Displaying 15 results from an estimated 15 matches for "do_pam_set_tty".
2016 Aug 15
2
[Bug 2604] New: Remove orphaned do_pam_set_tty() or make use of it
https://bugzilla.mindrot.org/show_bug.cgi?id=2604
Bug ID: 2604
Summary: Remove orphaned do_pam_set_tty() or make use of it
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org...
2002 Jul 16
2
HP-UX PAM with Trusted System patch
...an someone
please verify the attached patch for running a HP-UX Trusted System with
PAM and OpenSSH 3.4p1? The problem seemed to be that pam couldn't verify
the user via __pamh after the call to permanently_set_uid in session.c.
So I called do_pam_session prior to the call and added a function
do_pam_set_tty in order to set the tty after allocation.
--
Dan Wanek
-------------- next part --------------
diff -u -r openssh-3.4p1/auth-pam.c openssh-3.4p1-dw/auth-pam.c
--- openssh-3.4p1/auth-pam.c Tue May 7 21:27:56 2002
+++ openssh-3.4p1-dw/auth-pam.c Tue Jul 16 07:54:05 2002
@@ -294,6 +294,18 @@
sess...
2011 Feb 10
1
Behaviour of OpenSSH while login as root and non-root account
...a PAM module for SSH to enforce one more layer of
authentication. For that I need terminal ID in close_session() and
pam_sm_setcred() function in PAM module while OpenSSH hardcoded it "ssh". I
made few changes in OpenSSh code so it can set terminal ID properly. These
changes were :
added do_pam_set_tty() in session_pty_req(Session *s) function in session.c
and added do_pam_set_tty() in mm_pty_allocate() function in monitor_wrap.c
It works fine for root and I get appropriate tty in pam_sm_cred() and
pam_sm_close_session() function.
But using same code, when I try to ssh through a non root accoun...
2002 Oct 21
0
[Bug 419] New: HP-UX PAM problems with 3.5p1
...d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval));
}
+#endif
if (__pamh) {
pam_retval = pam_end(__pamh, pam_retval);
@@ -299,6 +301,18 @@
pam_retval, PAM_STRERROR(__pamh, pam_retval));
session_opened = 1;
+}
+
+/* Set the TTY after session is open */
+void do_pam_set_tty(const char *ttyname) {
+ int pam_retval;
+ if (ttyname != NULL) {
+ debug("PAM setting tty to \"%.200s\"", ttyname);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retva...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...ing_flag |= 2;
no_x11_forwarding_flag |= 2;
break;
-#endif
default:
log("PAM rejected by account configuration[%d]: "
"%.200s", pam_retval, PAM_STRERROR(__pamh,
@@ -301,6 +299,18 @@
session_opened = 1;
}
+/* Set the TTY after session is open */
+void do_pam_set_tty(const char *ttyname) {
+ int pam_retval;
+ if (ttyname != NULL) {
+ debug("PAM setting tty to \"%.200s\"", ttyname);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retva...
2003 Aug 24
12
[Bug 423] Workaround for pw change in privsep mode (3.5.p1)
http://bugzilla.mindrot.org/show_bug.cgi?id=423
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |627
nThis| |
Status|NEW |ASSIGNED
------- Additional
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...ing_flag |= 2;
no_x11_forwarding_flag |= 2;
break;
-#endif
default:
log("PAM rejected by account configuration[%d]: "
"%.200s", pam_retval, PAM_STRERROR(__pamh,
@@ -301,6 +299,18 @@
session_opened = 1;
}
+/* Set the TTY after session is open */
+void do_pam_set_tty(const char *ttyname) {
+ int pam_retval;
+ if (ttyname != NULL) {
+ debug("PAM setting tty to \"%.200s\"", ttyname);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retva...
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
...d to set PAM_CONV: %s",
- pam_strerror(sshpam_handle, sshpam_err));
- sshpam_err = pam_open_session(sshpam_handle, 0);
- if (sshpam_err != PAM_SUCCESS)
- fatal("PAM: pam_open_session(): %s",
- pam_strerror(sshpam_handle, sshpam_err));
- sshpam_session_open = 1;
-}
-
-void
do_pam_set_tty(const char *tty)
{
if (tty != NULL) {
@@ -611,7 +594,7 @@ is_pam_password_change_required(void)
}
static int
-pam_chauthtok_conv(int n, const struct pam_message **msg,
+pam_tty_conv(int n, const struct pam_message **msg,
struct pam_response **resp, void *data)
{
char input[PAM_MAX_MS...
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
...proctitle(s);
#if defined(USE_PAM)
- if (options.use_pam && !use_privsep)
+ if (options.use_pam && !use_privsep) {
+ do_pam_session();
do_pam_setcred(1);
+ }
#endif /* USE_PAM */
/* Fork the child. */
@@ -531,8 +533,10 @@
#if defined(USE_PAM)
if (options.use_pam) {
do_pam_set_tty(s->tty);
- if (!use_privsep)
+ if (!use_privsep) {
+ do_pam_session();
do_pam_setcred(1);
+ }
}
#endif
Index: auth-pam.c
===================================================================
--- auth-pam.c (revision 15)
+++ auth-pam.c (working copy)
@@ -996,6 +996,8 @@
void
do_pam_...
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function,
do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2,
this is no longer the case: session modules run with a conversation
function that just returns PAM_CONV_ERR. This means that simple session
modules whose job involves printing text on the user's terminal no
longer work: pam_lastlog, pam_mail, and
2004 Sep 14
1
PATCH: Public key authentication defeats passwd age warning.
...am_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
- sshpam_account_status = 0;
- return (sshpam_account_status);
- }
-
- if (sshpam_err == PAM_NEW_AUTHTOK_REQD)
- sshpam_password_change_required(1);
-
- sshpam_account_status = 1;
- return (sshpam_account_status);
-}
-
void
do_pam_set_tty(const char *tty)
{
@@ -939,6 +918,45 @@
static struct pam_conv store_conv = { sshpam_store_conv, NULL };
+u_int
+do_pam_account(void)
+{
+ struct pam_conv *OldConv;
+ if (sshpam_account_status != -1)
+ return (sshpam_account_status);
+
+ sshpam_err = pam_get_item(sshpam_handle, PAM_CONV, (vo...
2016 Jul 08
74
[Bug 2594] New: Tracking bug for OpenSSH 7.4 release
https://bugzilla.mindrot.org/show_bug.cgi?id=2594
Bug ID: 2594
Summary: Tracking bug for OpenSSH 7.4 release
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: All
Status: NEW
Keywords: meta
Severity: normal
Priority: P1
Component: Miscellaneous
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2004 Jan 14
18
[Bug 789] pam_setcred() not being called as root
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
As many of you know, OpenSSH 3.7.X, unlike previous versions, makes
PAM authentication take place in a separate process or thread
(launched from sshpam_init_ctx() in auth-pam.c). By default (if you
don't define USE_POSIX_THREADS) the code "fork"s a separate process.
Or if you define USE_POSIX_THREADS it will create a new thread (a
second one, in addition to the primary thread).
The