forked from rpms/openssh
Update cached passwd structure after PAM authentication
This commit is contained in:
parent
3722267e80
commit
1341391c78
@ -172,8 +172,8 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
|
|||||||
* Performs common processing for the child, such as setting up the
|
* Performs common processing for the child, such as setting up the
|
||||||
* environment, closing extra file descriptors, setting the user and group
|
* environment, closing extra file descriptors, setting the user and group
|
||||||
@@ -1554,13 +1608,6 @@ do_child(Session *s, const char *command
|
@@ -1554,13 +1608,6 @@ do_child(Session *s, const char *command
|
||||||
struct passwd *pw = s->pw;
|
pw = s->pw;
|
||||||
int r = 0;
|
}
|
||||||
|
|
||||||
- /* remove hostkey from the child's memory */
|
- /* remove hostkey from the child's memory */
|
||||||
- destroy_sensitive_data(1);
|
- destroy_sensitive_data(1);
|
||||||
|
@ -1806,7 +1806,7 @@ diff -up openssh-7.6p1/session.c.audit openssh-7.6p1/session.c
|
|||||||
if (s->ttyfd != -1)
|
if (s->ttyfd != -1)
|
||||||
ret = do_exec_pty(ssh, s, command);
|
ret = do_exec_pty(ssh, s, command);
|
||||||
@@ -1499,8 +1511,11 @@ do_child(struct ssh *ssh, Session *s, co
|
@@ -1499,8 +1511,11 @@ do_child(struct ssh *ssh, Session *s, co
|
||||||
int r = 0;
|
}
|
||||||
|
|
||||||
/* remove hostkey from the child's memory */
|
/* remove hostkey from the child's memory */
|
||||||
- destroy_sensitive_data();
|
- destroy_sensitive_data();
|
||||||
|
23
openssh-7.9p1-updated-cached-pw.patch
Normal file
23
openssh-7.9p1-updated-cached-pw.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
diff -up openssh-7.4p1/session.c.update-pw openssh-7.4p1/session.c
|
||||||
|
--- openssh-7.4p1/session.c.update-pw 2019-03-04 14:10:57.287054645 +0100
|
||||||
|
+++ openssh-7.4p1/session.c 2019-03-04 14:12:39.259997218 +0100
|
||||||
|
@@ -1522,9 +1522,18 @@ do_child(Session *s, const char *command
|
||||||
|
char **env;
|
||||||
|
char *argv[ARGV_MAX];
|
||||||
|
const char *shell, *shell0;
|
||||||
|
- struct passwd *pw = s->pw;
|
||||||
|
+ struct passwd *pw = NULL;
|
||||||
|
int r = 0;
|
||||||
|
|
||||||
|
+ /* Update the users passwd structure after successful login */
|
||||||
|
+ pw = getpwuid(s->pw->pw_uid);
|
||||||
|
+ if (pw != NULL) {
|
||||||
|
+ free(s->pw);
|
||||||
|
+ s->pw = pw;
|
||||||
|
+ } else {
|
||||||
|
+ pw = s->pw;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* remove hostkey from the child's memory */
|
||||||
|
destroy_sensitive_data();
|
||||||
|
packet_clear_keys();
|
@ -240,6 +240,8 @@ Patch958: openssh-7.9p1-ssh-copy-id.patch
|
|||||||
# log when a client requests an interactive session and only sftp is allowed
|
# log when a client requests an interactive session and only sftp is allowed
|
||||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2960
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2960
|
||||||
Patch959: openssh-7.9p1-log-sftp-only-connections.patch
|
Patch959: openssh-7.9p1-log-sftp-only-connections.patch
|
||||||
|
# Update cached passwd structure after PAM authentication (#1674541)
|
||||||
|
Patch960: openssh-7.9p1-updated-cached-pw.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Requires: /sbin/nologin
|
Requires: /sbin/nologin
|
||||||
@ -461,6 +463,7 @@ popd
|
|||||||
%patch957 -p1 -b .CVE-2018-20685
|
%patch957 -p1 -b .CVE-2018-20685
|
||||||
%patch958 -p1 -b .ssh-copy-id
|
%patch958 -p1 -b .ssh-copy-id
|
||||||
%patch959 -p1 -b .log-sftp-only
|
%patch959 -p1 -b .log-sftp-only
|
||||||
|
%patch960 -p1 -b .update-pw
|
||||||
|
|
||||||
%patch200 -p1 -b .audit
|
%patch200 -p1 -b .audit
|
||||||
%patch201 -p1 -b .audit-race
|
%patch201 -p1 -b .audit-race
|
||||||
|
Loading…
Reference in New Issue
Block a user