diff options
Diffstat (limited to 'auth2-pam.c')
-rw-r--r-- | auth2-pam.c | 113 |
1 files changed, 53 insertions, 60 deletions
diff --git a/auth2-pam.c b/auth2-pam.c index d7a5ff7a4..24e0e0406 100644 --- a/auth2-pam.c +++ b/auth2-pam.c | |||
@@ -1,5 +1,5 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$Id: auth2-pam.c,v 1.7 2001/01/30 23:50:49 djm Exp $"); | 2 | RCSID("$Id: auth2-pam.c,v 1.8 2001/02/07 01:58:33 djm Exp $"); |
3 | 3 | ||
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
5 | #include <security/pam_appl.h> | 5 | #include <security/pam_appl.h> |
@@ -7,28 +7,28 @@ RCSID("$Id: auth2-pam.c,v 1.7 2001/01/30 23:50:49 djm Exp $"); | |||
7 | #include "ssh.h" | 7 | #include "ssh.h" |
8 | #include "ssh2.h" | 8 | #include "ssh2.h" |
9 | #include "auth.h" | 9 | #include "auth.h" |
10 | #include "auth-pam.h" | ||
10 | #include "packet.h" | 11 | #include "packet.h" |
11 | #include "xmalloc.h" | 12 | #include "xmalloc.h" |
12 | #include "dispatch.h" | 13 | #include "dispatch.h" |
13 | #include "log.h" | 14 | #include "log.h" |
14 | 15 | ||
16 | static int do_pam_conversation_kbd_int(int num_msg, | ||
17 | const struct pam_message **msg, struct pam_response **resp, | ||
18 | void *appdata_ptr); | ||
19 | void input_userauth_info_response_pam(int type, int plen, void *ctxt); | ||
20 | |||
15 | struct { | 21 | struct { |
16 | int finished, num_received, num_expected; | 22 | int finished, num_received, num_expected; |
17 | int *prompts; | 23 | int *prompts; |
18 | struct pam_response *responses; | 24 | struct pam_response *responses; |
19 | } context_pam2 = {0, 0, 0, NULL}; | 25 | } context_pam2 = {0, 0, 0, NULL}; |
20 | 26 | ||
21 | static int do_conversation2(int num_msg, const struct pam_message **msg, | 27 | static struct pam_conv conv2 = { |
22 | struct pam_response **resp, void *appdata_ptr); | 28 | do_pam_conversation_kbd_int, |
23 | |||
24 | static struct pam_conv | ||
25 | conv2 = { | ||
26 | do_conversation2, | ||
27 | NULL, | 29 | NULL, |
28 | }; | 30 | }; |
29 | 31 | ||
30 | void input_userauth_info_response_pam(int type, int plen, void *ctxt); | ||
31 | |||
32 | int | 32 | int |
33 | auth2_pam(Authctxt *authctxt) | 33 | auth2_pam(Authctxt *authctxt) |
34 | { | 34 | { |
@@ -41,7 +41,7 @@ auth2_pam(Authctxt *authctxt) | |||
41 | pam_set_conv(&conv2); | 41 | pam_set_conv(&conv2); |
42 | 42 | ||
43 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, | 43 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, |
44 | &input_userauth_info_response_pam); | 44 | &input_userauth_info_response_pam); |
45 | retval = (do_pam_authenticate(0) == PAM_SUCCESS); | 45 | retval = (do_pam_authenticate(0) == PAM_SUCCESS); |
46 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); | 46 | dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL); |
47 | 47 | ||
@@ -49,11 +49,11 @@ auth2_pam(Authctxt *authctxt) | |||
49 | } | 49 | } |
50 | 50 | ||
51 | static int | 51 | static int |
52 | do_conversation2(int num_msg, const struct pam_message **msg, | 52 | do_pam_conversation_kbd_int(int num_msg, const struct pam_message **msg, |
53 | struct pam_response **resp, void *appdata_ptr) | 53 | struct pam_response **resp, void *appdata_ptr) |
54 | { | 54 | { |
55 | int echo = 0, i = 0, j = 0, done = 0; | 55 | int i, j, done; |
56 | char *tmp = NULL, *text = NULL; | 56 | char *text; |
57 | 57 | ||
58 | context_pam2.finished = 0; | 58 | context_pam2.finished = 0; |
59 | context_pam2.num_received = 0; | 59 | context_pam2.num_received = 0; |
@@ -62,53 +62,47 @@ do_conversation2(int num_msg, const struct pam_message **msg, | |||
62 | context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg); | 62 | context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg); |
63 | memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg); | 63 | memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg); |
64 | 64 | ||
65 | packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); | 65 | text = NULL; |
66 | packet_put_cstring(""); /* Name */ | 66 | for (i = 0, context_pam2.num_expected = 0; i < num_msg; i++) { |
67 | packet_put_cstring(""); /* Instructions */ | 67 | int style = PAM_MSG_MEMBER(msg, i, msg_style); |
68 | packet_put_cstring(""); /* Language */ | 68 | switch (style) { |
69 | for (i = 0, j = 0; i < num_msg; i++) { | 69 | case PAM_PROMPT_ECHO_ON: |
70 | if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) || | 70 | case PAM_PROMPT_ECHO_OFF: |
71 | (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) || | 71 | context_pam2.num_expected++; |
72 | (i == num_msg - 1)) { | 72 | break; |
73 | j++; | 73 | case PAM_TEXT_INFO: |
74 | case PAM_ERROR_MSG: | ||
75 | default: | ||
76 | /* Capture all these messages to be sent at once */ | ||
77 | message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); | ||
78 | break; | ||
74 | } | 79 | } |
75 | } | 80 | } |
76 | packet_put_int(j); /* Number of prompts. */ | 81 | |
77 | context_pam2.num_expected = j; | 82 | if (context_pam2.num_expected == 0) |
83 | return PAM_SUCCESS; | ||
84 | |||
85 | packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); | ||
86 | packet_put_cstring(""); /* Name */ | ||
87 | packet_put_cstring(""); /* Instructions */ | ||
88 | packet_put_cstring(""); /* Language */ | ||
89 | packet_put_int(context_pam2.num_expected); | ||
90 | |||
78 | for (i = 0, j = 0; i < num_msg; i++) { | 91 | for (i = 0, j = 0; i < num_msg; i++) { |
79 | switch(PAM_MSG_MEMBER(msg, i, msg_style)) { | 92 | int style = PAM_MSG_MEMBER(msg, i, msg_style); |
80 | case PAM_PROMPT_ECHO_ON: | 93 | |
81 | echo = 1; | 94 | /* Skip messages which don't need a reply */ |
82 | break; | 95 | if (style != PAM_PROMPT_ECHO_ON && style != PAM_PROMPT_ECHO_OFF) |
83 | case PAM_PROMPT_ECHO_OFF: | 96 | continue; |
84 | echo = 0; | 97 | |
85 | break; | 98 | context_pam2.prompts[j++] = i; |
86 | default: | 99 | if (text) { |
87 | echo = 0; | 100 | message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); |
88 | break; | ||
89 | } | ||
90 | if(text) { | ||
91 | tmp = xmalloc(strlen(text) + strlen(PAM_MSG_MEMBER(msg, i, msg)) + 2); | ||
92 | strcpy(tmp, text); | ||
93 | strcat(tmp, "\n"); | ||
94 | strcat(tmp, PAM_MSG_MEMBER(msg, i, msg)); | ||
95 | xfree(text); | ||
96 | text = tmp; | ||
97 | tmp = NULL; | ||
98 | } else { | ||
99 | text = xstrdup(PAM_MSG_MEMBER(msg, i, msg)); | ||
100 | } | ||
101 | if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) || | ||
102 | (PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) || | ||
103 | (i == num_msg - 1)) { | ||
104 | debug("sending prompt ssh-%d(pam-%d) = \"%s\"", | ||
105 | j, i, text); | ||
106 | context_pam2.prompts[j++] = i; | ||
107 | packet_put_cstring(text); | 101 | packet_put_cstring(text); |
108 | packet_put_char(echo); | ||
109 | xfree(text); | ||
110 | text = NULL; | 102 | text = NULL; |
111 | } | 103 | } else |
104 | packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg)); | ||
105 | packet_put_char(style == PAM_PROMPT_ECHO_ON); | ||
112 | } | 106 | } |
113 | packet_send(); | 107 | packet_send(); |
114 | packet_write_wait(); | 108 | packet_write_wait(); |
@@ -120,17 +114,15 @@ do_conversation2(int num_msg, const struct pam_message **msg, | |||
120 | while(context_pam2.finished == 0) { | 114 | while(context_pam2.finished == 0) { |
121 | done = 1; | 115 | done = 1; |
122 | dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr); | 116 | dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr); |
123 | if(context_pam2.finished == 0) { | 117 | if(context_pam2.finished == 0) |
124 | debug("extra packet during conversation"); | 118 | debug("extra packet during conversation"); |
125 | } | ||
126 | } | 119 | } |
127 | 120 | ||
128 | if(context_pam2.num_received == context_pam2.num_expected) { | 121 | if(context_pam2.num_received == context_pam2.num_expected) { |
129 | *resp = context_pam2.responses; | 122 | *resp = context_pam2.responses; |
130 | return PAM_SUCCESS; | 123 | return PAM_SUCCESS; |
131 | } else { | 124 | } else |
132 | return PAM_CONV_ERR; | 125 | return PAM_CONV_ERR; |
133 | } | ||
134 | } | 126 | } |
135 | 127 | ||
136 | void | 128 | void |
@@ -151,6 +143,7 @@ input_userauth_info_response_pam(int type, int plen, void *ctxt) | |||
151 | 143 | ||
152 | for (i = 0; i < nresp; i++) { | 144 | for (i = 0; i < nresp; i++) { |
153 | int j = context_pam2.prompts[i]; | 145 | int j = context_pam2.prompts[i]; |
146 | |||
154 | resp = packet_get_string(&rlen); | 147 | resp = packet_get_string(&rlen); |
155 | context_pam2.responses[j].resp_retcode = PAM_SUCCESS; | 148 | context_pam2.responses[j].resp_retcode = PAM_SUCCESS; |
156 | context_pam2.responses[j].resp = xstrdup(resp); | 149 | context_pam2.responses[j].resp = xstrdup(resp); |