Mercurial > dropbear
comparison svr-authpam.c @ 464:4317be8b7cf9
Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 13 Jan 2008 03:55:59 +0000 |
| parents | 517e76bdfb2d |
| children | d3ea8b9672f0 |
comparison
equal
deleted
inserted
replaced
| 461:db4f6adcb7e2 | 464:4317be8b7cf9 |
|---|---|
| 193 password = buf_getstring(ses.payload, &passwordlen); | 193 password = buf_getstring(ses.payload, &passwordlen); |
| 194 | 194 |
| 195 /* used to pass data to the PAM conversation function - don't bother with | 195 /* used to pass data to the PAM conversation function - don't bother with |
| 196 * strdup() etc since these are touched only by our own conversation | 196 * strdup() etc since these are touched only by our own conversation |
| 197 * function (above) which takes care of it */ | 197 * function (above) which takes care of it */ |
| 198 userData.user = ses.authstate.printableuser; | 198 userData.user = ses.authstate.pw_name; |
| 199 userData.passwd = password; | 199 userData.passwd = password; |
| 200 | 200 |
| 201 /* Init pam */ | 201 /* Init pam */ |
| 202 if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { | 202 if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { |
| 203 dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s\n", | 203 dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s\n", |
| 219 if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) { | 219 if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) { |
| 220 dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", | 220 dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", |
| 221 rc, pam_strerror(pamHandlep, rc)); | 221 rc, pam_strerror(pamHandlep, rc)); |
| 222 dropbear_log(LOG_WARNING, | 222 dropbear_log(LOG_WARNING, |
| 223 "bad PAM password attempt for '%s' from %s", | 223 "bad PAM password attempt for '%s' from %s", |
| 224 ses.authstate.printableuser, | 224 ses.authstate.pw_name, |
| 225 svr_ses.addrstring); | 225 svr_ses.addrstring); |
| 226 send_msg_userauth_failure(0, 1); | 226 send_msg_userauth_failure(0, 1); |
| 227 goto cleanup; | 227 goto cleanup; |
| 228 } | 228 } |
| 229 | 229 |
| 230 if ((rc = pam_acct_mgmt(pamHandlep, 0)) != PAM_SUCCESS) { | 230 if ((rc = pam_acct_mgmt(pamHandlep, 0)) != PAM_SUCCESS) { |
| 231 dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", | 231 dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", |
| 232 rc, pam_strerror(pamHandlep, rc)); | 232 rc, pam_strerror(pamHandlep, rc)); |
| 233 dropbear_log(LOG_WARNING, | 233 dropbear_log(LOG_WARNING, |
| 234 "bad PAM password attempt for '%s' from %s", | 234 "bad PAM password attempt for '%s' from %s", |
| 235 ses.authstate.printableuser, | 235 ses.authstate.pw_name, |
| 236 svr_ses.addrstring); | 236 svr_ses.addrstring); |
| 237 send_msg_userauth_failure(0, 1); | 237 send_msg_userauth_failure(0, 1); |
| 238 goto cleanup; | 238 goto cleanup; |
| 239 } | 239 } |
| 240 | 240 |
| 241 /* successful authentication */ | 241 /* successful authentication */ |
| 242 dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s", | 242 dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s", |
| 243 ses.authstate.printableuser, | 243 ses.authstate.pw_name, |
| 244 svr_ses.addrstring); | 244 svr_ses.addrstring); |
| 245 send_msg_userauth_success(); | 245 send_msg_userauth_success(); |
| 246 | 246 |
| 247 cleanup: | 247 cleanup: |
| 248 if (password != NULL) { | 248 if (password != NULL) { |