Mercurial > dropbear
comparison svr-auth.c @ 818:8fe36617bf4e
Send PAM error messages as a banner messages
Patch from Martin Donnelly, modified.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 03 Oct 2013 23:04:11 +0800 |
| parents | d7784616409a |
| children | 4095b6d7c9fc |
comparison
equal
deleted
inserted
replaced
| 817:a625f9e135a4 | 818:8fe36617bf4e |
|---|---|
| 35 #include "runopts.h" | 35 #include "runopts.h" |
| 36 #include "random.h" | 36 #include "random.h" |
| 37 | 37 |
| 38 static void authclear(); | 38 static void authclear(); |
| 39 static int checkusername(unsigned char *username, unsigned int userlen); | 39 static int checkusername(unsigned char *username, unsigned int userlen); |
| 40 static void send_msg_userauth_banner(); | |
| 41 | 40 |
| 42 /* initialise the first time for a session, resetting all parameters */ | 41 /* initialise the first time for a session, resetting all parameters */ |
| 43 void svr_authinitialise() { | 42 void svr_authinitialise() { |
| 44 | 43 |
| 45 ses.authstate.failcount = 0; | 44 ses.authstate.failcount = 0; |
| 80 | 79 |
| 81 } | 80 } |
| 82 | 81 |
| 83 /* Send a banner message if specified to the client. The client might | 82 /* Send a banner message if specified to the client. The client might |
| 84 * ignore this, but possibly serves as a legal "no trespassing" sign */ | 83 * ignore this, but possibly serves as a legal "no trespassing" sign */ |
| 85 static void send_msg_userauth_banner() { | 84 void send_msg_userauth_banner(buffer *banner) { |
| 86 | 85 |
| 87 TRACE(("enter send_msg_userauth_banner")) | 86 TRACE(("enter send_msg_userauth_banner")) |
| 88 if (svr_opts.banner == NULL) { | |
| 89 TRACE(("leave send_msg_userauth_banner: banner is NULL")) | |
| 90 return; | |
| 91 } | |
| 92 | 87 |
| 93 CHECKCLEARTOWRITE(); | 88 CHECKCLEARTOWRITE(); |
| 94 | 89 |
| 95 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); | 90 buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); |
| 96 buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner, | 91 buf_putstring(ses.writepayload, buf_getptr(banner, banner->len), |
| 97 svr_opts.banner->len), svr_opts.banner->len); | 92 banner->len); |
| 98 buf_putstring(ses.writepayload, "en", 2); | 93 buf_putstring(ses.writepayload, "en", 2); |
| 99 | 94 |
| 100 encrypt_packet(); | 95 encrypt_packet(); |
| 101 buf_free(svr_opts.banner); | |
| 102 svr_opts.banner = NULL; | |
| 103 | 96 |
| 104 TRACE(("leave send_msg_userauth_banner")) | 97 TRACE(("leave send_msg_userauth_banner")) |
| 105 } | 98 } |
| 106 | 99 |
| 107 /* handle a userauth request, check validity, pass to password or pubkey | 100 /* handle a userauth request, check validity, pass to password or pubkey |
| 120 return; | 113 return; |
| 121 } | 114 } |
| 122 | 115 |
| 123 /* send the banner if it exists, it will only exist once */ | 116 /* send the banner if it exists, it will only exist once */ |
| 124 if (svr_opts.banner) { | 117 if (svr_opts.banner) { |
| 125 send_msg_userauth_banner(); | 118 send_msg_userauth_banner(svr_opts.banner); |
| 119 buf_free(svr_opts.banner); | |
| 120 svr_opts.banner = NULL; | |
| 126 } | 121 } |
| 127 | 122 |
| 128 username = buf_getstring(ses.payload, &userlen); | 123 username = buf_getstring(ses.payload, &userlen); |
| 129 servicename = buf_getstring(ses.payload, &servicelen); | 124 servicename = buf_getstring(ses.payload, &servicelen); |
| 130 methodname = buf_getstring(ses.payload, &methodlen); | 125 methodname = buf_getstring(ses.payload, &methodlen); |