Mailing List Archive

http://bugzilla.mindrot.org/show_bug.cgi?id=564





------- Additional Comments From djm@mindrot.org 2003-08-24 22:53 -------
Created an attachment (id=369)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=369&action=view)
Perform PAM account checks

This patch adds PAM account checks after authentication. Tested with passwd and
pubkey auth, protos 1 and 2, with and without privsep.

Doesn't make PAM chauthtok work - that is tricky with privsep.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=564

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=564





------- Additional Comments From dtucker@zip.com.au 2003-08-25 11:42 -------
I've looked at patch id #369.

This part is useless:

diff -u -r1.246 session.c
--- session.c 13 Aug 2003 10:31:05 -0000 1.246
+++ session.c 24 Aug 2003 12:44:32 -0000
@@ -719,6 +719,11 @@
if (options.use_pam && is_pam_password_change_required()) {
print_pam_messages();
do_pam_chauthtok();
+
+ /* Permit forwardings if we succeed here */
+ no_port_forwarding_flag &= ~2;
+ no_agent_forwarding_flag &= ~2;
+ no_x11_forwarding_flag &= ~2;
}
#endif

By the time that runs, you are in the process that later execs the user's shell.
The forwarding flags you need to reset are in its parent.

The patch regress tested OK on Redhat 8.

Something funny is wrong on HP-UX & Solaris (dynamic forwarding tests fail, not
sure why yet).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=564

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #369| |ok
Status| |



------- Additional Comments From dtucker@zip.com.au 2003-08-25 13:02 -------
(From update of attachment 369)
The problem with Solaris and HP-UX was with the tests, the code itself is fine.

Passed regression on Solaris 8 & HP-UX 11.00.

ok dtucker@, but the code in session.c should be removed or commented that it
can't work.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=564





------- Additional Comments From dtucker@zip.com.au 2003-08-25 13:02 -------
(From update of attachment 369)
The problem with Solaris and HP-UX was with the tests, the code itself is fine.

Passed regression on Solaris 8 & HP-UX 11.00.

ok dtucker@, but the code in session.c should be removed or commented that it
can't work.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=564

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED



------- Additional Comments From djm@mindrot.org 2003-08-25 13:09 -------
Applied



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.