Commit 142a0f8a authored by Matt Johnston's avatar Matt Johnston
Browse files

Send PAM error messages as a banner messages

Patch from Martin Donnelly, modified.
parent d1dec41f
......@@ -36,6 +36,7 @@ void cli_authinitialise();
void recv_msg_userauth_request();
void send_msg_userauth_failure(int partial, int incrfail);
void send_msg_userauth_success();
void send_msg_userauth_banner(buffer *msg);
void svr_auth_password();
void svr_auth_pubkey();
void svr_auth_pam();
......
......@@ -37,7 +37,6 @@
static void authclear();
static int checkusername(unsigned char *username, unsigned int userlen);
static void send_msg_userauth_banner();
/* initialise the first time for a session, resetting all parameters */
void svr_authinitialise() {
......@@ -82,24 +81,18 @@ static void authclear() {
/* Send a banner message if specified to the client. The client might
* ignore this, but possibly serves as a legal "no trespassing" sign */
static void send_msg_userauth_banner() {
void send_msg_userauth_banner(buffer *banner) {
TRACE(("enter send_msg_userauth_banner"))
if (svr_opts.banner == NULL) {
TRACE(("leave send_msg_userauth_banner: banner is NULL"))
return;
}
CHECKCLEARTOWRITE();
buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
svr_opts.banner->len), svr_opts.banner->len);
buf_putstring(ses.writepayload, buf_getptr(banner, banner->len),
banner->len);
buf_putstring(ses.writepayload, "en", 2);
encrypt_packet();
buf_free(svr_opts.banner);
svr_opts.banner = NULL;
TRACE(("leave send_msg_userauth_banner"))
}
......@@ -122,7 +115,9 @@ void recv_msg_userauth_request() {
/* send the banner if it exists, it will only exist once */
if (svr_opts.banner) {
send_msg_userauth_banner();
send_msg_userauth_banner(svr_opts.banner);
buf_free(svr_opts.banner);
svr_opts.banner = NULL;
}
username = buf_getstring(ses.payload, &userlen);
......
......@@ -142,6 +142,22 @@ pamConvFunc(int num_msg,
(*respp) = resp;
break;
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
if (msg_len > 0) {
buffer * pam_err = buf_new(msg_len + 4);
buf_setpos(pam_err, 0);
buf_putbytes(pam_err, "\r\n", 2);
buf_putbytes(pam_err, (*msg)->msg, msg_len);
buf_putbytes(pam_err, "\r\n", 2);
buf_setpos(pam_err, 0);
send_msg_userauth_banner(pam_err);
buf_free(pam_err);
}
break;
default:
TRACE(("Unknown message type"))
rc = PAM_CONV_ERR;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment