summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordtucker <dtucker>2005-07-16 01:33:06 +0000
committerdtucker <dtucker>2005-07-16 01:33:06 +0000
commit9ee4482271c4c8098e3d5554bd0f9089d9351467 (patch)
tree62da4a9a01941a2de7e4f46b530c3a4299fa713c
parent8d995a474d39827f2e8b9c304463f90f9dc51d72 (diff)
downloadopenssh-9ee4482271c4c8098e3d5554bd0f9089d9351467.tar.gz
- (dtucker) [auth-pam.c] Ensure that only one side of the authentication
socketpair stays open on in both the monitor and PAM process. Patch from Joerg Sonnenberger.
-rw-r--r--ChangeLog7
-rw-r--r--auth-pam.c7
2 files changed, 12 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 9ab5e94e..d46f02d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20050716
+ - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
+ socketpair stays open on in both the monitor and PAM process. Patch from
+ Joerg Sonnenberger.
+
20050714
- (dtucker) OpenBSD CVS Sync
- dtucker@cvs.openbsd.org 2005/07/06 09:33:05
@@ -2825,4 +2830,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3845 2005/07/14 07:22:11 dtucker Exp $
+$Id: ChangeLog,v 1.3846 2005/07/16 01:33:06 dtucker Exp $
diff --git a/auth-pam.c b/auth-pam.c
index db80017e..fecba5de 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -47,7 +47,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.123 2005/05/26 09:59:48 dtucker Exp $");
+RCSID("$Id: auth-pam.c,v 1.124 2005/07/16 01:33:06 dtucker Exp $");
#ifdef USE_PAM
#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -157,6 +157,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
void *(*thread_start)(void *), void *arg)
{
pid_t pid;
+ struct pam_ctxt *ctx = arg;
sshpam_thread_status = -1;
switch ((pid = fork())) {
@@ -164,10 +165,14 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
error("fork(): %s", strerror(errno));
return (-1);
case 0:
+ close(ctx->pam_psock);
+ ctx->pam_psock = -1;
thread_start(arg);
_exit(1);
default:
*thread = pid;
+ close(ctx->pam_csock);
+ ctx->pam_csock = -1;
sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
return (0);
}