From 3b623d900e15b9565c3c5448c2c172ae467132b7 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 26 Dec 1999 13:31:06 +1100
Subject: Better fix for PAM logging

---
 sshd.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/sshd.c b/sshd.c
index c06d914e6..66df93d77 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.41 1999/12/25 23:21:48 damien Exp $");
+RCSID("$Id: sshd.c,v 1.42 1999/12/26 02:31:06 damien Exp $");
 
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -146,7 +146,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
 #ifdef HAVE_LIBPAM
 static int pamconv(int num_msg, const struct pam_message **msg,
 	  struct pam_response **resp, void *appdata_ptr);
-int do_pam_auth(const char *user, const char *password);
+int do_pam_auth(const char *user, const char *password, int quiet);
 void do_pam_account(char *username, char *remote_user);
 void do_pam_session(char *username, char *ttyname);
 void pam_cleanup_proc(void *context);
@@ -238,19 +238,18 @@ void pam_cleanup_proc(void *context)
 	}
 }
 
-int do_pam_auth(const char *user, const char *password)
+int do_pam_auth(const char *user, const char *password, int quiet)
 {
 	int pam_retval;
 	
 	pampasswd = password;
 	
-	pam_retval = pam_authenticate((pam_handle_t *)pamh, 0);
+	pam_retval = pam_authenticate((pam_handle_t *)pamh, quiet?PAM_SILENT:0);
 	if (pam_retval == PAM_SUCCESS) {
 		log("PAM Password authentication accepted for user \"%.100s\"", user);
 		return 1;
 	} else {
-		/* Don't log failure for auth attempts with empty password */
-		if (password[0] != '\0')
+		if (!quiet)
 			log("PAM Password authentication for \"%.100s\" failed: %s", 
 				user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 		return 0;
@@ -1313,7 +1312,7 @@ do_authentication(char *user)
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif /* KRB4 */
 #ifdef HAVE_LIBPAM
-	    do_pam_auth(pw->pw_name, "")) {
+	    do_pam_auth(pw->pw_name, "", 1)) {
 #else /* HAVE_LIBPAM */
 	    auth_password(pw, "")) {
 #endif /* HAVE_LIBPAM */
@@ -1524,7 +1523,7 @@ do_authloop(struct passwd * pw)
 
 #ifdef HAVE_LIBPAM
 			/* Do PAM auth with password */
-			authenticated = do_pam_auth(pw->pw_name, password);
+			authenticated = do_pam_auth(pw->pw_name, password, 0);
 #else /* HAVE_LIBPAM */
 			/* Try authentication with the password. */
 			authenticated = auth_password(pw, password);
-- 
cgit v1.2.3