tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-28 08:14:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Always send any PAM account messages.

Browse Source 
If the PAM account stack reaturns any messages, send them to the user
not just if the check succeeds.  bz#2049, ok djm@
This commit is contained in:
Darren Tucker 2020-08-07 17:12:16 +10:00
parent a09e98dcae
commit ed6bef77f5
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
auth2.c
View File

@ -390,10 +390,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
#ifdef USE_PAM #ifdef USE_PAM
if (options.use_pam && authenticated) { if (options.use_pam && authenticated) {
int r; int r, success = PRIVSEP(do_pam_account());
if (!PRIVSEP(do_pam_account())) { /* If PAM returned a message, send it to the user. */
/* if PAM returned a message, send it to the user */
if (sshbuf_len(loginmsg) > 0) { if (sshbuf_len(loginmsg) > 0) {
if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
fatal("%s: buffer error: %s", fatal("%s: buffer error: %s",
@ -404,6 +403,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
"%s: send PAM banner", __func__); "%s: send PAM banner", __func__);
} }
} }
if (!success) {
fatal("Access denied for user %s by PAM account " fatal("Access denied for user %s by PAM account "
"configuration", authctxt->user); "configuration", authctxt->user);
} }