diff options
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/auth-pam.c b/auth-pam.c index 1f0b791ed..4d2f9c597 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -31,7 +31,7 @@ | |||
31 | 31 | ||
32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ | 32 | /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ |
33 | #include "includes.h" | 33 | #include "includes.h" |
34 | RCSID("$Id: auth-pam.c,v 1.78 2003/11/13 08:52:31 dtucker Exp $"); | 34 | RCSID("$Id: auth-pam.c,v 1.79 2003/11/17 10:27:55 djm Exp $"); |
35 | 35 | ||
36 | #ifdef USE_PAM | 36 | #ifdef USE_PAM |
37 | #include <security/pam_appl.h> | 37 | #include <security/pam_appl.h> |
@@ -156,9 +156,11 @@ sshpam_thread_conv(int n, const struct pam_message **msg, | |||
156 | case PAM_PROMPT_ECHO_OFF: | 156 | case PAM_PROMPT_ECHO_OFF: |
157 | buffer_put_cstring(&buffer, | 157 | buffer_put_cstring(&buffer, |
158 | PAM_MSG_MEMBER(msg, i, msg)); | 158 | PAM_MSG_MEMBER(msg, i, msg)); |
159 | ssh_msg_send(ctxt->pam_csock, | 159 | if (ssh_msg_send(ctxt->pam_csock, |
160 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer); | 160 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) |
161 | ssh_msg_recv(ctxt->pam_csock, &buffer); | 161 | goto fail; |
162 | if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) | ||
163 | goto fail; | ||
162 | if (buffer_get_char(&buffer) != PAM_AUTHTOK) | 164 | if (buffer_get_char(&buffer) != PAM_AUTHTOK) |
163 | goto fail; | 165 | goto fail; |
164 | reply[i].resp = buffer_get_string(&buffer, NULL); | 166 | reply[i].resp = buffer_get_string(&buffer, NULL); |
@@ -166,9 +168,11 @@ sshpam_thread_conv(int n, const struct pam_message **msg, | |||
166 | case PAM_PROMPT_ECHO_ON: | 168 | case PAM_PROMPT_ECHO_ON: |
167 | buffer_put_cstring(&buffer, | 169 | buffer_put_cstring(&buffer, |
168 | PAM_MSG_MEMBER(msg, i, msg)); | 170 | PAM_MSG_MEMBER(msg, i, msg)); |
169 | ssh_msg_send(ctxt->pam_csock, | 171 | if (ssh_msg_send(ctxt->pam_csock, |
170 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer); | 172 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) |
171 | ssh_msg_recv(ctxt->pam_csock, &buffer); | 173 | goto fail; |
174 | if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) | ||
175 | goto fail; | ||
172 | if (buffer_get_char(&buffer) != PAM_AUTHTOK) | 176 | if (buffer_get_char(&buffer) != PAM_AUTHTOK) |
173 | goto fail; | 177 | goto fail; |
174 | reply[i].resp = buffer_get_string(&buffer, NULL); | 178 | reply[i].resp = buffer_get_string(&buffer, NULL); |
@@ -176,14 +180,16 @@ sshpam_thread_conv(int n, const struct pam_message **msg, | |||
176 | case PAM_ERROR_MSG: | 180 | case PAM_ERROR_MSG: |
177 | buffer_put_cstring(&buffer, | 181 | buffer_put_cstring(&buffer, |
178 | PAM_MSG_MEMBER(msg, i, msg)); | 182 | PAM_MSG_MEMBER(msg, i, msg)); |
179 | ssh_msg_send(ctxt->pam_csock, | 183 | if (ssh_msg_send(ctxt->pam_csock, |
180 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer); | 184 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) |
185 | goto fail; | ||
181 | break; | 186 | break; |
182 | case PAM_TEXT_INFO: | 187 | case PAM_TEXT_INFO: |
183 | buffer_put_cstring(&buffer, | 188 | buffer_put_cstring(&buffer, |
184 | PAM_MSG_MEMBER(msg, i, msg)); | 189 | PAM_MSG_MEMBER(msg, i, msg)); |
185 | ssh_msg_send(ctxt->pam_csock, | 190 | if (ssh_msg_send(ctxt->pam_csock, |
186 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer); | 191 | PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) |
192 | goto fail; | ||
187 | break; | 193 | break; |
188 | default: | 194 | default: |
189 | goto fail; | 195 | goto fail; |
@@ -232,6 +238,7 @@ sshpam_thread(void *ctxtp) | |||
232 | if (sshpam_err != PAM_SUCCESS) | 238 | if (sshpam_err != PAM_SUCCESS) |
233 | goto auth_fail; | 239 | goto auth_fail; |
234 | buffer_put_cstring(&buffer, "OK"); | 240 | buffer_put_cstring(&buffer, "OK"); |
241 | /* XXX - can't do much about an error here */ | ||
235 | ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); | 242 | ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); |
236 | buffer_free(&buffer); | 243 | buffer_free(&buffer); |
237 | pthread_exit(NULL); | 244 | pthread_exit(NULL); |
@@ -239,6 +246,7 @@ sshpam_thread(void *ctxtp) | |||
239 | auth_fail: | 246 | auth_fail: |
240 | buffer_put_cstring(&buffer, | 247 | buffer_put_cstring(&buffer, |
241 | pam_strerror(sshpam_handle, sshpam_err)); | 248 | pam_strerror(sshpam_handle, sshpam_err)); |
249 | /* XXX - can't do much about an error here */ | ||
242 | ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); | 250 | ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); |
243 | buffer_free(&buffer); | 251 | buffer_free(&buffer); |
244 | pthread_exit(NULL); | 252 | pthread_exit(NULL); |
@@ -474,7 +482,10 @@ sshpam_respond(void *ctx, u_int num, char **resp) | |||
474 | } | 482 | } |
475 | buffer_init(&buffer); | 483 | buffer_init(&buffer); |
476 | buffer_put_cstring(&buffer, *resp); | 484 | buffer_put_cstring(&buffer, *resp); |
477 | ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer); | 485 | if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { |
486 | buffer_free(&buffer); | ||
487 | return (-1); | ||
488 | } | ||
478 | buffer_free(&buffer); | 489 | buffer_free(&buffer); |
479 | return (1); | 490 | return (1); |
480 | } | 491 | } |