diff options
author | Damien Miller <djm@mindrot.org> | 2018-04-06 14:11:44 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-04-06 14:11:44 +1000 |
commit | e8f474554e3bda102a797a2fbab0594ccc66f097 (patch) | |
tree | 54699f57d3724e480b2d8fd999a19137d8ad62d1 /auth-pam.c | |
parent | 014ba209cf4c6a159baa30ecebbaddfa97da7100 (diff) | |
download | openssh-git-e8f474554e3bda102a797a2fbab0594ccc66f097.tar.gz |
Expose SSH_AUTH_INFO_0 to PAM auth modules
bz#2408, patch from Radoslaw Ejsmont; ok dtucker@
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 42 |
1 files changed, 22 insertions, 20 deletions
@@ -674,6 +674,27 @@ sshpam_init(Authctxt *authctxt) return (0); } +static void +expose_authinfo(const char *caller) +{ + char *auth_info; + + /* + * Expose authentication information to PAM. + * The environment variable is versioned. Please increment the + * version suffix if the format of session_info changes. + */ + if (sshpam_authctxt->session_info == NULL) + auth_info = xstrdup(""); + else if ((auth_info = sshbuf_dup_string( + sshpam_authctxt->session_info)) == NULL) + fatal("%s: sshbuf_dup_string failed", __func__); + + debug2("%s: auth information in SSH_AUTH_INFO_0", caller); + do_pam_putenv("SSH_AUTH_INFO_0", auth_info); + free(auth_info); +} + static void * sshpam_init_ctx(Authctxt *authctxt) { @@ -694,6 +715,7 @@ sshpam_init_ctx(Authctxt *authctxt) return (NULL); } + expose_authinfo(__func__); ctxt = xcalloc(1, sizeof *ctxt); /* Start the authentication thread */ @@ -935,26 +957,6 @@ finish_pam(void) sshpam_cleanup(); } -static void -expose_authinfo(const char *caller) -{ - char *auth_info; - - /* - * Expose authentication information to PAM. - * The enviornment variable is versioned. Please increment the - * version suffix if the format of session_info changes. - */ - if (sshpam_authctxt->session_info == NULL) - auth_info = xstrdup(""); - else if ((auth_info = sshbuf_dup_string( - sshpam_authctxt->session_info)) == NULL) - fatal("%s: sshbuf_dup_string failed", __func__); - - debug2("%s: auth information in SSH_AUTH_INFO_0", caller); - do_pam_putenv("SSH_AUTH_INFO_0", auth_info); - free(auth_info); -} u_int do_pam_account(void) |