search for: sshpam_authctxt

http://bugzilla.mindrot.org/show_bug.cgi?id=899 Summary: sshd displays illegal usernames through setproctitle() Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi, I am using PAM authentication on 3.8p1. In my PAM auth module I can turn on debug logging that includes a timestamp in the form "mm/dd/yy hh:mm:ss". Life is good. I want to upgrade from 3.8p1 so I can use PAM for PasswordAuthentication in addition to keyboard-interactive. I have compiled both 4.1p1 and 4.3p2 and the PAM authentication for both methods works fine in both

...+ pam_user, authctxt->user); + return PAM_USER_UNKNOWN; + } + + return PAM_SUCCESS; +} + /* * Authentication thread. */ @@ -521,6 +543,9 @@ sshpam_thread(void *ctxtp) sshpam_set_maxtries_reached(1); if (sshpam_err != PAM_SUCCESS) goto auth_fail; + sshpam_err = check_pam_user(sshpam_authctxt); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; if (!do_pam_account()) { sshpam_err = PAM_ACCT_EXPIRED; @@ -686,8 +711,7 @@ sshpam_cleanup(void) static int sshpam_init(struct ssh *ssh, Authctxt *authctxt) { - const char *pam_user, *user = authctxt->user; - const char **ptr_pam_us...

...= pw; + free(authctxt->user); + authctxt->user = user; + } + return PAM_SUCCESS; +} + +/* * Conversation function for authentication thread. */ static int @@ -469,6 +502,10 @@ if (sshpam_err != PAM_SUCCESS) goto auth_fail; + sshpam_err = sshpam_handle_user_change(sshpam_handle, sshpam_authctxt); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; + if (compat20) { if (!do_pam_account()) { sshpam_err = PAM_ACCT_EXPIRED; @@ -1206,7 +1243,8 @@ sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam_password = NULL; - if (sshpam_err == PAM_SUCCESS && authctxt->v...