and Linux-PAM. Based on report and fix from Andrew Morgan
<morgan@transmeta.com>
Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes
Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
Andrew McGill <andrewm@datrix.co.za> - SCO fixes
Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes
Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support
Andrew McGill <andrewm@datrix.co.za> - SCO fixes
+Andrew Morgan <morgan@transmeta.com> - PAM bugfixes
Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
Andy Sloane <andy@guildsoftware.com> - bugfixes
Aran Cox <acox@cv.telegroup.com> - SCO bugfixes
Andrew Stribblehill <a.d.stribblehill@durham.ac.uk> - Bugfixes
Andy Sloane <andy@guildsoftware.com> - bugfixes
Aran Cox <acox@cv.telegroup.com> - SCO bugfixes
+20001220
+ - (djm) Workaround PAM inconsistencies between Solaris derived PAM code
+ and Linux-PAM. Based on report and fix from Andrew Morgan
+ <morgan@transmeta.com>
+
20001218
- (stevesk) rsa.c: entropy.h not needed.
- (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
20001218
- (stevesk) rsa.c: entropy.h not needed.
- (bal) split CFLAGS into CFLAGS and CPPFLAGS in configure.in and Makefile.
/* to pam_strerror */
#undef HAVE_OLD_PAM
/* to pam_strerror */
#undef HAVE_OLD_PAM
+/* Define if you are using Solaris-derived PAM which passes pam_messages */
+/* to the conversation function with an extra level of indirection */
+#undef PAM_SUN_CODEBASE
+
/* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY
/* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY
return PAM_CONV_ERR;
for (count = 0; count < num_msg; count++) {
return PAM_CONV_ERR;
for (count = 0; count < num_msg; count++) {
- switch ((*msg)[count].msg_style) {
+ switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
case PAM_PROMPT_ECHO_ON:
if (pamstate == INITIAL_LOGIN) {
free(reply);
return PAM_CONV_ERR;
} else {
case PAM_PROMPT_ECHO_ON:
if (pamstate == INITIAL_LOGIN) {
free(reply);
return PAM_CONV_ERR;
} else {
- fputs((*msg)[count].msg, stderr);
+ fputs(PAM_MSG_MEMBER(msg, count, msg), stderr);
fgets(buf, sizeof(buf), stdin);
reply[count].resp = xstrdup(buf);
reply[count].resp_retcode = PAM_SUCCESS;
fgets(buf, sizeof(buf), stdin);
reply[count].resp = xstrdup(buf);
reply[count].resp_retcode = PAM_SUCCESS;
reply[count].resp = xstrdup(pampasswd);
} else {
reply[count].resp =
reply[count].resp = xstrdup(pampasswd);
} else {
reply[count].resp =
- xstrdup(read_passphrase((*msg)[count].msg, 1));
+ xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1));
}
reply[count].resp_retcode = PAM_SUCCESS;
break;
}
reply[count].resp_retcode = PAM_SUCCESS;
break;
case PAM_TEXT_INFO:
if ((*msg)[count].msg != NULL) {
if (pamstate == INITIAL_LOGIN)
case PAM_TEXT_INFO:
if ((*msg)[count].msg != NULL) {
if (pamstate == INITIAL_LOGIN)
- pam_msg_cat((*msg)[count].msg);
+ pam_msg_cat(PAM_MSG_MEMBER(msg, count, msg));
- fputs((*msg)[count].msg, stderr);
+ fputs(PAM_MSG_MEMBER(msg, count, msg), stderr);
packet_put_cstring(""); /* Instructions */
packet_put_cstring(""); /* Language */
for (i = 0, j = 0; i < num_msg; i++) {
packet_put_cstring(""); /* Instructions */
packet_put_cstring(""); /* Language */
for (i = 0, j = 0; i < num_msg; i++) {
- if(((*msg)[i].msg_style == PAM_PROMPT_ECHO_ON) ||
- ((*msg)[i].msg_style == PAM_PROMPT_ECHO_OFF) ||
+ if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) ||
+ (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) ||
(i == num_msg - 1)) {
j++;
}
(i == num_msg - 1)) {
j++;
}
packet_put_int(j); /* Number of prompts. */
context_pam2.num_expected = j;
for (i = 0, j = 0; i < num_msg; i++) {
packet_put_int(j); /* Number of prompts. */
context_pam2.num_expected = j;
for (i = 0, j = 0; i < num_msg; i++) {
- switch((*msg)[i].msg_style) {
+ switch(PAM_MSG_MEMBER(msg, i, msg_style)) {
case PAM_PROMPT_ECHO_ON:
echo = 1;
break;
case PAM_PROMPT_ECHO_ON:
echo = 1;
break;
- tmp = xmalloc(strlen(text) + strlen((*msg)[i].msg) + 2);
+ tmp = xmalloc(strlen(text) + strlen(PAM_MSG_MEMBER(msg, i, msg)) + 2);
strcpy(tmp, text);
strcat(tmp, "\n");
strcpy(tmp, text);
strcat(tmp, "\n");
- strcat(tmp, (*msg)[i].msg);
+ strcat(tmp, PAM_MSG_MEMBER(msg, i, msg));
xfree(text);
text = tmp;
tmp = NULL;
} else {
xfree(text);
text = tmp;
tmp = NULL;
} else {
- text = xstrdup((*msg)[i].msg);
+ text = xstrdup(PAM_MSG_MEMBER(msg, i, msg));
- if(((*msg)[i].msg_style == PAM_PROMPT_ECHO_ON) ||
- ((*msg)[i].msg_style == PAM_PROMPT_ECHO_OFF) ||
+ if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) ||
+ (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) ||
(i == num_msg - 1)) {
debug("sending prompt ssh-%d(pam-%d) = \"%s\"",
j, i, text);
(i == num_msg - 1)) {
debug("sending prompt ssh-%d(pam-%d) = \"%s\"",
j, i, text);
*-*-hpux11*)
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE"
IPADDR_IN_DISPLAY=yes
*-*-hpux11*)
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE"
IPADDR_IN_DISPLAY=yes
+ AC_DEFINE(PAM_SUN_CODEBASE)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib"
need_dash_r=1
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib -L/usr/ucblib -R/usr/ucblib"
need_dash_r=1
+ AC_DEFINE(PAM_SUN_CODEBASE)
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
AC_CHECK_FUNCS(getpwanam)
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
AC_CHECK_FUNCS(getpwanam)
+ AC_DEFINE(PAM_SUN_CODEBASE)
conf_utmp_location=/etc/utmp
conf_wtmp_location=/var/adm/wtmp
conf_lastlog_location=/var/adm/lastlog
conf_utmp_location=/etc/utmp
conf_wtmp_location=/var/adm/wtmp
conf_lastlog_location=/var/adm/lastlog
+if test "x$PAM_MSG" = "xyes" ; then
+ echo "PAM is enabled. You may need to install a PAM control file for sshd,"
+ echo "otherwise password authentication may fail. Example PAM control files"
+ echo "can be found in the contrib/ subdirectory"
+ echo ""
+fi
+
if test ! -z "$BUILTIN_RNG" ; then
echo "WARNING: you are using the builtin random number collection service."
echo "Please read WARNING.RNG and request that your OS vendor includes"
if test ! -z "$BUILTIN_RNG" ; then
echo "WARNING: you are using the builtin random number collection service."
echo "Please read WARNING.RNG and request that your OS vendor includes"
# define PAM_STRERROR(a,b) pam_strerror((a),(b))
#endif
# define PAM_STRERROR(a,b) pam_strerror((a),(b))
#endif
+#ifdef PAM_SUN_CODEBASE
+# define PAM_MSG_MEMBER(msg, n, member) ((*(msg))[(n)].member)
+#else
+# define PAM_MSG_MEMBER(msg, n, member) ((msg)[(n)]->member)
+#endif
+
#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO)
# undef HAVE_GETADDRINFO
#endif /* defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) */
#if defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO)
# undef HAVE_GETADDRINFO
#endif /* defined(BROKEN_GETADDRINFO) && defined(HAVE_GETADDRINFO) */