for getpagesize() for systems which lack it

diff --git a/sshd.c b/sshd.c
index 8620e49..73a33b7 100644
--- a/sshd.c
+++ b/sshd.c

@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.47 1999/12/28 23:17:09 damien Exp $");
+RCSID("$Id: sshd.c,v 1.48 1999/12/28 23:25:41 damien Exp $");
 
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -149,6 +149,7 @@
 int do_pam_auth(const char *user, const char *password);
 void do_pam_account(char *username, char *remote_user);
 void do_pam_session(char *username, char *ttyname);
+void do_pam_setcred();
 void pam_cleanup_proc(void *context);
 
 static struct pam_conv conv = {
@@ -230,6 +231,12 @@
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		}
 
+		pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED);
+		if (pam_retval != PAM_SUCCESS) {
+			log("Cannot delete credentials: %.200s", 
+			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+		}
+
 		pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
 		if (pam_retval != PAM_SUCCESS) {
 			log("Cannot release PAM authentication: %.200s", 
@@ -301,6 +308,16 @@
 	if (pam_retval != PAM_SUCCESS)
 		fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 }
+ 
+void do_pam_setcred()
+{
+	int pam_retval;
+ 
+	debug("PAM establishing creds");
+	pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED);
+	if (pam_retval != PAM_SUCCESS)
+		fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+}
 #endif /* USE_PAM */
 
 /*
@@ -1906,6 +1923,9 @@
 			packet_set_interactive(have_pty || display != NULL,
 					       options.keepalives);
 
+#ifdef USE_PAM
+			do_pam_setcred();
+#endif
 			if (forced_command != NULL)
 				goto do_forced_command;
 			debug("Forking shell.");
@@ -1921,6 +1941,9 @@
 			packet_set_interactive(have_pty || display != NULL,
 					       options.keepalives);
 
+#ifdef USE_PAM
+			do_pam_setcred();
+#endif
 			if (forced_command != NULL)
 				goto do_forced_command;
 			/* Get command from the packet. */
commit	ac3a4b4a96d952a467e1cdf660f9d471e1141f6f	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Wed Dec 29 10:25:40 1999 +1100
committer	Damien Miller <djm@mindrot.org>	Wed Dec 29 10:25:40 1999 +1100
tree	31e80dc84c6dab5535e307c4c0e02308207ff137
parent	d00d1611e4233b540d0f6f354e37fdd758a44d8f [diff]