# HG changeset patch # User Matt Johnston # Date 1380812651 -28800 # Node ID 8fe36617bf4eba9e900914280e0aed302982547a # Parent a625f9e135a418b08c61588bd5ab7a6b89b3186f Send PAM error messages as a banner messages Patch from Martin Donnelly, modified. diff -r a625f9e135a4 -r 8fe36617bf4e auth.h --- a/auth.h Thu Oct 03 22:25:30 2013 +0800 +++ b/auth.h Thu Oct 03 23:04:11 2013 +0800 @@ -36,6 +36,7 @@ void recv_msg_userauth_request(); void send_msg_userauth_failure(int partial, int incrfail); void send_msg_userauth_success(); +void send_msg_userauth_banner(buffer *msg); void svr_auth_password(); void svr_auth_pubkey(); void svr_auth_pam(); diff -r a625f9e135a4 -r 8fe36617bf4e svr-auth.c --- a/svr-auth.c Thu Oct 03 22:25:30 2013 +0800 +++ b/svr-auth.c Thu Oct 03 23:04:11 2013 +0800 @@ -37,7 +37,6 @@ static void authclear(); static int checkusername(unsigned char *username, unsigned int userlen); -static void send_msg_userauth_banner(); /* initialise the first time for a session, resetting all parameters */ void svr_authinitialise() { @@ -82,24 +81,18 @@ /* Send a banner message if specified to the client. The client might * ignore this, but possibly serves as a legal "no trespassing" sign */ -static void send_msg_userauth_banner() { +void send_msg_userauth_banner(buffer *banner) { TRACE(("enter send_msg_userauth_banner")) - if (svr_opts.banner == NULL) { - TRACE(("leave send_msg_userauth_banner: banner is NULL")) - return; - } CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); - buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner, - svr_opts.banner->len), svr_opts.banner->len); + buf_putstring(ses.writepayload, buf_getptr(banner, banner->len), + banner->len); buf_putstring(ses.writepayload, "en", 2); encrypt_packet(); - buf_free(svr_opts.banner); - svr_opts.banner = NULL; TRACE(("leave send_msg_userauth_banner")) } @@ -122,7 +115,9 @@ /* send the banner if it exists, it will only exist once */ if (svr_opts.banner) { - send_msg_userauth_banner(); + send_msg_userauth_banner(svr_opts.banner); + buf_free(svr_opts.banner); + svr_opts.banner = NULL; } username = buf_getstring(ses.payload, &userlen); diff -r a625f9e135a4 -r 8fe36617bf4e svr-authpam.c --- a/svr-authpam.c Thu Oct 03 22:25:30 2013 +0800 +++ b/svr-authpam.c Thu Oct 03 23:04:11 2013 +0800 @@ -142,6 +142,22 @@ (*respp) = resp; break; + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + + if (msg_len > 0) { + buffer * pam_err = buf_new(msg_len + 4); + buf_setpos(pam_err, 0); + buf_putbytes(pam_err, "\r\n", 2); + buf_putbytes(pam_err, (*msg)->msg, msg_len); + buf_putbytes(pam_err, "\r\n", 2); + buf_setpos(pam_err, 0); + + send_msg_userauth_banner(pam_err); + buf_free(pam_err); + } + break; + default: TRACE(("Unknown message type")) rc = PAM_CONV_ERR;