Update cached passwd structure after PAM authentication
This commit is contained in:
parent
3722267e80
commit
1341391c78
@ -172,8 +172,8 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
|
||||
* Performs common processing for the child, such as setting up the
|
||||
* environment, closing extra file descriptors, setting the user and group
|
||||
@@ -1554,13 +1608,6 @@ do_child(Session *s, const char *command
|
||||
struct passwd *pw = s->pw;
|
||||
int r = 0;
|
||||
pw = s->pw;
|
||||
}
|
||||
|
||||
- /* remove hostkey from the child's memory */
|
||||
- destroy_sensitive_data(1);
|
||||
|
@ -1806,7 +1806,7 @@ diff -up openssh-7.6p1/session.c.audit openssh-7.6p1/session.c
|
||||
if (s->ttyfd != -1)
|
||||
ret = do_exec_pty(ssh, s, command);
|
||||
@@ -1499,8 +1511,11 @@ do_child(struct ssh *ssh, Session *s, co
|
||||
int r = 0;
|
||||
}
|
||||
|
||||
/* remove hostkey from the child's memory */
|
||||
- destroy_sensitive_data();
|
||||
|
23
openssh-7.9p1-updated-cached-pw.patch
Normal file
23
openssh-7.9p1-updated-cached-pw.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff -up openssh-7.4p1/session.c.update-pw openssh-7.4p1/session.c
|
||||
--- openssh-7.4p1/session.c.update-pw 2019-03-04 14:10:57.287054645 +0100
|
||||
+++ openssh-7.4p1/session.c 2019-03-04 14:12:39.259997218 +0100
|
||||
@@ -1522,9 +1522,18 @@ do_child(Session *s, const char *command
|
||||
char **env;
|
||||
char *argv[ARGV_MAX];
|
||||
const char *shell, *shell0;
|
||||
- struct passwd *pw = s->pw;
|
||||
+ struct passwd *pw = NULL;
|
||||
int r = 0;
|
||||
|
||||
+ /* Update the users passwd structure after successful login */
|
||||
+ pw = getpwuid(s->pw->pw_uid);
|
||||
+ if (pw != NULL) {
|
||||
+ free(s->pw);
|
||||
+ s->pw = pw;
|
||||
+ } else {
|
||||
+ pw = s->pw;
|
||||
+ }
|
||||
+
|
||||
/* remove hostkey from the child's memory */
|
||||
destroy_sensitive_data();
|
||||
packet_clear_keys();
|
@ -240,6 +240,8 @@ Patch958: openssh-7.9p1-ssh-copy-id.patch
|
||||
# log when a client requests an interactive session and only sftp is allowed
|
||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2960
|
||||
Patch959: openssh-7.9p1-log-sftp-only-connections.patch
|
||||
# Update cached passwd structure after PAM authentication (#1674541)
|
||||
Patch960: openssh-7.9p1-updated-cached-pw.patch
|
||||
|
||||
License: BSD
|
||||
Requires: /sbin/nologin
|
||||
@ -461,6 +463,7 @@ popd
|
||||
%patch957 -p1 -b .CVE-2018-20685
|
||||
%patch958 -p1 -b .ssh-copy-id
|
||||
%patch959 -p1 -b .log-sftp-only
|
||||
%patch960 -p1 -b .update-pw
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch201 -p1 -b .audit-race
|
||||
|
Loading…
Reference in New Issue
Block a user