tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- (djm) Bug #632: Don't call pam_end indirectly from within kbd-int 

conversation function
This commit is contained in:
Damien Miller 2003-11-17 21:27:55 +11:00
parent 51bf11fcc9
commit 9bdba70350
2 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -43,6 +43,8 @@
- djm@cvs.openbsd.org 2003/11/17 09:45:39 - djm@cvs.openbsd.org 2003/11/17 09:45:39
[msg.c msg.h sshconnect2.c ssh-keysign.c] [msg.c msg.h sshconnect2.c ssh-keysign.c]
return error on msg send/receive failure (rather than fatal); ok markus@ return error on msg send/receive failure (rather than fatal); ok markus@
- (djm) Bug #632: Don't call pam_end indirectly from within kbd-int
conversation function
20031115 20031115
- (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and
@ -1463,4 +1465,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.3109 2003/11/17 10:20:47 djm Exp $ $Id: ChangeLog,v 1.3110 2003/11/17 10:27:55 djm Exp $

35
auth-pam.c
View File

@ -31,7 +31,7 @@
/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
#include "includes.h" #include "includes.h"
RCSID("$Id: auth-pam.c,v 1.78 2003/11/13 08:52:31 dtucker Exp $"); RCSID("$Id: auth-pam.c,v 1.79 2003/11/17 10:27:55 djm Exp $");
#ifdef USE_PAM #ifdef USE_PAM
#include <security/pam_appl.h> #include <security/pam_appl.h>
@ -156,9 +156,11 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
case PAM_PROMPT_ECHO_OFF: case PAM_PROMPT_ECHO_OFF:
buffer_put_cstring(&buffer, buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg)); PAM_MSG_MEMBER(msg, i, msg));
ssh_msg_send(ctxt->pam_csock, if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer); PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
ssh_msg_recv(ctxt->pam_csock, &buffer); goto fail;
if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
goto fail;
if (buffer_get_char(&buffer) != PAM_AUTHTOK) if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail; goto fail;
reply[i].resp = buffer_get_string(&buffer, NULL); reply[i].resp = buffer_get_string(&buffer, NULL);
@ -166,9 +168,11 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_ON:
buffer_put_cstring(&buffer, buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg)); PAM_MSG_MEMBER(msg, i, msg));
ssh_msg_send(ctxt->pam_csock, if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer); PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
ssh_msg_recv(ctxt->pam_csock, &buffer); goto fail;
if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1)
goto fail;
if (buffer_get_char(&buffer) != PAM_AUTHTOK) if (buffer_get_char(&buffer) != PAM_AUTHTOK)
goto fail; goto fail;
reply[i].resp = buffer_get_string(&buffer, NULL); reply[i].resp = buffer_get_string(&buffer, NULL);
@ -176,14 +180,16 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
case PAM_ERROR_MSG: case PAM_ERROR_MSG:
buffer_put_cstring(&buffer, buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg)); PAM_MSG_MEMBER(msg, i, msg));
ssh_msg_send(ctxt->pam_csock, if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer); PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
goto fail;
break; break;
case PAM_TEXT_INFO: case PAM_TEXT_INFO:
buffer_put_cstring(&buffer, buffer_put_cstring(&buffer,
PAM_MSG_MEMBER(msg, i, msg)); PAM_MSG_MEMBER(msg, i, msg));
ssh_msg_send(ctxt->pam_csock, if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer); PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1)
goto fail;
break; break;
default: default:
goto fail; goto fail;
@ -232,6 +238,7 @@ sshpam_thread(void *ctxtp)
if (sshpam_err != PAM_SUCCESS) if (sshpam_err != PAM_SUCCESS)
goto auth_fail; goto auth_fail;
buffer_put_cstring(&buffer, "OK"); buffer_put_cstring(&buffer, "OK");
/* XXX - can't do much about an error here */
ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer);
buffer_free(&buffer); buffer_free(&buffer);
pthread_exit(NULL); pthread_exit(NULL);
@ -239,6 +246,7 @@ sshpam_thread(void *ctxtp)
auth_fail: auth_fail:
buffer_put_cstring(&buffer, buffer_put_cstring(&buffer,
pam_strerror(sshpam_handle, sshpam_err)); pam_strerror(sshpam_handle, sshpam_err));
/* XXX - can't do much about an error here */
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer);
buffer_free(&buffer); buffer_free(&buffer);
pthread_exit(NULL); pthread_exit(NULL);
@ -474,7 +482,10 @@ sshpam_respond(void *ctx, u_int num, char **resp)
} }
buffer_init(&buffer); buffer_init(&buffer);
buffer_put_cstring(&buffer, *resp); buffer_put_cstring(&buffer, *resp);
ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer); if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
buffer_free(&buffer);
return (-1);
}
buffer_free(&buffer); buffer_free(&buffer);
return (1); return (1);
} }