diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-09-11 23:07:03 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-09-11 23:07:03 +1000 |
| commit | 77fc29eeb382974ae063227c249ee3b98646e38a (patch) | |
| tree | fba14efc7adf195758fc0e556c88d8fcc772919c /auth-pam.c | |
| parent | 4765679649c51a83e5ceb3d0c1e51e33db251f27 (diff) | |
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
Bug #892: Send messages from failing PAM account modules to the client via
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
Diffstat (limited to 'auth-pam.c')
| -rw-r--r-- | auth-pam.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/auth-pam.c b/auth-pam.c index 4ad86de9e..0a6817d63 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -47,7 +47,7 @@ | |||
| 47 | 47 | ||
| 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 48 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
| 49 | #include "includes.h" | 49 | #include "includes.h" |
| 50 | RCSID("$Id: auth-pam.c,v 1.116 2004/09/11 12:28:02 dtucker Exp $"); | 50 | RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); |
| 51 | 51 | ||
| 52 | #ifdef USE_PAM | 52 | #ifdef USE_PAM |
| 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) | 53 | #if defined(HAVE_SECURITY_PAM_APPL_H) |
| @@ -572,7 +572,7 @@ sshpam_init(Authctxt *authctxt) | |||
| 572 | } | 572 | } |
| 573 | debug("PAM: initializing for \"%s\"", user); | 573 | debug("PAM: initializing for \"%s\"", user); |
| 574 | sshpam_err = | 574 | sshpam_err = |
| 575 | pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); | 575 | pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle); |
| 576 | sshpam_authctxt = authctxt; | 576 | sshpam_authctxt = authctxt; |
| 577 | 577 | ||
| 578 | if (sshpam_err != PAM_SUCCESS) { | 578 | if (sshpam_err != PAM_SUCCESS) { |
| @@ -804,11 +804,13 @@ finish_pam(void) | |||
| 804 | u_int | 804 | u_int |
| 805 | do_pam_account(void) | 805 | do_pam_account(void) |
| 806 | { | 806 | { |
| 807 | debug("%s: called", __func__); | ||
| 807 | if (sshpam_account_status != -1) | 808 | if (sshpam_account_status != -1) |
| 808 | return (sshpam_account_status); | 809 | return (sshpam_account_status); |
| 809 | 810 | ||
| 810 | sshpam_err = pam_acct_mgmt(sshpam_handle, 0); | 811 | sshpam_err = pam_acct_mgmt(sshpam_handle, 0); |
| 811 | debug3("PAM: %s pam_acct_mgmt = %d", __func__, sshpam_err); | 812 | debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, |
| 813 | pam_strerror(sshpam_handle, sshpam_err)); | ||
| 812 | 814 | ||
| 813 | if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { | 815 | if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { |
| 814 | sshpam_account_status = 0; | 816 | sshpam_account_status = 0; |
| @@ -838,7 +840,7 @@ void | |||
| 838 | do_pam_setcred(int init) | 840 | do_pam_setcred(int init) |
| 839 | { | 841 | { |
| 840 | sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, | 842 | sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, |
| 841 | (const void *)&null_conv); | 843 | (const void *)&store_conv); |
| 842 | if (sshpam_err != PAM_SUCCESS) | 844 | if (sshpam_err != PAM_SUCCESS) |
| 843 | fatal("PAM: failed to set PAM_CONV: %s", | 845 | fatal("PAM: failed to set PAM_CONV: %s", |
| 844 | pam_strerror(sshpam_handle, sshpam_err)); | 846 | pam_strerror(sshpam_handle, sshpam_err)); |