summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-12-07 14:56:27 +1100
committerDamien Miller <djm@mindrot.org>1999-12-07 14:56:27 +1100
commiteabf3417bc73ca9546a3ed489cd809ffdf303853 (patch)
treea3dd5286d2790bdb8e586f9a8e272633251c31e4
parent3bc14dde057f5d1faee1df1d29a6520063102b77 (diff)
- Fix PAM account and session being called multiple times. Problem
reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
-rw-r--r--ChangeLog2
-rw-r--r--sshd.c43
2 files changed, 32 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 476d8630..f475f188 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
- sshd Redhat init script patch from Jim Knoble <jmknoble@pobox.com>
fixes compatability with 4.x and 5.x
- Fixed default SSH_ASKPASS
+ - Fix PAM account and session being called multiple times. Problem
+ reported by Adrian Baugh <adrian@merlin.keble.ox.ac.uk>
19991204
- Small cleanup of PAM code in sshd.c
diff --git a/sshd.c b/sshd.c
index fa9eab74..60d34d8b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.33 1999/12/04 09:24:48 damien Exp $");
+RCSID("$Id: sshd.c,v 1.34 1999/12/07 03:56:27 damien Exp $");
#include "xmalloc.h"
#include "rsa.h"
@@ -1551,24 +1551,41 @@ do_authloop(struct passwd * pw)
get_remote_port(),
user);
-#ifdef HAVE_LIBPAM
- do_pam_account_and_session(pw->pw_name, client_user);
+#ifndef HAVE_LIBPAM
+ if (authenticated)
+ return;
- /* Clean up */
- if (client_user != NULL)
- xfree(client_user);
+ if (attempt > AUTH_FAIL_MAX)
+ packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+#else /* HAVE_LIBPAM */
+ if (authenticated) {
+ do_pam_account_and_session(pw->pw_name, client_user);
- if (password != NULL) {
- memset(password, 0, strlen(password));
- xfree(password);
- }
-#endif /* HAVE_LIBPAM */
+ /* Clean up */
+ if (client_user != NULL)
+ xfree(client_user);
- if (authenticated)
+ if (password != NULL) {
+ memset(password, 0, strlen(password));
+ xfree(password);
+ }
+
return;
+ }
- if (attempt > AUTH_FAIL_MAX)
+ if (attempt > AUTH_FAIL_MAX) {
+ /* Clean up */
+ if (client_user != NULL)
+ xfree(client_user);
+
+ if (password != NULL) {
+ memset(password, 0, strlen(password));
+ xfree(password);
+ }
+
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
+ }
+#endif /* HAVE_LIBPAM */
/* Send a message indicating that the authentication attempt failed. */
packet_start(SSH_SMSG_FAILURE);