diff options
-rw-r--r-- | sshd.c | 15 |
1 files changed, 7 insertions, 8 deletions
@@ -11,7 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$Id: sshd.c,v 1.41 1999/12/25 23:21:48 damien Exp $"); | 14 | RCSID("$Id: sshd.c,v 1.42 1999/12/26 02:31:06 damien Exp $"); |
15 | 15 | ||
16 | #ifdef HAVE_POLL_H | 16 | #ifdef HAVE_POLL_H |
17 | # include <poll.h> | 17 | # include <poll.h> |
@@ -146,7 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term, | |||
146 | #ifdef HAVE_LIBPAM | 146 | #ifdef HAVE_LIBPAM |
147 | static int pamconv(int num_msg, const struct pam_message **msg, | 147 | static int pamconv(int num_msg, const struct pam_message **msg, |
148 | struct pam_response **resp, void *appdata_ptr); | 148 | struct pam_response **resp, void *appdata_ptr); |
149 | int do_pam_auth(const char *user, const char *password); | 149 | int do_pam_auth(const char *user, const char *password, int quiet); |
150 | void do_pam_account(char *username, char *remote_user); | 150 | void do_pam_account(char *username, char *remote_user); |
151 | void do_pam_session(char *username, char *ttyname); | 151 | void do_pam_session(char *username, char *ttyname); |
152 | void pam_cleanup_proc(void *context); | 152 | void pam_cleanup_proc(void *context); |
@@ -238,19 +238,18 @@ void pam_cleanup_proc(void *context) | |||
238 | } | 238 | } |
239 | } | 239 | } |
240 | 240 | ||
241 | int do_pam_auth(const char *user, const char *password) | 241 | int do_pam_auth(const char *user, const char *password, int quiet) |
242 | { | 242 | { |
243 | int pam_retval; | 243 | int pam_retval; |
244 | 244 | ||
245 | pampasswd = password; | 245 | pampasswd = password; |
246 | 246 | ||
247 | pam_retval = pam_authenticate((pam_handle_t *)pamh, 0); | 247 | pam_retval = pam_authenticate((pam_handle_t *)pamh, quiet?PAM_SILENT:0); |
248 | if (pam_retval == PAM_SUCCESS) { | 248 | if (pam_retval == PAM_SUCCESS) { |
249 | log("PAM Password authentication accepted for user \"%.100s\"", user); | 249 | log("PAM Password authentication accepted for user \"%.100s\"", user); |
250 | return 1; | 250 | return 1; |
251 | } else { | 251 | } else { |
252 | /* Don't log failure for auth attempts with empty password */ | 252 | if (!quiet) |
253 | if (password[0] != '\0') | ||
254 | log("PAM Password authentication for \"%.100s\" failed: %s", | 253 | log("PAM Password authentication for \"%.100s\" failed: %s", |
255 | user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | 254 | user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); |
256 | return 0; | 255 | return 0; |
@@ -1313,7 +1312,7 @@ do_authentication(char *user) | |||
1313 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && | 1312 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && |
1314 | #endif /* KRB4 */ | 1313 | #endif /* KRB4 */ |
1315 | #ifdef HAVE_LIBPAM | 1314 | #ifdef HAVE_LIBPAM |
1316 | do_pam_auth(pw->pw_name, "")) { | 1315 | do_pam_auth(pw->pw_name, "", 1)) { |
1317 | #else /* HAVE_LIBPAM */ | 1316 | #else /* HAVE_LIBPAM */ |
1318 | auth_password(pw, "")) { | 1317 | auth_password(pw, "")) { |
1319 | #endif /* HAVE_LIBPAM */ | 1318 | #endif /* HAVE_LIBPAM */ |
@@ -1524,7 +1523,7 @@ do_authloop(struct passwd * pw) | |||
1524 | 1523 | ||
1525 | #ifdef HAVE_LIBPAM | 1524 | #ifdef HAVE_LIBPAM |
1526 | /* Do PAM auth with password */ | 1525 | /* Do PAM auth with password */ |
1527 | authenticated = do_pam_auth(pw->pw_name, password); | 1526 | authenticated = do_pam_auth(pw->pw_name, password, 0); |
1528 | #else /* HAVE_LIBPAM */ | 1527 | #else /* HAVE_LIBPAM */ |
1529 | /* Try authentication with the password. */ | 1528 | /* Try authentication with the password. */ |
1530 | authenticated = auth_password(pw, password); | 1529 | authenticated = auth_password(pw, password); |