Mercurial > dropbear

comparison svr-authpam.c @ 573:d3ea8b9672f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Test for pam_fail_delay() function in configure - Recognise "username:" as a PAM prompt - Add some randomness to the auth-failure delay - Fix wrongly committed options.h/debug.h
author Matt Johnston <matt@ucc.asn.au>
date Tue, 08 Sep 2009 14:53:53 +0000
parents 4317be8b7cf9
children a98a2138364a
comparison
equal deleted inserted replaced
572:8fd0ac8c8cab 573:d3ea8b9672f0
100 100
101 if (!(strcmp(compare_message, "password:") == 0)) { 101 if (!(strcmp(compare_message, "password:") == 0)) {
102 /* We don't recognise the prompt as asking for a password, 102 /* We don't recognise the prompt as asking for a password,
103 so can't handle it. Add more above as required for 103 so can't handle it. Add more above as required for
104 different pam modules/implementations */ 104 different pam modules/implementations */
105 dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (no echo)", 105 dropbear_log(LOG_NOTICE, "PAM unknown prompt '%s' (no echo)",
106 compare_message); 106 compare_message);
107 rc = PAM_CONV_ERR; 107 rc = PAM_CONV_ERR;
108 break; 108 break;
109 } 109 }
110 110
121 break; 121 break;
122 122
123 123
124 case PAM_PROMPT_ECHO_ON: 124 case PAM_PROMPT_ECHO_ON:
125 125
126 if (!((strcmp(compare_message, "login:" ) == 0) 126 if (!(
127 || (strcmp(compare_message, "please enter username:") == 0))) { 127 (strcmp(compare_message, "login:" ) == 0)
128 || (strcmp(compare_message, "please enter username:") == 0)
129 || (strcmp(compare_message, "username:") == 0)
130 )) {
128 /* We don't recognise the prompt as asking for a username, 131 /* We don't recognise the prompt as asking for a username,
129 so can't handle it. Add more above as required for 132 so can't handle it. Add more above as required for
130 different pam modules/implementations */ 133 different pam modules/implementations */
131 dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (with echo)", 134 dropbear_log(LOG_NOTICE, "PAM unknown prompt '%s' (with echo)",
132 compare_message); 135 compare_message);
133 rc = PAM_CONV_ERR; 136 rc = PAM_CONV_ERR;
134 break; 137 break;
135 } 138 }
136 139
210 dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s\n", 213 dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s\n",
211 rc, pam_strerror(pamHandlep, rc)); 214 rc, pam_strerror(pamHandlep, rc));
212 goto cleanup; 215 goto cleanup;
213 } 216 }
214 217
218 #ifdef HAVE_PAM_FAIL_DELAY
219 /* We have our own random delay code already, disable PAM's */
215 (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */); 220 (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */);
221 #endif
216 222
217 /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */ 223 /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */
218 224
219 if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) { 225 if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) {
220 dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", 226 dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n",