diff options
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/auth-pam.c b/auth-pam.c index 701d85b64..ec3b74951 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -169,6 +169,7 @@ static int sshpam_cred_established = 0; | |||
169 | static int sshpam_account_status = -1; | 169 | static int sshpam_account_status = -1; |
170 | static char **sshpam_env = NULL; | 170 | static char **sshpam_env = NULL; |
171 | static Authctxt *sshpam_authctxt = NULL; | 171 | static Authctxt *sshpam_authctxt = NULL; |
172 | static char badpw[] = "\b\n\r\177INCORRECT"; | ||
172 | 173 | ||
173 | /* Some PAM implementations don't implement this */ | 174 | /* Some PAM implementations don't implement this */ |
174 | #ifndef HAVE_PAM_GETENVLIST | 175 | #ifndef HAVE_PAM_GETENVLIST |
@@ -644,7 +645,10 @@ sshpam_respond(void *ctx, u_int num, char **resp) | |||
644 | return (-1); | 645 | return (-1); |
645 | } | 646 | } |
646 | buffer_init(&buffer); | 647 | buffer_init(&buffer); |
647 | buffer_put_cstring(&buffer, *resp); | 648 | if (sshpam_authctxt->valid) |
649 | buffer_put_cstring(&buffer, *resp); | ||
650 | else | ||
651 | buffer_put_cstring(&buffer, badpw); | ||
648 | if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { | 652 | if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { |
649 | buffer_free(&buffer); | 653 | buffer_free(&buffer); |
650 | return (-1); | 654 | return (-1); |