Date: Thu, 24 Aug 2000 10:51:41 -0500 (EST) From: ajk@iu.edu To: FreeBSD-gnats-submit@freebsd.org Cc: XFree86@XFree86.org Subject: ports/20822: [PATCH] PAM support broken in XDM Message-ID: <200008241551.KAA42506@kobayashi.uits.iupui.edu>
next in thread | raw e-mail | index | archive | help
>Number: 20822 >Category: ports >Synopsis: [PATCH] PAM support broken in XDM >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Aug 24 09:00:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Andrew J. Korty >Release: FreeBSD 4.1-RELEASE i386 >Organization: Indiana University >Environment: XFree86-4 port >Description: XDM fails to open and close the PAM session layer. The function thepamh(), which is intended to save the PAM handle in a static variable, returns the handle itself rather than the address of that handle. Therefore, when Verify() calls pam_start() with the address of the handle, the handle itself is changed. Since thepamh() only stores the pam handle itself, the change is not saved, so StartClient() and SessionExit() are given NULL handles. >How-To-Repeat: Build XDM with PAM support. Configure a PAM module that uses the session layer (e.g., pam_ssh). The session layer will not execute. >Fix: Make thepamh() return the address of the PAM handle. --- programs/xdm/dm.h.orig Wed Jun 14 14:43:31 2000 +++ programs/xdm/dm.h Thu Aug 24 09:34:50 2000 @@ -417,7 +417,7 @@ /* in session.c */ #ifdef USE_PAM -extern pam_handle_t *thepamh(void); +extern pam_handle_t **thepamh(void); #endif extern char **defaultEnv (void); extern char **systemEnv (struct display *d, char *user, char *home); --- programs/xdm/greeter/verify.c.orig Wed Jun 14 14:43:33 2000 +++ programs/xdm/greeter/verify.c Thu Aug 24 09:34:50 2000 @@ -163,7 +163,7 @@ { struct passwd *p; #ifdef USE_PAM - pam_handle_t *pamh = thepamh(); + pam_handle_t **pamh = thepamh(); #else #ifdef USESHADOW struct spwd *sp; @@ -312,19 +312,19 @@ #else /* USE_PAM */ #define PAM_BAIL \ - if (pam_error != PAM_SUCCESS) { pam_end(pamh, 0); return 0; } + if (pam_error != PAM_SUCCESS) { pam_end(*pamh, 0); return 0; } PAM_password = greet->password; - pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh); + pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, pamh); PAM_BAIL; - pam_error = pam_set_item(pamh, PAM_TTY, d->name); + pam_error = pam_set_item(*pamh, PAM_TTY, d->name); PAM_BAIL; - pam_error = pam_authenticate(pamh, 0); + pam_error = pam_authenticate(*pamh, 0); PAM_BAIL; - pam_error = pam_acct_mgmt(pamh, 0); + pam_error = pam_acct_mgmt(*pamh, 0); /* really should do password changing, but it doesn't fit well */ PAM_BAIL; - pam_error = pam_setcred(pamh, 0); + pam_error = pam_setcred(*pamh, 0); PAM_BAIL; #undef PAM_BAIL #endif /* USE_PAM */ --- programs/xdm/session.c.orig Sat Jun 17 13:48:23 2000 +++ programs/xdm/session.c Thu Aug 24 10:15:18 2000 @@ -97,10 +97,10 @@ extern char *crypt(CRYPT_ARGS); #endif #ifdef USE_PAM -pam_handle_t *thepamh() +pam_handle_t **thepamh() { static pam_handle_t *pamh = NULL; - return pamh; + return &pamh; } #endif @@ -468,7 +468,7 @@ if (removeAuth) { #ifdef USE_PAM - pam_handle_t *pamh = thepamh(); + pam_handle_t **pamh = thepamh(); #endif setgid (verify.gid); setuid (verify.uid); @@ -498,11 +498,11 @@ } #endif /* K5AUTH */ #ifdef USE_PAM - if (pamh) { + if (pamh && *pamh) { /* shutdown PAM session */ - pam_close_session(pamh, 0); - pam_end(pamh, PAM_SUCCESS); - pamh = NULL; + pam_close_session(*pamh, 0); + pam_end(*pamh, PAM_SUCCESS); + *pamh = NULL; } #endif } @@ -525,7 +525,7 @@ struct passwd* pwd; #endif #ifdef USE_PAM - pam_handle_t *pamh = thepamh(); + pam_handle_t **pamh = thepamh(); #endif if (verify->argv) { @@ -540,7 +540,7 @@ Debug ("\n"); } #ifdef USE_PAM - if (pamh) pam_open_session(pamh, 0); + if (pamh && *pamh) pam_open_session(*pamh, 0); #endif switch (pid = fork ()) { case 0: @@ -554,9 +554,9 @@ #ifdef USE_PAM /* pass in environment variables set by libpam and modules it called */ - if (pamh) { + if (pamh && *pamh) { long i; - char **pam_env = pam_getenvlist(pamh); + char **pam_env = pam_getenvlist(*pamh); for(i = 0; pam_env && pam_env[i]; i++) { verify->userEnviron = putEnv(pam_env[i], verify->userEnviron); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008241551.KAA42506>