diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | auth-pam.c | 23 |
2 files changed, 18 insertions, 8 deletions
| @@ -1,3 +1,6 @@ | |||
| 1 | 20001014 | ||
| 2 | - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth | ||
| 3 | |||
| 1 | 20001007 | 4 | 20001007 |
| 2 | - (stevesk) Print PAM return value in PAM log messages to aid | 5 | - (stevesk) Print PAM return value in PAM log messages to aid |
| 3 | with debugging. | 6 | with debugging. |
diff --git a/auth-pam.c b/auth-pam.c index 57a558d87..f4cbd46e2 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
| @@ -29,7 +29,7 @@ | |||
| 29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
| 30 | #include "servconf.h" | 30 | #include "servconf.h" |
| 31 | 31 | ||
| 32 | RCSID("$Id: auth-pam.c,v 1.14 2000/10/07 11:16:55 stevesk Exp $"); | 32 | RCSID("$Id: auth-pam.c,v 1.15 2000/10/14 00:16:12 djm Exp $"); |
| 33 | 33 | ||
| 34 | #define NEW_AUTHTOK_MSG \ | 34 | #define NEW_AUTHTOK_MSG \ |
| 35 | "Warning: Your password has expired, please change it now" | 35 | "Warning: Your password has expired, please change it now" |
| @@ -83,11 +83,16 @@ static int pamconv(int num_msg, const struct pam_message **msg, | |||
| 83 | for (count = 0; count < num_msg; count++) { | 83 | for (count = 0; count < num_msg; count++) { |
| 84 | switch ((*msg)[count].msg_style) { | 84 | switch ((*msg)[count].msg_style) { |
| 85 | case PAM_PROMPT_ECHO_ON: | 85 | case PAM_PROMPT_ECHO_ON: |
| 86 | fputs((*msg)[count].msg, stderr); | 86 | if (pamstate == INITIAL_LOGIN) { |
| 87 | fgets(buf, sizeof(buf), stdin); | 87 | free(reply); |
| 88 | reply[count].resp = xstrdup(buf); | 88 | return PAM_CONV_ERR; |
| 89 | reply[count].resp_retcode = PAM_SUCCESS; | 89 | } else { |
| 90 | break; | 90 | fputs((*msg)[count].msg, stderr); |
| 91 | fgets(buf, sizeof(buf), stdin); | ||
| 92 | reply[count].resp = xstrdup(buf); | ||
| 93 | reply[count].resp_retcode = PAM_SUCCESS; | ||
| 94 | break; | ||
| 95 | } | ||
| 91 | case PAM_PROMPT_ECHO_OFF: | 96 | case PAM_PROMPT_ECHO_OFF: |
| 92 | if (pamstate == INITIAL_LOGIN) { | 97 | if (pamstate == INITIAL_LOGIN) { |
| 93 | if (pampasswd == NULL) { | 98 | if (pampasswd == NULL) { |
| @@ -95,8 +100,10 @@ static int pamconv(int num_msg, const struct pam_message **msg, | |||
| 95 | return PAM_CONV_ERR; | 100 | return PAM_CONV_ERR; |
| 96 | } | 101 | } |
| 97 | reply[count].resp = xstrdup(pampasswd); | 102 | reply[count].resp = xstrdup(pampasswd); |
| 98 | } else | 103 | } else { |
| 99 | reply[count].resp = xstrdup(read_passphrase((*msg)[count].msg, 1)); | 104 | reply[count].resp = |
| 105 | xstrdup(read_passphrase((*msg)[count].msg, 1)); | ||
| 106 | } | ||
| 100 | reply[count].resp_retcode = PAM_SUCCESS; | 107 | reply[count].resp_retcode = PAM_SUCCESS; |
| 101 | break; | 108 | break; |
| 102 | case PAM_ERROR_MSG: | 109 | case PAM_ERROR_MSG: |