From stolz@i2.informatik.rwth-aachen.de  Tue Jul 24 09:28:07 2001
Return-Path: <stolz@i2.informatik.rwth-aachen.de>
Received: from mailout02.sul.t-online.de (mailout02.sul.t-online.com [194.25.134.17])
	by hub.freebsd.org (Postfix) with ESMTP id 4E99E37B40A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Jul 2001 09:28:07 -0700 (PDT)
	(envelope-from stolz@i2.informatik.rwth-aachen.de)
Received: from fwd06.sul.t-online.de 
	by mailout02.sul.t-online.de with smtp 
	id 15P52U-0003S9-0C; Tue, 24 Jul 2001 18:28:06 +0200
Received: from theater.dyndns.org (320068889749-0001@[62.226.0.80]) by fmrl06.sul.t-online.com
	with esmtp id 15P52K-155vs0C; Tue, 24 Jul 2001 18:27:56 +0200
Received: from monster.ikea.net (monster.ikea.net [192.168.2.3])
	by theater.dyndns.org (8.11.4/8.11.3) with ESMTP id f6OGRnm03251;
	Tue, 24 Jul 2001 18:27:49 +0200 (CEST)
	(envelope-from stolz@i2.informatik.rwth-aachen.de)
Received: (from vs@localhost)
	by monster.ikea.net (8.11.4/8.11.1) id f6OGRrI00740;
	Tue, 24 Jul 2001 18:27:53 +0200 (CEST)
	(envelope-from vs)
Message-Id: <200107241627.f6OGRrI00740@monster.ikea.net>
Date: Tue, 24 Jul 2001 18:27:53 +0200 (CEST)
From: Volker Stolz <vs@i2.informatik.rwth-aachen.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Volker Stolz <vs@i2.informatik.rwth-aachen.de>
Subject: [PATCH] /usr/bin/login.c doesnt save variables from pam_open_session
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         29193
>Category:       bin
>Synopsis:       [PATCH] /usr/bin/login.c doesnt save variables from pam_open_session
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 24 09:30:00 PDT 2001
>Closed-Date:    Sat Aug 18 09:16:17 PDT 2001
>Last-Modified:  Sat Aug 18 09:17:22 PDT 2001
>Originator:     Volker Stolz
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
Lehrstuhl fr Informatik II
>Environment:
System: FreeBSD monster.ikea.net 4.3-STABLE FreeBSD 4.3-STABLE #22: Sun Jul 15 12:26:32 CEST 2001 vs@monster.ikea.net:/opt/obj/opt/src/sys/MONSTER i386


>Description:
	The recent changes to login.c still dont take care of variables set by pam_open_session.
	The pam-environment is copied too early. However, you will only note the differences if
	youre using pam extensively, e.g. /usr/ports/security/pam_ssh. [The default pam_ssh
	plugin in the base system seems to be a NOP]
>How-To-Repeat:
	Install /usr/ports/security/pam_ssh, setup /etc/pam.conf (take care, the port installs
	the plugin in /usr/*local*/lib!). You wont get the SSH-variables set after logging in
	on the console until you apply the patch.
>Fix:
--- login.orig	Fri Jul 20 11:05:23 2001
+++ login.c	Tue Jul 24 18:16:07 2001
@@ -575,18 +575,6 @@
 	if (!pflag)
 		environ = envinit;
 
-#ifdef USE_PAM
-	/*
-	 * Add any environmental variables that the
-	 * PAM modules may have set.
-	 */
-	if (pamh) {
-		environ_pam = pam_getenvlist(pamh);
-		if (environ_pam)
-			export_pam_environment();
-	}
-#endif /* USE_PAM */
-
 	/*
 	 * PAM modules might add supplementary groups during pam_setcred().
 	 */
@@ -605,6 +593,15 @@
 			syslog(LOG_ERR, "pam_setcred: %s",
 			    pam_strerror(pamh, e));
 		}
+
+	        /*
+	         * Add any environmental variables that the
+	         * PAM modules may have set.
+		 * Call *after* opening session!
+		 */
+		environ_pam = pam_getenvlist(pamh);
+		if (environ_pam)
+			export_pam_environment();
 
 		/*
 		 * We must fork() before setuid() because we need to call
>Release-Note:
>Audit-Trail:

From: Volker Stolz <stolz@pool.informatik.rwth-aachen.de>
To: freebsd-gnats-submit@FreeBSD.org
Cc: stolz@i2.informatik.rwth-aachen.de
Subject: Re: bin/29193: [PATCH] /usr/bin/login.c =?ISO-8859-1?Q?doesn=B4t?= save 
	variables from pam_open_session
Date: Tue, 24 Jul 2001 18:44:30 +0200

 *sigh* Make that stolz@i2 in the email address.
 -- 
 "I came out of it dead broke, without a house, without anything, except
 a girlfriend and a knowledge of Unix." "Well, thats something. Normally
 those two are mutually exclusive." N. Stephenson, "Cryptonomicon"
 

From: Volker Stolz <stolz@i2.informatik.rwth-aachen.de>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/29193: This PR can be closed
Date: Sat, 18 Aug 2001 18:08:55 +0200 (CEST)

 This PR can be closed
 
 Reason: Patch has been applied to CVS recently.
State-Changed-From-To: open->closed 
State-Changed-By: mikeh 
State-Changed-When: Sat Aug 18 09:16:17 PDT 2001 
State-Changed-Why:  
Fixed in src/usr.bin/login/login.c,v 1.65. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=29193 
>Unformatted:
