- (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c
monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized
even if keyboard-interactive is not used by the client. Prevents segfaults
in some cases where the user's password is expired (note this is not
considered a security exposure). ok djm@
diff --git a/auth2.c b/auth2.c
index a9490cc..1177efa 100644
--- a/auth2.c
+++ b/auth2.c
@@ -150,24 +150,24 @@
if (authctxt->attempt++ == 0) {
/* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(user));
+ authctxt->user = xstrdup(user);
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
#ifdef USE_PAM
if (options.use_pam)
- PRIVSEP(start_pam(authctxt->pw->pw_name));
+ PRIVSEP(start_pam(authctxt));
#endif
} else {
logit("input_userauth_request: illegal user %s", user);
authctxt->pw = fakepw();
#ifdef USE_PAM
if (options.use_pam)
- PRIVSEP(start_pam(user));
+ PRIVSEP(start_pam(authctxt));
#endif
}
setproctitle("%s%s", authctxt->pw ? user : "unknown",
use_privsep ? " [net]" : "");
- authctxt->user = xstrdup(user);
authctxt->service = xstrdup(service);
authctxt->style = style ? xstrdup(style) : NULL;
if (use_privsep)