Mercurial > dropbear

annotate svr-authpam.c @ 925:bae0b34bc059 pam

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Better PAM through recursion
author Matt Johnston <matt@ucc.asn.au>
date Wed, 12 Mar 2014 23:40:02 +0800
parents fee485ce81eb
children 696205e3dc99
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1 /*
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
2 * Dropbear SSH
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
3 *
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
4 * Copyright (c) 2004 Martin Carlsson
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
5 * Portions (c) 2004 Matt Johnston
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
6 * All rights reserved.
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
7 *
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
9 * of this software and associated documentation files (the "Software"), to deal
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
10 * in the Software without restriction, including without limitation the rights
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
12 * copies of the Software, and to permit persons to whom the Software is
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
13 * furnished to do so, subject to the following conditions:
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
14 *
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
15 * The above copyright notice and this permission notice shall be included in
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
16 * all copies or substantial portions of the Software.
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
17 *
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
24 * SOFTWARE. */
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
25
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
26 /* Validates a user password using PAM */
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
27
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
28 #include "includes.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
29 #include "session.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
30 #include "buffer.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
31 #include "dbutil.h"
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
32 #include "auth.h"
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
33 #include "ssh.h"
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
34
432
517e76bdfb2d Make sure the #includes for pam only get hit if PAM is enabled.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
35 #ifdef ENABLE_SVR_PAM_AUTH
517e76bdfb2d Make sure the #includes for pam only get hit if PAM is enabled.
Matt Johnston <matt@ucc.asn.au>
parents: 258
diff changeset
36
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
37 #if defined(HAVE_SECURITY_PAM_APPL_H)
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
38 #include <security/pam_appl.h>
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
39 #elif defined (HAVE_PAM_PAM_APPL_H)
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
40 #include <pam/pam_appl.h>
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
41 #endif
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
42
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
43 enum
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
44 {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
45 DROPBEAR_PAM_RETCODE_FILL = 100,
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
46 DROPBEAR_PAM_RETCODE_SKIP = 101,
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
47 };
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
48
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
49
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
50 void recv_msg_userauth_info_response() {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
51 unsigned int i, p;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
52 unsigned int num_ssh_resp;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
53 if (!ses.authstate.pam_response) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
54 /* A response was sent unprompted */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
55 send_msg_userauth_failure(0, 1);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
56 return;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
57 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
58
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
59 if (ses.recursion_count != 2) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
60 dropbear_exit("PAM failure");
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
61 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
62
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
63 num_ssh_resp = buf_getint(ses.payload);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
64 ses.authstate.pam_status = DROPBEAR_SUCCESS;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
65
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
66 for (i = 0, p = 0; i < ses.authstate.pam_num_response; i++) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
67 struct pam_response *resp = ses.authstate.pam_response[i];
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
68 resp->resp = NULL;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
69
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
70 if (resp->resp_retcode == DROPBEAR_PAM_RETCODE_FILL) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
71 if (p >= num_ssh_resp) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
72 TRACE(("Too many PAM responses"))
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
73 ses.authstate.pam_status = DROPBEAR_FAILURE;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
74 } else {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
75 /* TODO convert to UTF8? */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
76 resp->resp = buf_getstring(ses.payload, NULL);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
77 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
78 p++;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
79 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
80 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
81
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
82 if (p != num_ssh_resp) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
83 TRACE(("Not enough PAM responses"))
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
84 ses.authstate.pam_status = DROPBEAR_FAILURE;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
85 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
86
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
87 ses.exit_recursion = 1;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
88 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
89
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
90 static void
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
91 send_msg_userauth_info_request(unsigned int num_msg, const struct pam_message **msgs,
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
92 struct pam_response **respp) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
93 unsigned int i;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
94 unsigned int pos, instruction_size, instruction_count;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
95 CHECKCLEARTOWRITE();
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
96
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
97 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_INFO_REQUEST);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
98
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
99 /* name */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
100 buf_putstring(ses.writepayload, ses.authstate.pw_name, 0);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
101
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
102 /* any informational messages are send as an instruction */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
103 pos = ses.writepayload->pos;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
104 /* will be filled out later if required */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
105 buf_putint(ses.writepayload, 0);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
106 instruction_size = 0;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
107 instruction_count = 0;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
108 for (i = 0; i < num_msg; i++) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
109 const struct pam_message *msg = msgs[i];
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
110 if (msg->msg_style == PAM_ERROR_MSG)
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
111 {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
112 buf_putbytes(ses.writepayload, "Error: ", strlen("Error: "));
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
113 instruction_size += strlen("Error: ");
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
114 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
115 if (msg->msg_style == PAM_ERROR_MSG || msg->msg_style == PAM_TEXT_INFO)
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
116 {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
117 buf_putbytes(ses.writepayload, msg->msg, strlen(msg->msg));
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
118 buf_putbyte(ses.writepayload, '\n');
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
119 instruction_size += strlen(msg->msg)+1;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
120 instruction_count++;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
121 respp[i]->resp_retcode = DROPBEAR_PAM_RETCODE_SKIP;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
122 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
123 else
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
124 {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
125 respp[i]->resp_retcode = DROPBEAR_PAM_RETCODE_FILL;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
126 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
127 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
128
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
129 if (instruction_size > 0)
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
130 {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
131 /* Remove trailing newline */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
132 instruction_size--;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
133 buf_incrlen(ses.writepayload, -1);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
134
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
135 /* Put the instruction string length */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
136 buf_setpos(ses.writepayload, pos);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
137 buf_putint(ses.writepayload, instruction_size);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
138 buf_setpos(ses.writepayload, ses.writepayload->len);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
139 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
140
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
141 /* language (deprecated) */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
142 buf_putstring(ses.writepayload, "", 0);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
143
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
144 /* num-prompts */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
145 buf_putint(ses.writepayload, num_msg-instruction_count);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
146
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
147 for (i = 0; i < num_msg; i++) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
148 const struct pam_message *msg = msgs[i];
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
149 if (msg->msg_style != PAM_PROMPT_ECHO_OFF && msg->msg_style != PAM_PROMPT_ECHO_ON) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
150 /* was handled in "instruction" above */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
151 continue;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
152 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
153
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
154 /* prompt */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
155 buf_putstring(ses.writepayload, msg->msg, strlen(msg->msg));
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
156
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
157 /* echo */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
158 buf_putbool(ses.writepayload, msg->msg_style == PAM_PROMPT_ECHO_ON);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
159 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
160
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
161 encrypt_packet();
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
162 }
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
163
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
164 /* PAM conversation function - for now we only handle one message */
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
165 int
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
166 pamConvFunc(int num_msg,
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
167 const struct pam_message **msgs,
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
168 struct pam_response **respp,
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
169 void *UNUSED(appdata_ptr)) {
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
170
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
171 int ret = PAM_SYSTEM_ERR;
226
9a9c6d633972 channel.h: make definition extern
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
172
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
173 TRACE(("enter pamConvFunc"))
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
174
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
175 if (ses.recursion_count != 1) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
176 dropbear_exit("PAM failure");
226
9a9c6d633972 channel.h: make definition extern
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
177 }
9a9c6d633972 channel.h: make definition extern
Matt Johnston <matt@ucc.asn.au>
parents: 179
diff changeset
178
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
179 *respp = m_malloc(sizeof(struct pam_response) * num_msg);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
180
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
181 send_msg_userauth_info_request(num_msg, msgs, respp);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
182
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
183 ses.authstate.pam_num_response = num_msg;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
184 ses.authstate.pam_response = respp;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
185 ses.authstate.pam_status = DROPBEAR_FAILURE;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
186
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
187 buf_free(ses.payload);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
188 ses.payload = NULL;
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
189
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
190 /* Recurse! This will return once a SSH_MSG_USERAUTH_INFO_RESPONSE
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
191 has been received, with the ses.authstate.pam_* fields populated */
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
192 session_loop();
121
9337c9f9a607 PAM improvements
Matt Johnston <matt@ucc.asn.au>
parents: 119
diff changeset
193
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
194 if (ses.authstate.pam_status == DROPBEAR_FAILURE) {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
195 ret = PAM_CONV_ERR;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
196 m_free(*respp);
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
197 } else {
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
198 ses.authstate.pam_response = NULL;
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
199 ret = PAM_SUCCESS;
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
200 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
201
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
202 return ret;
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
203 }
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
204
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
205 void svr_auth_pam() {
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
206 int rc;
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
207 struct pam_conv pamConv = {
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
208 pamConvFunc,
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
209 NULL
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
210 };
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
211
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
212 pam_handle_t* pamHandlep = NULL;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
213
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
214 /* Ignore the payload, it has "language" and "submethods" */
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
215
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
216 /* Init pam */
925
bae0b34bc059 Better PAM through recursion
Matt Johnston <matt@ucc.asn.au>
parents: 819
diff changeset
217 if ((rc = pam_start("sshd", ses.authstate.pw_name, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
819
fee485ce81eb Get rid of spurious newlines in pam log messages
Matt Johnston <matt@ucc.asn.au>
parents: 818
diff changeset
218 dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s",
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
219 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
220 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
221 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
222
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
223 /* just to set it to something */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
224 if ((rc = pam_set_item(pamHandlep, PAM_TTY, "ssh") != PAM_SUCCESS)) {
819
fee485ce81eb Get rid of spurious newlines in pam log messages
Matt Johnston <matt@ucc.asn.au>
parents: 818
diff changeset
225 dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s",
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
226 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
227 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
228 }
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
229
573
d3ea8b9672f0 - Test for pam_fail_delay() function in configure
Matt Johnston <matt@ucc.asn.au>
parents: 464
diff changeset
230 #ifdef HAVE_PAM_FAIL_DELAY
d3ea8b9672f0 - Test for pam_fail_delay() function in configure
Matt Johnston <matt@ucc.asn.au>
parents: 464
diff changeset
231 /* We have our own random delay code already, disable PAM's */
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
232 (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */);
573
d3ea8b9672f0 - Test for pam_fail_delay() function in configure
Matt Johnston <matt@ucc.asn.au>
parents: 464
diff changeset
233 #endif
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
234
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
235 /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
236
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
237 if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) {
819
fee485ce81eb Get rid of spurious newlines in pam log messages
Matt Johnston <matt@ucc.asn.au>
parents: 818
diff changeset
238 dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s",
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
239 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
240 dropbear_log(LOG_WARNING,
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 573
diff changeset
241 "Bad PAM password attempt for '%s' from %s",
464
4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
Matt Johnston <matt@ucc.asn.au>
parents: 432
diff changeset
242 ses.authstate.pw_name,
158
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
243 svr_ses.addrstring);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
244 send_msg_userauth_failure(0, 1);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
245 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
246 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
247
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
248 if ((rc = pam_acct_mgmt(pamHandlep, 0)) != PAM_SUCCESS) {
819
fee485ce81eb Get rid of spurious newlines in pam log messages
Matt Johnston <matt@ucc.asn.au>
parents: 818
diff changeset
249 dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s",
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
250 rc, pam_strerror(pamHandlep, rc));
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
251 dropbear_log(LOG_WARNING,
594
a98a2138364a Improve capitalisation for all logged strings
Matt Johnston <matt@ucc.asn.au>
parents: 573
diff changeset
252 "Bad PAM password attempt for '%s' from %s",
464
4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
Matt Johnston <matt@ucc.asn.au>
parents: 432
diff changeset
253 ses.authstate.pw_name,
158
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
254 svr_ses.addrstring);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
255 send_msg_userauth_failure(0, 1);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
256 goto cleanup;
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
257 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
258
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
259 /* successful authentication */
158
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
260 dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
464
4317be8b7cf9 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
Matt Johnston <matt@ucc.asn.au>
parents: 432
diff changeset
261 ses.authstate.pw_name,
158
364a75cfebab Log the IP along with auth success/fail attempts
Matt Johnston <matt@ucc.asn.au>
parents: 131
diff changeset
262 svr_ses.addrstring);
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
263 send_msg_userauth_success();
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
264
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
265 cleanup:
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
266 if (pamHandlep != NULL) {
165
0cfba3034be5 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place
Matt Johnston <matt@ucc.asn.au>
parents: 158
diff changeset
267 TRACE(("pam_end"))
119
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
268 (void) pam_end(pamHandlep, 0 /* pam_status */);
3394a7cb30cd propagate of 08347df3bca787bd3621602fe2b466c85c9dc3e2 and 717950f4061f1123659ee87c7c168805af920ab7 from branch 'matt.dbclient.rez' to 'matt.dbclient.authpam'
Matt Johnston <matt@ucc.asn.au>
parents: 57
diff changeset
269 }
57
3b2a5a1c4347 svr-authpam code merged and works. needs tidying a log
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
270 }
127
33d976eeb859 put the #ifdefs back in for authpam
Matt Johnston <matt@ucc.asn.au>
parents: 121
diff changeset
271
33d976eeb859 put the #ifdefs back in for authpam
Matt Johnston <matt@ucc.asn.au>
parents: 121
diff changeset
272 #endif /* ENABLE_SVR_PAM_AUTH */