Date: Tue, 24 Jul 2001 18:27:53 +0200 (CEST) From: Volker Stolz <vs@i2.informatik.rwth-aachen.de> To: FreeBSD-gnats-submit@freebsd.org Cc: Volker Stolz <vs@i2.informatik.rwth-aachen.de> Subject: bin/29193: [PATCH] /usr/bin/login.c doesn´t save variables from pam_open_session Message-ID: <200107241627.f6OGRrI00740@monster.ikea.net>
next in thread | raw e-mail | index | archive | help
>Number: 29193 >Category: bin >Synopsis: [PATCH] /usr/bin/login.c doesn´t save variables from pam_open_session >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 24 09:30:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Volker Stolz >Release: FreeBSD 4.3-STABLE i386 >Organization: Lehrstuhl für Informatik II >Environment: System: FreeBSD monster.ikea.net 4.3-STABLE FreeBSD 4.3-STABLE #22: Sun Jul 15 12:26:32 CEST 2001 vs@monster.ikea.net:/opt/obj/opt/src/sys/MONSTER i386 >Description: The recent changes to login.c still don´t take care of variables set by pam_open_session. The pam-environment is copied too early. However, you will only note the differences if you´re using pam extensively, e.g. /usr/ports/security/pam_ssh. [The default pam_ssh plugin in the base system seems to be a NOP] >How-To-Repeat: Install /usr/ports/security/pam_ssh, setup /etc/pam.conf (take care, the port installs the plugin in /usr/*local*/lib!). You won´t get the SSH-variables set after logging in on the console until you apply the patch. >Fix: --- login.orig Fri Jul 20 11:05:23 2001 +++ login.c Tue Jul 24 18:16:07 2001 @@ -575,18 +575,6 @@ if (!pflag) environ = envinit; -#ifdef USE_PAM - /* - * Add any environmental variables that the - * PAM modules may have set. - */ - if (pamh) { - environ_pam = pam_getenvlist(pamh); - if (environ_pam) - export_pam_environment(); - } -#endif /* USE_PAM */ - /* * PAM modules might add supplementary groups during pam_setcred(). */ @@ -605,6 +593,15 @@ syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, e)); } + + /* + * Add any environmental variables that the + * PAM modules may have set. + * Call *after* opening session! + */ + environ_pam = pam_getenvlist(pamh); + if (environ_pam) + export_pam_environment(); /* * We must fork() before setuid() because we need to call >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107241627.f6OGRrI00740>