Mercurial > dropbear
comparison svr-authpam.c @ 226:9a9c6d633972
channel.h: make definition extern
svr-authpam.c: be smarter comparing pam prompts
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 29 Jul 2005 05:37:20 +0000 |
| parents | 161557a9dde8 |
| children | 306499676384 |
comparison
equal
deleted
inserted
replaced
| 224:1dbd2473482f | 226:9a9c6d633972 |
|---|---|
| 52 void *appdata_ptr) { | 52 void *appdata_ptr) { |
| 53 | 53 |
| 54 int rc = PAM_SUCCESS; | 54 int rc = PAM_SUCCESS; |
| 55 struct pam_response* resp = NULL; | 55 struct pam_response* resp = NULL; |
| 56 struct UserDataS* userDatap = (struct UserDataS*) appdata_ptr; | 56 struct UserDataS* userDatap = (struct UserDataS*) appdata_ptr; |
| 57 unsigned int msg_len = 0; | |
| 58 unsigned int i = 0; | |
| 57 | 59 |
| 58 const char* message = (*msg)->msg; | 60 const char* message = (*msg)->msg; |
| 61 | |
| 62 // make a copy we can strip | |
| 63 char * compare_message = m_strdup(message); | |
| 59 | 64 |
| 60 TRACE(("enter pamConvFunc")) | 65 TRACE(("enter pamConvFunc")) |
| 61 | 66 |
| 62 if (num_msg != 1) { | 67 if (num_msg != 1) { |
| 63 /* If you're getting here - Dropbear probably can't support your pam | 68 /* If you're getting here - Dropbear probably can't support your pam |
| 64 * modules. This whole file is a bit of a hack around lack of | 69 * modules. This whole file is a bit of a hack around lack of |
| 65 * asynchronocity in PAM anyway */ | 70 * asynchronocity in PAM anyway. */ |
| 66 dropbear_log(LOG_INFO, "pamConvFunc() called with >1 messages: not supported."); | 71 dropbear_log(LOG_INFO, "pamConvFunc() called with >1 messages: not supported."); |
| 67 return PAM_CONV_ERR; | 72 return PAM_CONV_ERR; |
| 68 } | 73 } |
| 69 | 74 |
| 70 TRACE(("msg_style is %d", (*msg)->msg_style)) | 75 TRACE(("msg_style is %d", (*msg)->msg_style)) |
| 71 if (message) { | 76 if (compare_message) { |
| 72 TRACE(("message is '%s'", message)) | 77 TRACE(("message is '%s'", compare_message)) |
| 73 } else { | 78 } else { |
| 74 TRACE(("null message")) | 79 TRACE(("null message")) |
| 75 } | 80 } |
| 76 | 81 |
| 82 | |
| 83 // Make the string lowercase. | |
| 84 msg_len = strlen(compare_message); | |
| 85 for (i = 0; i < msg_len; i++) { | |
| 86 compare_message[i] = tolower(compare_message[i]); | |
| 87 } | |
| 88 | |
| 89 // If the string ends with ": ", remove the space. | |
| 90 // ie "login: " vs "login:" | |
| 91 if (msg_len > 2 | |
| 92 && compare_message[msg_len-2] == ':' | |
| 93 && compare_message[msg_len-1] == ' ') { | |
| 94 compare_message[msg_len-1] = '\0'; | |
| 95 } | |
| 96 | |
| 77 switch((*msg)->msg_style) { | 97 switch((*msg)->msg_style) { |
| 78 | 98 |
| 79 case PAM_PROMPT_ECHO_OFF: | 99 case PAM_PROMPT_ECHO_OFF: |
| 80 | 100 |
| 81 if (strcmp(message, "Password:") != 0) { | 101 if (!(strcmp(compare_message, "password:") == 0)) { |
| 82 TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt")) | 102 // We don't recognise the prompt as asking for a password, |
| 83 rc = PAM_CONV_ERR; | 103 // so can't handle it. Add more above as required for |
| 84 break; | 104 // different pam modules/implementations |
| 105 dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (no echo)", | |
| 106 compare_message); | |
| 107 rc = PAM_CONV_ERR; | |
| 108 break; | |
| 85 } | 109 } |
| 86 | 110 |
| 87 /* You have to read the PAM module-writers' docs (do we look like | 111 /* You have to read the PAM module-writers' docs (do we look like |
| 88 * module writers? no.) to find out that the module will | 112 * module writers? no.) to find out that the module will |
| 89 * free the pam_response and its resp element - ie we _must_ malloc | 113 * free the pam_response and its resp element - ie we _must_ malloc |
| 97 break; | 121 break; |
| 98 | 122 |
| 99 | 123 |
| 100 case PAM_PROMPT_ECHO_ON: | 124 case PAM_PROMPT_ECHO_ON: |
| 101 | 125 |
| 102 if ((strcmp(message, "login: " ) != 0) | 126 if (!((strcmp(compare_message, "login:" ) == 0) |
| 103 && (strcmp(message, "login:" ) != 0) | 127 || (strcmp(compare_message, "please enter username:") == 0))) { |
| 104 && (strcmp(message, "Please enter username: " ) != 0)) { | 128 // We don't recognise the prompt as asking for a username, |
| 105 TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt")) | 129 // so can't handle it. Add more above as required for |
| 130 // different pam modules/implementations | |
| 131 dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (with echo)", | |
| 132 compare_message); | |
| 106 rc = PAM_CONV_ERR; | 133 rc = PAM_CONV_ERR; |
| 107 break; | 134 break; |
| 108 } | 135 } |
| 109 | 136 |
| 110 /* You have to read the PAM module-writers' docs (do we look like | 137 /* You have to read the PAM module-writers' docs (do we look like |
| 123 TRACE(("Unknown message type")) | 150 TRACE(("Unknown message type")) |
| 124 rc = PAM_CONV_ERR; | 151 rc = PAM_CONV_ERR; |
| 125 break; | 152 break; |
| 126 } | 153 } |
| 127 | 154 |
| 155 m_free(compare_message); | |
| 128 TRACE(("leave pamConvFunc, rc %d", rc)) | 156 TRACE(("leave pamConvFunc, rc %d", rc)) |
| 129 | 157 |
| 130 return rc; | 158 return rc; |
| 131 } | 159 } |
| 132 | 160 |