summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-12-26 13:31:06 +1100
committerDamien Miller <djm@mindrot.org>1999-12-26 13:31:06 +1100
commit3b623d900e15b9565c3c5448c2c172ae467132b7 (patch)
treed6d4ff879d984de34e6fa5acf34ab9dae32339cf /sshd.c
parente17ba1007ea73231c20c42c8cf61ecae58f3bdba (diff)
Better fix for PAM logging
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c15
1 files changed, 7 insertions, 8 deletions
diff --git a/sshd.c b/sshd.c
index c06d914e6..66df93d77 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$Id: sshd.c,v 1.41 1999/12/25 23:21:48 damien Exp $"); 14RCSID("$Id: sshd.c,v 1.42 1999/12/26 02:31:06 damien Exp $");
15 15
16#ifdef HAVE_POLL_H 16#ifdef HAVE_POLL_H
17# include <poll.h> 17# include <poll.h>
@@ -146,7 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
146#ifdef HAVE_LIBPAM 146#ifdef HAVE_LIBPAM
147static int pamconv(int num_msg, const struct pam_message **msg, 147static int pamconv(int num_msg, const struct pam_message **msg,
148 struct pam_response **resp, void *appdata_ptr); 148 struct pam_response **resp, void *appdata_ptr);
149int do_pam_auth(const char *user, const char *password); 149int do_pam_auth(const char *user, const char *password, int quiet);
150void do_pam_account(char *username, char *remote_user); 150void do_pam_account(char *username, char *remote_user);
151void do_pam_session(char *username, char *ttyname); 151void do_pam_session(char *username, char *ttyname);
152void pam_cleanup_proc(void *context); 152void pam_cleanup_proc(void *context);
@@ -238,19 +238,18 @@ void pam_cleanup_proc(void *context)
238 } 238 }
239} 239}
240 240
241int do_pam_auth(const char *user, const char *password) 241int do_pam_auth(const char *user, const char *password, int quiet)
242{ 242{
243 int pam_retval; 243 int pam_retval;
244 244
245 pampasswd = password; 245 pampasswd = password;
246 246
247 pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); 247 pam_retval = pam_authenticate((pam_handle_t *)pamh, quiet?PAM_SILENT:0);
248 if (pam_retval == PAM_SUCCESS) { 248 if (pam_retval == PAM_SUCCESS) {
249 log("PAM Password authentication accepted for user \"%.100s\"", user); 249 log("PAM Password authentication accepted for user \"%.100s\"", user);
250 return 1; 250 return 1;
251 } else { 251 } else {
252 /* Don't log failure for auth attempts with empty password */ 252 if (!quiet)
253 if (password[0] != '\0')
254 log("PAM Password authentication for \"%.100s\" failed: %s", 253 log("PAM Password authentication for \"%.100s\" failed: %s",
255 user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); 254 user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
256 return 0; 255 return 0;
@@ -1313,7 +1312,7 @@ do_authentication(char *user)
1313 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && 1312 (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
1314#endif /* KRB4 */ 1313#endif /* KRB4 */
1315#ifdef HAVE_LIBPAM 1314#ifdef HAVE_LIBPAM
1316 do_pam_auth(pw->pw_name, "")) { 1315 do_pam_auth(pw->pw_name, "", 1)) {
1317#else /* HAVE_LIBPAM */ 1316#else /* HAVE_LIBPAM */
1318 auth_password(pw, "")) { 1317 auth_password(pw, "")) {
1319#endif /* HAVE_LIBPAM */ 1318#endif /* HAVE_LIBPAM */
@@ -1524,7 +1523,7 @@ do_authloop(struct passwd * pw)
1524 1523
1525#ifdef HAVE_LIBPAM 1524#ifdef HAVE_LIBPAM
1526 /* Do PAM auth with password */ 1525 /* Do PAM auth with password */
1527 authenticated = do_pam_auth(pw->pw_name, password); 1526 authenticated = do_pam_auth(pw->pw_name, password, 0);
1528#else /* HAVE_LIBPAM */ 1527#else /* HAVE_LIBPAM */
1529 /* Try authentication with the password. */ 1528 /* Try authentication with the password. */
1530 authenticated = auth_password(pw, password); 1529 authenticated = auth_password(pw, password);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-30 05:17:41 +0000