Hi All.
Has anyone else tried the current tree on Solaris 8? I installed a
recommended patch cluster and now I get PAM errors, but only on a
non-interactive (ie no TTY) login. I think this behaviour was introduced
with the patch cluster.
First thing is that in debug mode, the debug at auth-pam.c:534 derefs tty
which is null, and segfaults. This occurs in debug mode only and is easy
to fix.
The next problem is that pam_open_session now seems to fail when PAM_TTY
is set to NULL.
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req exec
debug1: PAM: setting PAM_TTY to "(null)"
PAM: pam_open_session(): Can not make/remove entry for session
The code from 3.6.1p2 is doesn't set PAM_TTY at all when tty is NULL.
Doing that fixes -current for me. Should it be changed to do the same
thing, ie
--- auth-pam.c 3 Jun 2003 00:25:48 -0000 1.64
+++ auth-pam.c 8 Aug 2003 02:13:34 -0000
@@ -531,11 +531,13 @@
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: failed to set PAM_CONV: %s",
pam_strerror(sshpam_handle, sshpam_err));
- debug("PAM: setting PAM_TTY to \"%s\"", tty);
- sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
- if (sshpam_err != PAM_SUCCESS)
- fatal("PAM: failed to set PAM_TTY: %s",
- pam_strerror(sshpam_handle, sshpam_err));
+ if (tty != NULL) {
+ debug("PAM: setting PAM_TTY to \"%s\"",
tty);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty);
+ if (sshpam_err != PAM_SUCCESS)
+ fatal("PAM: failed to set PAM_TTY: %s",
+ pam_strerror(sshpam_handle, sshpam_err));
+ }
sshpam_err = pam_open_session(sshpam_handle, 0);
if (sshpam_err != PAM_SUCCESS)
fatal("PAM: pam_open_session(): %s",
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
