pam_ssh.c revision 1.8.2.4
1 1.8.2.4 tron /* $NetBSD: pam_ssh.c,v 1.8.2.4 2007/01/05 14:14:53 tron Exp $ */ 2 1.2 christos 3 1.1 christos /*- 4 1.1 christos * Copyright (c) 2003 Networks Associates Technology, Inc. 5 1.1 christos * All rights reserved. 6 1.1 christos * 7 1.1 christos * This software was developed for the FreeBSD Project by ThinkSec AS and 8 1.1 christos * NAI Labs, the Security Research Division of Network Associates, Inc. 9 1.1 christos * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 10 1.1 christos * DARPA CHATS research program. 11 1.1 christos * 12 1.1 christos * Redistribution and use in source and binary forms, with or without 13 1.1 christos * modification, are permitted provided that the following conditions 14 1.1 christos * are met: 15 1.1 christos * 1. Redistributions of source code must retain the above copyright 16 1.1 christos * notice, this list of conditions and the following disclaimer. 17 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 18 1.1 christos * notice, this list of conditions and the following disclaimer in the 19 1.1 christos * documentation and/or other materials provided with the distribution. 20 1.1 christos * 3. The name of the author may not be used to endorse or promote 21 1.1 christos * products derived from this software without specific prior written 22 1.1 christos * permission. 23 1.1 christos * 24 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 25 1.1 christos * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 1.1 christos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 1.1 christos * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 1.1 christos * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 1.1 christos * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 1.1 christos * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 1.1 christos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 1.1 christos * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 1.1 christos * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 1.1 christos * SUCH DAMAGE. 35 1.1 christos */ 36 1.1 christos 37 1.1 christos #include <sys/cdefs.h> 38 1.3 lukem #ifdef __FreeBSD__ 39 1.1 christos __FBSDID("$FreeBSD: src/lib/libpam/modules/pam_ssh/pam_ssh.c,v 1.40 2004/02/10 10:13:21 des Exp $"); 40 1.2 christos #else 41 1.8.2.4 tron __RCSID("$NetBSD: pam_ssh.c,v 1.8.2.4 2007/01/05 14:14:53 tron Exp $"); 42 1.2 christos #endif 43 1.1 christos 44 1.1 christos #include <sys/param.h> 45 1.1 christos #include <sys/wait.h> 46 1.1 christos 47 1.1 christos #include <errno.h> 48 1.1 christos #include <fcntl.h> 49 1.1 christos #include <paths.h> 50 1.1 christos #include <pwd.h> 51 1.1 christos #include <signal.h> 52 1.1 christos #include <stdio.h> 53 1.1 christos #include <string.h> 54 1.1 christos #include <unistd.h> 55 1.1 christos 56 1.1 christos #define PAM_SM_AUTH 57 1.1 christos #define PAM_SM_SESSION 58 1.1 christos 59 1.1 christos #include <security/pam_appl.h> 60 1.1 christos #include <security/pam_modules.h> 61 1.1 christos #include <security/openpam.h> 62 1.1 christos 63 1.1 christos #include <openssl/evp.h> 64 1.1 christos 65 1.1 christos #include "key.h" 66 1.8.2.4 tron #include "buffer.h" 67 1.1 christos #include "authfd.h" 68 1.1 christos #include "authfile.h" 69 1.1 christos 70 1.1 christos extern char **environ; 71 1.1 christos 72 1.1 christos struct pam_ssh_key { 73 1.1 christos Key *key; 74 1.1 christos char *comment; 75 1.1 christos }; 76 1.1 christos 77 1.1 christos static const char *pam_ssh_prompt = "SSH passphrase: "; 78 1.1 christos static const char *pam_ssh_have_keys = "pam_ssh_have_keys"; 79 1.1 christos 80 1.1 christos static const char *pam_ssh_keyfiles[] = { 81 1.1 christos ".ssh/identity", /* SSH1 RSA key */ 82 1.1 christos ".ssh/id_rsa", /* SSH2 RSA key */ 83 1.1 christos ".ssh/id_dsa", /* SSH2 DSA key */ 84 1.1 christos NULL 85 1.1 christos }; 86 1.1 christos 87 1.1 christos static const char *pam_ssh_agent = "/usr/bin/ssh-agent"; 88 1.2 christos static const char *pam_ssh_agent_argv[] = { "ssh_agent", "-s", NULL }; 89 1.2 christos static const char *pam_ssh_agent_envp[] = { NULL }; 90 1.1 christos 91 1.1 christos /* 92 1.1 christos * Attempts to load a private key from the specified file in the specified 93 1.1 christos * directory, using the specified passphrase. If successful, returns a 94 1.1 christos * struct pam_ssh_key containing the key and its comment. 95 1.1 christos */ 96 1.1 christos static struct pam_ssh_key * 97 1.7 christos pam_ssh_load_key(struct passwd *pwd, const char *kfn, const char *passphrase) 98 1.1 christos { 99 1.1 christos struct pam_ssh_key *psk; 100 1.1 christos char fn[PATH_MAX]; 101 1.1 christos char *comment; 102 1.1 christos Key *key; 103 1.1 christos 104 1.7 christos if (snprintf(fn, sizeof(fn), "%s/%s", pwd->pw_dir, kfn) > 105 1.7 christos (int)sizeof(fn)) 106 1.1 christos return (NULL); 107 1.1 christos comment = NULL; 108 1.1 christos key = key_load_private(fn, passphrase, &comment); 109 1.1 christos if (key == NULL) { 110 1.1 christos openpam_log(PAM_LOG_DEBUG, "failed to load key from %s\n", fn); 111 1.8.2.4 tron if (comment != NULL) 112 1.8.2.4 tron free(comment); 113 1.1 christos return (NULL); 114 1.1 christos } 115 1.1 christos 116 1.1 christos openpam_log(PAM_LOG_DEBUG, "loaded '%s' from %s\n", comment, fn); 117 1.1 christos if ((psk = malloc(sizeof(*psk))) == NULL) { 118 1.1 christos key_free(key); 119 1.1 christos free(comment); 120 1.1 christos return (NULL); 121 1.1 christos } 122 1.1 christos psk->key = key; 123 1.1 christos psk->comment = comment; 124 1.1 christos return (psk); 125 1.1 christos } 126 1.1 christos 127 1.1 christos /* 128 1.1 christos * Wipes a private key and frees the associated resources. 129 1.1 christos */ 130 1.1 christos static void 131 1.1 christos pam_ssh_free_key(pam_handle_t *pamh __unused, 132 1.1 christos void *data, int pam_err __unused) 133 1.1 christos { 134 1.1 christos struct pam_ssh_key *psk; 135 1.1 christos 136 1.1 christos psk = data; 137 1.1 christos key_free(psk->key); 138 1.1 christos free(psk->comment); 139 1.1 christos free(psk); 140 1.1 christos } 141 1.1 christos 142 1.1 christos PAM_EXTERN int 143 1.1 christos pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, 144 1.1 christos int argc __unused, const char *argv[] __unused) 145 1.1 christos { 146 1.1 christos const char **kfn, *passphrase, *user; 147 1.8.2.2 tron struct passwd *pwd, pwres; 148 1.1 christos struct pam_ssh_key *psk; 149 1.1 christos int nkeys, pam_err, pass; 150 1.8.2.2 tron char pwbuf[1024]; 151 1.1 christos 152 1.1 christos /* PEM is not loaded by default */ 153 1.1 christos OpenSSL_add_all_algorithms(); 154 1.1 christos 155 1.1 christos /* get user name and home directory */ 156 1.1 christos pam_err = pam_get_user(pamh, &user, NULL); 157 1.1 christos if (pam_err != PAM_SUCCESS) 158 1.1 christos return (pam_err); 159 1.8.2.3 tron if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 || 160 1.8.2.3 tron pwd == NULL) 161 1.1 christos return (PAM_USER_UNKNOWN); 162 1.1 christos if (pwd->pw_dir == NULL) 163 1.1 christos return (PAM_AUTH_ERR); 164 1.1 christos 165 1.1 christos /* switch to user credentials */ 166 1.1 christos pam_err = openpam_borrow_cred(pamh, pwd); 167 1.1 christos if (pam_err != PAM_SUCCESS) 168 1.1 christos return (pam_err); 169 1.1 christos 170 1.5 christos #ifdef notyet 171 1.5 christos for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) { 172 1.5 christos char path[MAXPATHLEN]; 173 1.5 christos (void)snprintf(path, sizeof(path), "%s/%s", pwd->pw_dir, *kfn); 174 1.5 christos if (access(path, R_OK) == 0) 175 1.5 christos break; 176 1.5 christos } 177 1.5 christos 178 1.5 christos if (*kfn == NULL) { 179 1.5 christos openpam_restore_cred(pamh); 180 1.5 christos return (PAM_AUTH_ERR); 181 1.5 christos } 182 1.5 christos #endif 183 1.5 christos 184 1.1 christos pass = (pam_get_item(pamh, PAM_AUTHTOK, 185 1.2 christos (const void **)__UNCONST(&passphrase)) == PAM_SUCCESS); 186 1.1 christos load_keys: 187 1.1 christos /* get passphrase */ 188 1.1 christos pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, 189 1.1 christos &passphrase, pam_ssh_prompt); 190 1.1 christos if (pam_err != PAM_SUCCESS) { 191 1.1 christos openpam_restore_cred(pamh); 192 1.1 christos return (pam_err); 193 1.1 christos } 194 1.1 christos 195 1.1 christos /* try to load keys from all keyfiles we know of */ 196 1.1 christos nkeys = 0; 197 1.1 christos for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) { 198 1.7 christos psk = pam_ssh_load_key(pwd, *kfn, passphrase); 199 1.1 christos if (psk != NULL) { 200 1.1 christos pam_set_data(pamh, *kfn, psk, pam_ssh_free_key); 201 1.1 christos ++nkeys; 202 1.1 christos } 203 1.1 christos } 204 1.1 christos 205 1.1 christos /* 206 1.1 christos * If we tried an old token and didn't get anything, and 207 1.1 christos * try_first_pass was specified, try again after prompting the 208 1.1 christos * user for a new passphrase. 209 1.1 christos */ 210 1.1 christos if (nkeys == 0 && pass == 1 && 211 1.1 christos openpam_get_option(pamh, "try_first_pass") != NULL) { 212 1.1 christos pam_set_item(pamh, PAM_AUTHTOK, NULL); 213 1.1 christos pass = 0; 214 1.1 christos goto load_keys; 215 1.1 christos } 216 1.1 christos 217 1.1 christos /* switch back to arbitrator credentials before returning */ 218 1.1 christos openpam_restore_cred(pamh); 219 1.1 christos 220 1.1 christos /* no keys? */ 221 1.1 christos if (nkeys == 0) 222 1.1 christos return (PAM_AUTH_ERR); 223 1.1 christos 224 1.1 christos pam_set_data(pamh, pam_ssh_have_keys, NULL, NULL); 225 1.1 christos return (PAM_SUCCESS); 226 1.1 christos } 227 1.1 christos 228 1.1 christos PAM_EXTERN int 229 1.1 christos pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, 230 1.1 christos int argc __unused, const char *argv[] __unused) 231 1.1 christos { 232 1.1 christos 233 1.1 christos return (PAM_SUCCESS); 234 1.1 christos } 235 1.1 christos 236 1.1 christos /* 237 1.1 christos * Parses a line from ssh-agent's output. 238 1.1 christos */ 239 1.1 christos static void 240 1.1 christos pam_ssh_process_agent_output(pam_handle_t *pamh, FILE *f) 241 1.1 christos { 242 1.1 christos char *line, *p, *key, *val; 243 1.1 christos size_t len; 244 1.1 christos 245 1.1 christos while ((line = fgetln(f, &len)) != NULL) { 246 1.1 christos if (len < 4 || strncmp(line, "SSH_", 4) != 0) 247 1.1 christos continue; 248 1.1 christos 249 1.1 christos /* find equal sign at end of key */ 250 1.1 christos for (p = key = line; p < line + len; ++p) 251 1.1 christos if (*p == '=') 252 1.1 christos break; 253 1.1 christos if (p == line + len || *p != '=') 254 1.1 christos continue; 255 1.1 christos *p = '\0'; 256 1.1 christos 257 1.1 christos /* find semicolon at end of value */ 258 1.1 christos for (val = ++p; p < line + len; ++p) 259 1.1 christos if (*p == ';') 260 1.1 christos break; 261 1.1 christos if (p == line + len || *p != ';') 262 1.1 christos continue; 263 1.1 christos *p = '\0'; 264 1.1 christos 265 1.1 christos /* store key-value pair in environment */ 266 1.1 christos openpam_log(PAM_LOG_DEBUG, "got %s: %s", key, val); 267 1.1 christos pam_setenv(pamh, key, val, 1); 268 1.1 christos } 269 1.1 christos } 270 1.1 christos 271 1.1 christos /* 272 1.1 christos * Starts an ssh agent and stores the environment variables derived from 273 1.1 christos * its output. 274 1.1 christos */ 275 1.1 christos static int 276 1.4 christos pam_ssh_start_agent(pam_handle_t *pamh, struct passwd *pwd) 277 1.1 christos { 278 1.1 christos int agent_pipe[2]; 279 1.1 christos pid_t pid; 280 1.1 christos FILE *f; 281 1.1 christos 282 1.1 christos /* get a pipe which we will use to read the agent's output */ 283 1.4 christos if (pipe(agent_pipe) == -1) 284 1.1 christos return (PAM_SYSTEM_ERR); 285 1.1 christos 286 1.1 christos /* start the agent */ 287 1.1 christos openpam_log(PAM_LOG_DEBUG, "starting an ssh agent"); 288 1.1 christos pid = fork(); 289 1.1 christos if (pid == (pid_t)-1) { 290 1.1 christos /* failed */ 291 1.1 christos close(agent_pipe[0]); 292 1.1 christos close(agent_pipe[1]); 293 1.1 christos return (PAM_SYSTEM_ERR); 294 1.1 christos } 295 1.1 christos if (pid == 0) { 296 1.2 christos #ifndef F_CLOSEM 297 1.1 christos int fd; 298 1.2 christos #endif 299 1.1 christos /* child: drop privs, close fds and start agent */ 300 1.4 christos if (setgid(pwd->pw_gid) == -1) { 301 1.4 christos openpam_log(PAM_LOG_DEBUG, "%s: Cannot setgid %d (%m)", 302 1.4 christos __FUNCTION__, (int)pwd->pw_gid); 303 1.4 christos goto done; 304 1.4 christos } 305 1.4 christos if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { 306 1.4 christos openpam_log(PAM_LOG_DEBUG, 307 1.4 christos "%s: Cannot initgroups for %s (%m)", 308 1.4 christos __FUNCTION__, pwd->pw_name); 309 1.4 christos goto done; 310 1.4 christos } 311 1.4 christos if (setuid(pwd->pw_uid) == -1) { 312 1.4 christos openpam_log(PAM_LOG_DEBUG, "%s: Cannot setuid %d (%m)", 313 1.4 christos __FUNCTION__, (int)pwd->pw_uid); 314 1.4 christos goto done; 315 1.4 christos } 316 1.4 christos (void)close(STDIN_FILENO); 317 1.4 christos (void)open(_PATH_DEVNULL, O_RDONLY); 318 1.4 christos (void)dup2(agent_pipe[1], STDOUT_FILENO); 319 1.4 christos (void)dup2(agent_pipe[1], STDERR_FILENO); 320 1.2 christos #ifdef F_CLOSEM 321 1.2 christos (void)fcntl(3, F_CLOSEM, 0); 322 1.2 christos #else 323 1.1 christos for (fd = 3; fd < getdtablesize(); ++fd) 324 1.4 christos (void)close(fd); 325 1.2 christos #endif 326 1.4 christos (void)execve(pam_ssh_agent, 327 1.4 christos (char **)__UNCONST(pam_ssh_agent_argv), 328 1.2 christos (char **)__UNCONST(pam_ssh_agent_envp)); 329 1.4 christos done: 330 1.1 christos _exit(127); 331 1.1 christos } 332 1.1 christos 333 1.1 christos /* parent */ 334 1.1 christos close(agent_pipe[1]); 335 1.1 christos if ((f = fdopen(agent_pipe[0], "r")) == NULL) 336 1.1 christos return (PAM_SYSTEM_ERR); 337 1.1 christos pam_ssh_process_agent_output(pamh, f); 338 1.1 christos fclose(f); 339 1.1 christos 340 1.1 christos return (PAM_SUCCESS); 341 1.1 christos } 342 1.1 christos 343 1.1 christos /* 344 1.1 christos * Adds previously stored keys to a running agent. 345 1.1 christos */ 346 1.1 christos static int 347 1.1 christos pam_ssh_add_keys_to_agent(pam_handle_t *pamh) 348 1.1 christos { 349 1.1 christos AuthenticationConnection *ac; 350 1.1 christos struct pam_ssh_key *psk; 351 1.1 christos const char **kfn; 352 1.1 christos char **envlist, **env; 353 1.1 christos int pam_err; 354 1.1 christos 355 1.1 christos /* switch to PAM environment */ 356 1.1 christos envlist = environ; 357 1.1 christos if ((environ = pam_getenvlist(pamh)) == NULL) { 358 1.4 christos openpam_log(PAM_LOG_DEBUG, "%s: cannot get envlist", 359 1.4 christos __FUNCTION__); 360 1.1 christos environ = envlist; 361 1.1 christos return (PAM_SYSTEM_ERR); 362 1.1 christos } 363 1.1 christos 364 1.1 christos /* get a connection to the agent */ 365 1.1 christos if ((ac = ssh_get_authentication_connection()) == NULL) { 366 1.4 christos openpam_log(PAM_LOG_DEBUG, 367 1.4 christos "%s: cannot get authentication connection", 368 1.4 christos __FUNCTION__); 369 1.1 christos pam_err = PAM_SYSTEM_ERR; 370 1.1 christos goto end; 371 1.1 christos } 372 1.1 christos 373 1.1 christos /* look for keys to add to it */ 374 1.1 christos for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) { 375 1.2 christos pam_err = pam_get_data(pamh, *kfn, (void **)__UNCONST(&psk)); 376 1.1 christos if (pam_err == PAM_SUCCESS && psk != NULL) { 377 1.1 christos if (ssh_add_identity(ac, psk->key, psk->comment)) 378 1.1 christos openpam_log(PAM_LOG_DEBUG, 379 1.1 christos "added %s to ssh agent", psk->comment); 380 1.1 christos else 381 1.1 christos openpam_log(PAM_LOG_DEBUG, "failed " 382 1.1 christos "to add %s to ssh agent", psk->comment); 383 1.1 christos /* we won't need the key again, so wipe it */ 384 1.1 christos pam_set_data(pamh, *kfn, NULL, NULL); 385 1.1 christos } 386 1.1 christos } 387 1.1 christos pam_err = PAM_SUCCESS; 388 1.1 christos end: 389 1.1 christos /* disconnect from agent */ 390 1.1 christos if (ac != NULL) 391 1.1 christos ssh_close_authentication_connection(ac); 392 1.1 christos 393 1.1 christos /* switch back to original environment */ 394 1.1 christos for (env = environ; *env != NULL; ++env) 395 1.1 christos free(*env); 396 1.1 christos free(environ); 397 1.1 christos environ = envlist; 398 1.1 christos 399 1.1 christos return (pam_err); 400 1.1 christos } 401 1.1 christos 402 1.1 christos PAM_EXTERN int 403 1.1 christos pam_sm_open_session(pam_handle_t *pamh, int flags __unused, 404 1.1 christos int argc __unused, const char *argv[] __unused) 405 1.1 christos { 406 1.8.2.2 tron struct passwd *pwd, pwres; 407 1.1 christos const char *user; 408 1.1 christos void *data; 409 1.4 christos int pam_err = PAM_SUCCESS; 410 1.8.2.2 tron char pwbuf[1024]; 411 1.1 christos 412 1.1 christos /* no keys, no work */ 413 1.1 christos if (pam_get_data(pamh, pam_ssh_have_keys, &data) != PAM_SUCCESS && 414 1.1 christos openpam_get_option(pamh, "want_agent") == NULL) 415 1.1 christos return (PAM_SUCCESS); 416 1.1 christos 417 1.1 christos /* switch to user credentials */ 418 1.1 christos pam_err = pam_get_user(pamh, &user, NULL); 419 1.1 christos if (pam_err != PAM_SUCCESS) 420 1.1 christos return (pam_err); 421 1.8.2.3 tron if (getpwnam_r(user, &pwres, pwbuf, sizeof(pwbuf), &pwd) != 0 || 422 1.8.2.3 tron pwd == NULL) 423 1.1 christos return (PAM_USER_UNKNOWN); 424 1.4 christos 425 1.4 christos /* start the agent */ 426 1.4 christos pam_err = pam_ssh_start_agent(pamh, pwd); 427 1.4 christos if (pam_err != PAM_SUCCESS) 428 1.4 christos return pam_err; 429 1.4 christos 430 1.1 christos pam_err = openpam_borrow_cred(pamh, pwd); 431 1.1 christos if (pam_err != PAM_SUCCESS) 432 1.4 christos return pam_err; 433 1.1 christos 434 1.1 christos /* we have an agent, see if we can add any keys to it */ 435 1.1 christos pam_err = pam_ssh_add_keys_to_agent(pamh); 436 1.1 christos if (pam_err != PAM_SUCCESS) { 437 1.1 christos /* XXX ignore failures */ 438 1.4 christos openpam_log(PAM_LOG_DEBUG, "failed adding keys to ssh agent"); 439 1.4 christos pam_err = PAM_SUCCESS; 440 1.1 christos } 441 1.1 christos 442 1.1 christos openpam_restore_cred(pamh); 443 1.4 christos return pam_err; 444 1.1 christos } 445 1.1 christos 446 1.1 christos PAM_EXTERN int 447 1.1 christos pam_sm_close_session(pam_handle_t *pamh, int flags __unused, 448 1.1 christos int argc __unused, const char *argv[] __unused) 449 1.1 christos { 450 1.1 christos const char *ssh_agent_pid; 451 1.1 christos char *end; 452 1.1 christos int status; 453 1.1 christos pid_t pid; 454 1.1 christos 455 1.1 christos if ((ssh_agent_pid = pam_getenv(pamh, "SSH_AGENT_PID")) == NULL) { 456 1.1 christos openpam_log(PAM_LOG_DEBUG, "no ssh agent"); 457 1.1 christos return (PAM_SUCCESS); 458 1.1 christos } 459 1.1 christos pid = (pid_t)strtol(ssh_agent_pid, &end, 10); 460 1.1 christos if (*ssh_agent_pid == '\0' || *end != '\0') { 461 1.1 christos openpam_log(PAM_LOG_DEBUG, "invalid ssh agent pid"); 462 1.1 christos return (PAM_SESSION_ERR); 463 1.1 christos } 464 1.1 christos openpam_log(PAM_LOG_DEBUG, "killing ssh agent %d", (int)pid); 465 1.1 christos if (kill(pid, SIGTERM) == -1 || 466 1.1 christos (waitpid(pid, &status, 0) == -1 && errno != ECHILD)) 467 1.1 christos return (PAM_SYSTEM_ERR); 468 1.1 christos return (PAM_SUCCESS); 469 1.1 christos } 470 1.1 christos 471 1.1 christos PAM_MODULE_ENTRY("pam_ssh"); 472
Indexes created Mon Sep 29 21:09:56 GMT 2025