summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--auth-pam.c35
2 files changed, 26 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index 908fd233f..b850f42dd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,8 @@
43 - djm@cvs.openbsd.org 2003/11/17 09:45:39 43 - djm@cvs.openbsd.org 2003/11/17 09:45:39
44 [msg.c msg.h sshconnect2.c ssh-keysign.c] 44 [msg.c msg.h sshconnect2.c ssh-keysign.c]
45 return error on msg send/receive failure (rather than fatal); ok markus@ 45 return error on msg send/receive failure (rather than fatal); ok markus@
46 - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
47 conversation function
46 48
4720031115 4920031115
48 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and 50 - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@@ -1463,4 +1465,4 @@
1463 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. 1465 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1464 Report from murple@murple.net, diagnosis from dtucker@zip.com.au 1466 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1465 1467
1466$Id: ChangeLog,v 1.3109 2003/11/17 10:20:47 djm Exp $ 1468$Id: ChangeLog,v 1.3110 2003/11/17 10:27:55 djm Exp $
diff --git a/auth-pam.c b/auth-pam.c
index 1f0b791ed..4d2f9c597 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,7 +31,7 @@
31 31
32/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ 32/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
33#include "includes.h" 33#include "includes.h"
34RCSID("$Id: auth-pam.c,v 1.78 2003/11/13 08:52:31 dtucker Exp $"); 34RCSID("$Id: auth-pam.c,v 1.79 2003/11/17 10:27:55 djm Exp $");
35 35
36#ifdef USE_PAM 36#ifdef USE_PAM
37#include <security/pam_appl.h> 37#include <security/pam_appl.h>
@@ -156,9 +156,11 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
156 case PAM_PROMPT_ECHO_OFF: 156 case PAM_PROMPT_ECHO_OFF:
157 buffer_put_cstring(&buffer, 157 buffer_put_cstring(&buffer,
158 PAM_MSG_MEMBER(msg, i, msg)); 158 PAM_MSG_MEMBER(msg, i, msg));
159 ssh_msg_send(ctxt->pam_csock, 159 if (ssh_msg_send(ctxt->pam_csock,
160 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 160 PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
161 ssh_msg_recv(ctxt->pam_csock, &buffer); 161 goto fail;
162 if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
163 goto fail;
162 if (buffer_get_char(&buffer) != PAM_AUTHTOK) 164 if (buffer_get_char(&buffer) != PAM_AUTHTOK)
163 goto fail; 165 goto fail;
164 reply[i].resp = buffer_get_string(&buffer, NULL); 166 reply[i].resp = buffer_get_string(&buffer, NULL);
@@ -166,9 +168,11 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
166 case PAM_PROMPT_ECHO_ON: 168 case PAM_PROMPT_ECHO_ON:
167 buffer_put_cstring(&buffer, 169 buffer_put_cstring(&buffer,
168 PAM_MSG_MEMBER(msg, i, msg)); 170 PAM_MSG_MEMBER(msg, i, msg));
169 ssh_msg_send(ctxt->pam_csock, 171 if (ssh_msg_send(ctxt->pam_csock,
170 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 172 PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
171 ssh_msg_recv(ctxt->pam_csock, &buffer); 173 goto fail;
174 if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
175 goto fail;
172 if (buffer_get_char(&buffer) != PAM_AUTHTOK) 176 if (buffer_get_char(&buffer) != PAM_AUTHTOK)
173 goto fail; 177 goto fail;
174 reply[i].resp = buffer_get_string(&buffer, NULL); 178 reply[i].resp = buffer_get_string(&buffer, NULL);
@@ -176,14 +180,16 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
176 case PAM_ERROR_MSG: 180 case PAM_ERROR_MSG:
177 buffer_put_cstring(&buffer, 181 buffer_put_cstring(&buffer,
178 PAM_MSG_MEMBER(msg, i, msg)); 182 PAM_MSG_MEMBER(msg, i, msg));
179 ssh_msg_send(ctxt->pam_csock, 183 if (ssh_msg_send(ctxt->pam_csock,
180 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 184 PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
185 goto fail;
181 break; 186 break;
182 case PAM_TEXT_INFO: 187 case PAM_TEXT_INFO:
183 buffer_put_cstring(&buffer, 188 buffer_put_cstring(&buffer,
184 PAM_MSG_MEMBER(msg, i, msg)); 189 PAM_MSG_MEMBER(msg, i, msg));
185 ssh_msg_send(ctxt->pam_csock, 190 if (ssh_msg_send(ctxt->pam_csock,
186 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 191 PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
192 goto fail;
187 break; 193 break;
188 default: 194 default:
189 goto fail; 195 goto fail;
@@ -232,6 +238,7 @@ sshpam_thread(void *ctxtp)
232 if (sshpam_err != PAM_SUCCESS) 238 if (sshpam_err != PAM_SUCCESS)
233 goto auth_fail; 239 goto auth_fail;
234 buffer_put_cstring(&buffer, "OK"); 240 buffer_put_cstring(&buffer, "OK");
241 /* XXX - can't do much about an error here */
235 ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); 242 ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
236 buffer_free(&buffer); 243 buffer_free(&buffer);
237 pthread_exit(NULL); 244 pthread_exit(NULL);
@@ -239,6 +246,7 @@ sshpam_thread(void *ctxtp)
239 auth_fail: 246 auth_fail:
240 buffer_put_cstring(&buffer, 247 buffer_put_cstring(&buffer,
241 pam_strerror(sshpam_handle, sshpam_err)); 248 pam_strerror(sshpam_handle, sshpam_err));
249 /* XXX - can't do much about an error here */
242 ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); 250 ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
243 buffer_free(&buffer); 251 buffer_free(&buffer);
244 pthread_exit(NULL); 252 pthread_exit(NULL);
@@ -474,7 +482,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
474 } 482 }
475 buffer_init(&buffer); 483 buffer_init(&buffer);
476 buffer_put_cstring(&buffer, *resp); 484 buffer_put_cstring(&buffer, *resp);
477 ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer); 485 if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
486 buffer_free(&buffer);
487 return (-1);
488 }
478 buffer_free(&buffer); 489 buffer_free(&buffer);
479 return (1); 490 return (1);
480} 491}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-30 04:16:51 +0000