Update cached passwd structure after PAM authentication

This commit is contained in:
Jakub Jelen 2019-03-04 16:33:28 +01:00
parent 3722267e80
commit 1341391c78
4 changed files with 29 additions and 3 deletions

View File

@ -172,8 +172,8 @@ diff -up openssh-7.4p1/session.c.audit-race openssh-7.4p1/session.c
* Performs common processing for the child, such as setting up the * Performs common processing for the child, such as setting up the
* environment, closing extra file descriptors, setting the user and group * environment, closing extra file descriptors, setting the user and group
@@ -1554,13 +1608,6 @@ do_child(Session *s, const char *command @@ -1554,13 +1608,6 @@ do_child(Session *s, const char *command
struct passwd *pw = s->pw; pw = s->pw;
int r = 0; }
- /* remove hostkey from the child's memory */ - /* remove hostkey from the child's memory */
- destroy_sensitive_data(1); - destroy_sensitive_data(1);

View File

@ -1806,7 +1806,7 @@ diff -up openssh-7.6p1/session.c.audit openssh-7.6p1/session.c
if (s->ttyfd != -1) if (s->ttyfd != -1)
ret = do_exec_pty(ssh, s, command); ret = do_exec_pty(ssh, s, command);
@@ -1499,8 +1511,11 @@ do_child(struct ssh *ssh, Session *s, co @@ -1499,8 +1511,11 @@ do_child(struct ssh *ssh, Session *s, co
int r = 0; }
/* remove hostkey from the child's memory */ /* remove hostkey from the child's memory */
- destroy_sensitive_data(); - destroy_sensitive_data();

View File

@ -0,0 +1,23 @@
diff -up openssh-7.4p1/session.c.update-pw openssh-7.4p1/session.c
--- openssh-7.4p1/session.c.update-pw 2019-03-04 14:10:57.287054645 +0100
+++ openssh-7.4p1/session.c 2019-03-04 14:12:39.259997218 +0100
@@ -1522,9 +1522,18 @@ do_child(Session *s, const char *command
char **env;
char *argv[ARGV_MAX];
const char *shell, *shell0;
- struct passwd *pw = s->pw;
+ struct passwd *pw = NULL;
int r = 0;
+ /* Update the users passwd structure after successful login */
+ pw = getpwuid(s->pw->pw_uid);
+ if (pw != NULL) {
+ free(s->pw);
+ s->pw = pw;
+ } else {
+ pw = s->pw;
+ }
+
/* remove hostkey from the child's memory */
destroy_sensitive_data();
packet_clear_keys();

View File

@ -240,6 +240,8 @@ Patch958: openssh-7.9p1-ssh-copy-id.patch
# log when a client requests an interactive session and only sftp is allowed # log when a client requests an interactive session and only sftp is allowed
# https://bugzilla.mindrot.org/show_bug.cgi?id=2960 # https://bugzilla.mindrot.org/show_bug.cgi?id=2960
Patch959: openssh-7.9p1-log-sftp-only-connections.patch Patch959: openssh-7.9p1-log-sftp-only-connections.patch
# Update cached passwd structure after PAM authentication (#1674541)
Patch960: openssh-7.9p1-updated-cached-pw.patch
License: BSD License: BSD
Requires: /sbin/nologin Requires: /sbin/nologin
@ -461,6 +463,7 @@ popd
%patch957 -p1 -b .CVE-2018-20685 %patch957 -p1 -b .CVE-2018-20685
%patch958 -p1 -b .ssh-copy-id %patch958 -p1 -b .ssh-copy-id
%patch959 -p1 -b .log-sftp-only %patch959 -p1 -b .log-sftp-only
%patch960 -p1 -b .update-pw
%patch200 -p1 -b .audit %patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race %patch201 -p1 -b .audit-race