summaryrefslogtreecommitdiff
path: root/auth-pam.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth-pam.c')
-rw-r--r--auth-pam.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 701d85b64..ec3b74951 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0;
169static int sshpam_account_status = -1; 169static int sshpam_account_status = -1;
170static char **sshpam_env = NULL; 170static char **sshpam_env = NULL;
171static Authctxt *sshpam_authctxt = NULL; 171static Authctxt *sshpam_authctxt = NULL;
172static char badpw[] = "\b\n\r\177INCORRECT";
172 173
173/* Some PAM implementations don't implement this */ 174/* Some PAM implementations don't implement this */
174#ifndef HAVE_PAM_GETENVLIST 175#ifndef HAVE_PAM_GETENVLIST
@@ -644,7 +645,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
644 return (-1); 645 return (-1);
645 } 646 }
646 buffer_init(&buffer); 647 buffer_init(&buffer);
647 buffer_put_cstring(&buffer, *resp); 648 if (sshpam_authctxt->valid)
649 buffer_put_cstring(&buffer, *resp);
650 else
651 buffer_put_cstring(&buffer, badpw);
648 if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { 652 if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
649 buffer_free(&buffer); 653 buffer_free(&buffer);
650 return (-1); 654 return (-1);