summaryrefslogtreecommitdiff
path: root/auth2.c
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@dtucker.net>2020-08-07 17:12:16 +1000
committerDarren Tucker <dtucker@dtucker.net>2020-08-07 17:14:56 +1000
commited6bef77f5bb5b8f9ca2914478949e29f2f0a780 (patch)
tree045eaa656999dd458d14a88965b295766c3ea634 /auth2.c
parenta09e98dcae1e26f026029b7142b0e0d10130056f (diff)
Always send any PAM account messages.
If the PAM account stack reaturns any messages, send them to the user not just if the check succeeds. bz#2049, ok djm@
Diffstat (limited to 'auth2.c')
-rw-r--r--auth2.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/auth2.c b/auth2.c
index 91aaf34a6..242a7adbe 100644
--- a/auth2.c
+++ b/auth2.c
@@ -390,20 +390,20 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
390 390
391#ifdef USE_PAM 391#ifdef USE_PAM
392 if (options.use_pam && authenticated) { 392 if (options.use_pam && authenticated) {
393 int r; 393 int r, success = PRIVSEP(do_pam_account());
394 394
395 if (!PRIVSEP(do_pam_account())) { 395 /* If PAM returned a message, send it to the user. */
396 /* if PAM returned a message, send it to the user */ 396 if (sshbuf_len(loginmsg) > 0) {
397 if (sshbuf_len(loginmsg) > 0) { 397 if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
398 if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) 398 fatal("%s: buffer error: %s",
399 fatal("%s: buffer error: %s", 399 __func__, ssh_err(r));
400 __func__, ssh_err(r)); 400 userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
401 userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); 401 if ((r = ssh_packet_write_wait(ssh)) != 0) {
402 if ((r = ssh_packet_write_wait(ssh)) != 0) { 402 sshpkt_fatal(ssh, r,
403 sshpkt_fatal(ssh, r, 403 "%s: send PAM banner", __func__);
404 "%s: send PAM banner", __func__);
405 }
406 } 404 }
405 }
406 if (!success) {
407 fatal("Access denied for user %s by PAM account " 407 fatal("Access denied for user %s by PAM account "
408 "configuration", authctxt->user); 408 "configuration", authctxt->user);
409 } 409 }