[oi-userland.git] / components / network / hpn-ssh / patches / 0015-Enable-login-to-a-role-if-PAM-is-ok-with-it.patch
| blob | 4423c47514b3f41c4405f60531326b69aeb4cf1c |
1 --- hpn-ssh-hpn-18.4.2/auth-pam.c.orig
2 +++ hpn-ssh-hpn-18.4.2/auth-pam.c
3 @@ -1215,6 +1215,20 @@
4 return (sshpam_account_status);
5 }
7 +#ifdef HAVE_PAM_AUSER
8 +void
9 +do_pam_set_auser(const char* auser)
10 +{
11 + if (auser != NULL) {
12 + debug("PAM: setting PAM_AUSER to \"%s\"", auser);
13 + sshpam_err = pam_set_item(sshpam_handle, PAM_AUSER, auser);
14 + if (sshpam_err != PAM_SUCCESS)
15 + error("PAM: failed to set PAM_AUSER: %s",
16 + pam_strerror(sshpam_handle, sshpam_err));
17 + }
18 +}
19 +#endif
20 +
21 void
22 do_pam_setcred(int init)
23 {
24 --- hpn-ssh-hpn-18.4.2/auth-pam.h.orig
25 +++ hpn-ssh-hpn-18.4.2/auth-pam.h
26 @@ -44,4 +44,9 @@
27 void sshpam_set_maxtries_reached(int);
28 int is_pam_session_open(void);
30 +#ifdef HAVE_PAM_AUSER
31 +void do_pam_set_auser(const char *);
32 +#endif
33 +void do_pam_set_tty(const char *);
34 +
35 #endif /* USE_PAM */
36 --- hpn-ssh-hpn-18.4.2/auth.h.orig
37 +++ hpn-ssh-hpn-18.4.2/auth.h
38 @@ -98,6 +98,9 @@
39 #ifdef PAM_ENHANCEMENT
40 char *authmethod_name;
41 #endif
42 +#ifdef HAVE_PAM_AUSER
43 + char *auser;
44 +#endif
45 };
47 /*
48 --- hpn-ssh-hpn-18.4.2/auth2-hostbased.c.orig
49 +++ hpn-ssh-hpn-18.4.2/auth2-hostbased.c
50 @@ -80,6 +80,9 @@
51 debug("signature:");
52 sshbuf_dump_data(sig, slen, stderr);
53 #endif
54 +#ifdef HAVE_PAM_AUSER
55 + authctxt->auser = NULL;
56 +#endif
57 pktype = sshkey_type_from_name(pkalg);
58 if (pktype == KEY_UNSPEC) {
59 /* this is perfectly legal */
60 @@ -151,6 +154,13 @@
61 sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0)
62 authenticated = 1;
64 +#ifdef HAVE_PAM_AUSER
65 + if (authenticated) {
66 + authctxt->auser = cuser;
67 + cuser = NULL;
68 + }
69 +#endif
70 +
71 auth2_record_key(authctxt, authenticated, key);
72 sshbuf_free(b);
73 done:
74 --- hpn-ssh-hpn-18.4.2/auth2.c.orig
75 +++ hpn-ssh-hpn-18.4.2/auth2.c
76 @@ -427,6 +427,14 @@
77 #endif
78 }
80 +#ifdef HAVE_PAM_AUSER
81 + if (!use_privsep) {
82 + do_pam_set_auser(authctxt->auser);
83 + free(authctxt->auser);
84 + authctxt->auser = NULL;
85 + }
86 +#endif
87 +
88 if (authenticated && options.num_auth_methods != 0) {
90 #if defined(USE_PAM) && defined(PAM_ENHANCEMENT)
91 --- hpn-ssh-hpn-18.4.2/monitor.c.orig
92 +++ hpn-ssh-hpn-18.4.2/monitor.c
93 @@ -391,6 +391,12 @@
94 }
95 }
97 +#if defined(HAVE_PAM_AUSER) && defined(USE_PAM)
98 + if (hostbased_cuser != NULL) {
99 + free(hostbased_cuser);
100 + hostbased_cuser = NULL;
101 + }
102 +#endif
103 if (!authctxt->valid)
104 fatal_f("authenticated invalid user");
105 if (strcmp(auth_method, "unknown") == 0)
106 @@ -594,14 +600,16 @@
107 {
108 /* reset state */
109 free(key_blob);
110 +#if !defined(HAVE_PAM_AUSER) || !defined(USE_PAM)
111 free(hostbased_cuser);
112 + hostbased_cuser = NULL;
113 +#endif
114 free(hostbased_chost);
115 sshauthopt_free(key_opts);
116 key_blob = NULL;
117 key_bloblen = 0;
118 key_blobtype = MM_NOKEY;
119 key_opts = NULL;
120 - hostbased_cuser = NULL;
121 hostbased_chost = NULL;
122 }
124 @@ -1074,6 +1082,11 @@
125 if (!options.use_pam)
126 fatal("%s: PAM not enabled", __func__);
128 +#ifdef HAVE_PAM_AUSER
129 + if (hostbased_cuser != NULL)
130 + do_pam_set_auser(hostbased_cuser);
131 +#endif
132 +
133 ret = do_pam_account();
135 if ((r = sshbuf_put_u32(m, ret)) != 0 ||