Nalin Dahyabhai
1999-Dec-28 16:10 UTC
Patches to report rsaref build and to call pam_setcred
I've attached two patches. The first just changes the output of "ssh -V" to print that it was built against rsaref if libRSAglue (which is built as part of openssl only when it is built against rsaref) is present at build-time. The second adds appropriate calls to pam_setcred() in sshd. Without them, our systems can't access AFS because the PAM modules only get tokens at a pam_setcred() or pam_open_session() call. Cheers, Nalin -------------- next part -------------- diff -uNr acconfig.h acconfig.h --- acconfig.h Sat Dec 25 18:21:48 1999 +++ acconfig.h Mon Dec 27 10:46:05 1999 @@ -24,6 +24,10 @@ /* Define if your ssl headers are included with #include <openssl/header.h> */ #undef HAVE_OPENSSL +/* Define if you are linking against RSAref. Used only to print the right + * message at run-time. */ +#undef RSAREF + /* Define is utmp.h has a ut_host field */ #undef HAVE_HOST_IN_UTMP diff -uNr config.h.in config.h.in --- config.h.in Sat Dec 25 22:25:22 1999 +++ config.h.in Mon Dec 27 10:51:13 1999 @@ -27,6 +27,10 @@ /* Define if your ssl headers are included with #include <openssl/header.h> */ #undef HAVE_OPENSSL +/* Define if you are linking against RSAref. Used only to print the right + * message at run-time. */ +#undef RSAREF + /* Define is utmp.h has a ut_host field */ #undef HAVE_HOST_IN_UTMP diff -uNr configure.in configure.in --- configure.in Sat Dec 25 18:21:48 1999 +++ configure.in Mon Dec 27 10:45:09 1999 @@ -89,7 +89,8 @@ saved_LIBS="$LIBS" LIBS="$saved_LIBS -lRSAglue -lrsaref" AC_TRY_LINK([], [], -[AC_MSG_RESULT(yes); ], +[AC_MSG_RESULT(yes); + AC_DEFINE(RSAREF)], [AC_MSG_RESULT(no)]; LIBS="$saved_LIBS") dnl Checks for libraries. diff -uNr ssh.c ssh.c --- ssh.c Mon Dec 13 18:47:16 1999 +++ ssh.c Mon Dec 27 10:48:43 1999 @@ -305,7 +305,11 @@ case 'V': fprintf(stderr, "SSH Version %s, protocol version %d.%d.\n", SSH_VERSION, PROTOCOL_MAJOR, PROTOCOL_MINOR); +#ifndef RSAREF fprintf(stderr, "Compiled with SSL.\n"); +#else + fprintf(stderr, "Compiled with SSL (RSAref version).\n"); +#endif if (opt == 'V') exit(0); debug_flag = 1; -------------- next part -------------- --- sshd.c Mon Dec 27 23:09:36 1999 +++ sshd.c Tue Dec 28 10:57:00 1999 @@ -149,6 +149,7 @@ int do_pam_auth(const char *user, const char *password); void do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, char *ttyname); +void do_pam_setcred(); void pam_cleanup_proc(void *context); static struct pam_conv conv = { @@ -230,6 +231,12 @@ PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); + if (pam_retval != PAM_SUCCESS) { + log("Cannot delete credentials: %.200s", + PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + } + pam_retval = pam_end((pam_handle_t *)pamh, pam_retval); if (pam_retval != PAM_SUCCESS) { log("Cannot release PAM authentication: %.200s", @@ -301,6 +308,16 @@ if (pam_retval != PAM_SUCCESS) fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + +void do_pam_setcred() +{ + int pam_retval; + + debug("PAM establishing creds"); + pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_ESTABLISH_CRED); + if (pam_retval != PAM_SUCCESS) + fatal("PAM setcred failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); +} #endif /* USE_PAM */ /* @@ -1903,6 +1920,9 @@ packet_set_interactive(have_pty || display != NULL, options.keepalives); +#ifdef USE_PAM + do_pam_setcred(); +#endif if (forced_command != NULL) goto do_forced_command; debug("Forking shell."); @@ -1918,6 +1938,9 @@ packet_set_interactive(have_pty || display != NULL, options.keepalives); +#ifdef USE_PAM + do_pam_setcred(); +#endif if (forced_command != NULL) goto do_forced_command; /* Get command from the packet. */