From 5cf8ef735c5d7d76c1c69e491419b1311ec1575b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 17 Feb 2004 23:20:07 +1100 Subject: [PATCH] - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for display after login. Should fix problems like pam_motd not displaying anything, noticed by cjwatson at debian.org. ok djm@ --- ChangeLog | 5 ++++- auth-pam.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2bb226cab..aa9e26c22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ - (djm) Bug #698: Specify FILE: for KRB5CCNAME; patch from stadal@suse.cz and simon@sxw.org.uk - (dtucker) [auth-pam.c] Tidy up PAM debugging. ok djm@ + - (dtucker) [auth-pam.c] Store output from pam_session and pam_setcred for + display after login. Should fix problems like pam_motd not displaying + anything, noticed by cjwatson at debian.org. ok djm@ 20040212 - (tim) [Makefile.in regress/sftp-badcmds.sh regress/test-exec.sh] @@ -1863,4 +1866,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3232 2004/02/17 09:46:59 dtucker Exp $ +$Id: ChangeLog,v 1.3233 2004/02/17 12:20:07 dtucker Exp $ diff --git a/auth-pam.c b/auth-pam.c index 0ab5554a3..397f7d3a8 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -31,7 +31,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.94 2004/02/17 09:46:59 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.95 2004/02/17 12:20:08 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -823,12 +823,57 @@ do_pam_chauthtok(void) pam_strerror(sshpam_handle, sshpam_err)); } +static int +pam_store_conv(int n, const struct pam_message **msg, + struct pam_response **resp, void *data) +{ + struct pam_response *reply; + int i; + size_t len; + + debug3("PAM: %s called with %d messages", __func__, n); + *resp = NULL; + + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + + if ((reply = malloc(n * sizeof(*reply))) == NULL) + return (PAM_CONV_ERR); + memset(reply, 0, n * sizeof(*reply)); + + for (i = 0; i < n; ++i) { + switch (PAM_MSG_MEMBER(msg, i, msg_style)) { + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + len = strlen(PAM_MSG_MEMBER(msg, i, msg)); + buffer_append(&loginmsg, PAM_MSG_MEMBER(msg, i, msg), len); + buffer_append(&loginmsg, "\n", 1 ); + reply[i].resp_retcode = PAM_SUCCESS; + break; + default: + goto fail; + } + } + *resp = reply; + return (PAM_SUCCESS); + + fail: + for(i = 0; i < n; i++) { + if (reply[i].resp != NULL) + xfree(reply[i].resp); + } + xfree(reply); + return (PAM_CONV_ERR); +} + +static struct pam_conv store_conv = { pam_store_conv, NULL }; + void do_pam_session(void) { debug3("PAM: opening session"); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&tty_conv); + (const void *)&store_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err));