1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
#include "includes.h"
RCSID("$Id: auth2-pam.c,v 1.7 2001/01/30 23:50:49 djm Exp $");
#ifdef USE_PAM
#include <security/pam_appl.h>
#include "ssh.h"
#include "ssh2.h"
#include "auth.h"
#include "packet.h"
#include "xmalloc.h"
#include "dispatch.h"
#include "log.h"
struct {
int finished, num_received, num_expected;
int *prompts;
struct pam_response *responses;
} context_pam2 = {0, 0, 0, NULL};
static int do_conversation2(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
static struct pam_conv
conv2 = {
do_conversation2,
NULL,
};
void input_userauth_info_response_pam(int type, int plen, void *ctxt);
int
auth2_pam(Authctxt *authctxt)
{
int retval = -1;
if (authctxt->user == NULL)
fatal("auth2_pam: internal error: no user");
conv2.appdata_ptr = authctxt;
pam_set_conv(&conv2);
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
&input_userauth_info_response_pam);
retval = (do_pam_authenticate(0) == PAM_SUCCESS);
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
return retval;
}
static int
do_conversation2(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr)
{
int echo = 0, i = 0, j = 0, done = 0;
char *tmp = NULL, *text = NULL;
context_pam2.finished = 0;
context_pam2.num_received = 0;
context_pam2.num_expected = 0;
context_pam2.prompts = xmalloc(sizeof(int) * num_msg);
context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg);
memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg);
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(""); /* Name */
packet_put_cstring(""); /* Instructions */
packet_put_cstring(""); /* Language */
for (i = 0, j = 0; i < num_msg; i++) {
if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) ||
(PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) ||
(i == num_msg - 1)) {
j++;
}
}
packet_put_int(j); /* Number of prompts. */
context_pam2.num_expected = j;
for (i = 0, j = 0; i < num_msg; i++) {
switch(PAM_MSG_MEMBER(msg, i, msg_style)) {
case PAM_PROMPT_ECHO_ON:
echo = 1;
break;
case PAM_PROMPT_ECHO_OFF:
echo = 0;
break;
default:
echo = 0;
break;
}
if(text) {
tmp = xmalloc(strlen(text) + strlen(PAM_MSG_MEMBER(msg, i, msg)) + 2);
strcpy(tmp, text);
strcat(tmp, "\n");
strcat(tmp, PAM_MSG_MEMBER(msg, i, msg));
xfree(text);
text = tmp;
tmp = NULL;
} else {
text = xstrdup(PAM_MSG_MEMBER(msg, i, msg));
}
if((PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_ON) ||
(PAM_MSG_MEMBER(msg, i, msg_style) == PAM_PROMPT_ECHO_OFF) ||
(i == num_msg - 1)) {
debug("sending prompt ssh-%d(pam-%d) = \"%s\"",
j, i, text);
context_pam2.prompts[j++] = i;
packet_put_cstring(text);
packet_put_char(echo);
xfree(text);
text = NULL;
}
}
packet_send();
packet_write_wait();
/* Grabbing control of execution and spinning until we get what
* we want is probably rude, but it seems to work properly, and
* the client *should* be in lock-step with us, so the loop should
* only be traversed once. */
while(context_pam2.finished == 0) {
done = 1;
dispatch_run(DISPATCH_BLOCK, &done, appdata_ptr);
if(context_pam2.finished == 0) {
debug("extra packet during conversation");
}
}
if(context_pam2.num_received == context_pam2.num_expected) {
*resp = context_pam2.responses;
return PAM_SUCCESS;
} else {
return PAM_CONV_ERR;
}
}
void
input_userauth_info_response_pam(int type, int plen, void *ctxt)
{
Authctxt *authctxt = ctxt;
unsigned int nresp = 0, rlen = 0, i = 0;
char *resp;
if (authctxt == NULL)
fatal("input_userauth_info_response_pam: no authentication context");
if (authctxt->attempt++ >= AUTH_FAIL_MAX)
packet_disconnect("too many failed userauth_requests");
nresp = packet_get_int(); /* Number of responses. */
debug("got %d responses", nresp);
for (i = 0; i < nresp; i++) {
int j = context_pam2.prompts[i];
resp = packet_get_string(&rlen);
context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
context_pam2.responses[j].resp = xstrdup(resp);
xfree(resp);
context_pam2.num_received++;
}
context_pam2.finished = 1;
packet_done();
}
#endif
|