From owner-freebsd-bugs Tue Jul 24 9:30:28 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 82C4837B409 for ; Tue, 24 Jul 2001 09:30:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f6OGU0292106; Tue, 24 Jul 2001 09:30:00 -0700 (PDT) (envelope-from gnats) Received: from mailout02.sul.t-online.de (mailout02.sul.t-online.com [194.25.134.17]) by hub.freebsd.org (Postfix) with ESMTP id 4E99E37B40A for ; Tue, 24 Jul 2001 09:28:07 -0700 (PDT) (envelope-from stolz@i2.informatik.rwth-aachen.de) Received: from fwd06.sul.t-online.de by mailout02.sul.t-online.de with smtp id 15P52U-0003S9-0C; Tue, 24 Jul 2001 18:28:06 +0200 Received: from theater.dyndns.org (320068889749-0001@[62.226.0.80]) by fmrl06.sul.t-online.com with esmtp id 15P52K-155vs0C; Tue, 24 Jul 2001 18:27:56 +0200 Received: from monster.ikea.net (monster.ikea.net [192.168.2.3]) by theater.dyndns.org (8.11.4/8.11.3) with ESMTP id f6OGRnm03251; Tue, 24 Jul 2001 18:27:49 +0200 (CEST) (envelope-from stolz@i2.informatik.rwth-aachen.de) Received: (from vs@localhost) by monster.ikea.net (8.11.4/8.11.1) id f6OGRrI00740; Tue, 24 Jul 2001 18:27:53 +0200 (CEST) (envelope-from vs) Message-Id: <200107241627.f6OGRrI00740@monster.ikea.net> Date: Tue, 24 Jul 2001 18:27:53 +0200 (CEST) From: Volker Stolz To: FreeBSD-gnats-submit@freebsd.org Cc: Volker Stolz X-Send-Pr-Version: 3.113 Subject: bin/29193: [PATCH] /usr/bin/login.c doesn´t save variables from pam_open_session Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 29193 >Category: bin >Synopsis: [PATCH] /usr/bin/login.c doesn´t save variables from pam_open_session >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jul 24 09:30:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Volker Stolz >Release: FreeBSD 4.3-STABLE i386 >Organization: Lehrstuhl für Informatik II >Environment: System: FreeBSD monster.ikea.net 4.3-STABLE FreeBSD 4.3-STABLE #22: Sun Jul 15 12:26:32 CEST 2001 vs@monster.ikea.net:/opt/obj/opt/src/sys/MONSTER i386 >Description: The recent changes to login.c still don´t take care of variables set by pam_open_session. The pam-environment is copied too early. However, you will only note the differences if you´re using pam extensively, e.g. /usr/ports/security/pam_ssh. [The default pam_ssh plugin in the base system seems to be a NOP] >How-To-Repeat: Install /usr/ports/security/pam_ssh, setup /etc/pam.conf (take care, the port installs the plugin in /usr/*local*/lib!). You won´t get the SSH-variables set after logging in on the console until you apply the patch. >Fix: --- login.orig Fri Jul 20 11:05:23 2001 +++ login.c Tue Jul 24 18:16:07 2001 @@ -575,18 +575,6 @@ if (!pflag) environ = envinit; -#ifdef USE_PAM - /* - * Add any environmental variables that the - * PAM modules may have set. - */ - if (pamh) { - environ_pam = pam_getenvlist(pamh); - if (environ_pam) - export_pam_environment(); - } -#endif /* USE_PAM */ - /* * PAM modules might add supplementary groups during pam_setcred(). */ @@ -605,6 +593,15 @@ syslog(LOG_ERR, "pam_setcred: %s", pam_strerror(pamh, e)); } + + /* + * Add any environmental variables that the + * PAM modules may have set. + * Call *after* opening session! + */ + environ_pam = pam_getenvlist(pamh); + if (environ_pam) + export_pam_environment(); /* * We must fork() before setuid() because we need to call >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message