diff options
author | Darren Tucker <dtucker@dtucker.net> | 2020-08-07 17:12:16 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2020-08-07 17:14:56 +1000 |
commit | ed6bef77f5bb5b8f9ca2914478949e29f2f0a780 (patch) | |
tree | 045eaa656999dd458d14a88965b295766c3ea634 /auth2.c | |
parent | a09e98dcae1e26f026029b7142b0e0d10130056f (diff) |
Always send any PAM account messages.
If the PAM account stack reaturns any messages, send them to the user
not just if the check succeeds. bz#2049, ok djm@
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 26 |
1 files changed, 13 insertions, 13 deletions
@@ -390,20 +390,20 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, | |||
390 | 390 | ||
391 | #ifdef USE_PAM | 391 | #ifdef USE_PAM |
392 | if (options.use_pam && authenticated) { | 392 | if (options.use_pam && authenticated) { |
393 | int r; | 393 | int r, success = PRIVSEP(do_pam_account()); |
394 | 394 | ||
395 | if (!PRIVSEP(do_pam_account())) { | 395 | /* If PAM returned a message, send it to the user. */ |
396 | /* if PAM returned a message, send it to the user */ | 396 | if (sshbuf_len(loginmsg) > 0) { |
397 | if (sshbuf_len(loginmsg) > 0) { | 397 | if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) |
398 | if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) | 398 | fatal("%s: buffer error: %s", |
399 | fatal("%s: buffer error: %s", | 399 | __func__, ssh_err(r)); |
400 | __func__, ssh_err(r)); | 400 | userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); |
401 | userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); | 401 | if ((r = ssh_packet_write_wait(ssh)) != 0) { |
402 | if ((r = ssh_packet_write_wait(ssh)) != 0) { | 402 | sshpkt_fatal(ssh, r, |
403 | sshpkt_fatal(ssh, r, | 403 | "%s: send PAM banner", __func__); |
404 | "%s: send PAM banner", __func__); | ||
405 | } | ||
406 | } | 404 | } |
405 | } | ||
406 | if (!success) { | ||
407 | fatal("Access denied for user %s by PAM account " | 407 | fatal("Access denied for user %s by PAM account " |
408 | "configuration", authctxt->user); | 408 | "configuration", authctxt->user); |
409 | } | 409 | } |