Mercurial > dropbear

diff svr-auth.c @ 925:bae0b34bc059 pam

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Better PAM through recursion
author Matt Johnston <matt@ucc.asn.au>
date Wed, 12 Mar 2014 23:40:02 +0800
parents 220f55d540ae
children 73ea0dce9a57
line wrap: on
line diff
--- a/svr-auth.c	Sat Mar 08 21:00:57 2014 +0800
+++ b/svr-auth.c	Wed Mar 12 23:40:02 2014 +0800
@@ -59,11 +59,14 @@
 #ifdef ENABLE_SVR_PUBKEY_AUTH
 	ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
 #endif
-#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
+#ifdef ENABLE_SVR_PASSWORD_AUTH
 	if (!svr_opts.noauthpass) {
 		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 	}
 #endif
+#ifdef ENABLE_SVR_PAM_AUTH
+	ses.authstate.authtypes |= AUTH_TYPE_INTERACT;
+#endif
 	if (ses.authstate.pw_name) {
 		m_free(ses.authstate.pw_name);
 	}
@@ -185,12 +188,11 @@
 #endif
 
 #ifdef ENABLE_SVR_PAM_AUTH
-	if (!svr_opts.noauthpass &&
-			!(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
+	if (!(svr_opts.norootpass && ses.authstate.pw_uid == 0) ) {
 		/* user wants to try password auth */
-		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
-				strncmp(methodname, AUTH_METHOD_PASSWORD,
-					AUTH_METHOD_PASSWORD_LEN) == 0) {
+		if (methodlen == AUTH_METHOD_INTERACT_LEN &&
+				strncmp(methodname, AUTH_METHOD_INTERACT,
+					AUTH_METHOD_INTERACT_LEN) == 0) {
 			if (valid_user) {
 				svr_auth_pam();
 				goto out;
@@ -330,7 +332,7 @@
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_FAILURE);
 
 	/* put a list of allowed types */
-	typebuf = buf_new(30); /* long enough for PUBKEY and PASSWORD */
+	typebuf = buf_new(55);
 
 	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
 		buf_putbytes(typebuf, AUTH_METHOD_PUBKEY, AUTH_METHOD_PUBKEY_LEN);
@@ -341,6 +343,13 @@
 	
 	if (ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		buf_putbytes(typebuf, AUTH_METHOD_PASSWORD, AUTH_METHOD_PASSWORD_LEN);
+		if (ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
+			buf_putbyte(typebuf, ',');
+		}
+	}
+
+	if (ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
+		buf_putbytes(typebuf, AUTH_METHOD_INTERACT, AUTH_METHOD_INTERACT_LEN);
 	}
 
 	buf_putbufstring(ses.writepayload, typebuf);
@@ -350,7 +359,7 @@
 
 	buf_free(typebuf);
 
-	buf_putbyte(ses.writepayload, partial ? 1 : 0);
+	buf_putbool(ses.writepayload, partial);
 	encrypt_packet();
 
 	if (incrfail) {