Mercurial > dropbear
changeset 818:8fe36617bf4e
Send PAM error messages as a banner messages
Patch from Martin Donnelly, modified.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 03 Oct 2013 23:04:11 +0800 |
| parents | a625f9e135a4 |
| children | fee485ce81eb |
| files | auth.h svr-auth.c svr-authpam.c |
| diffstat | 3 files changed, 23 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/auth.h Thu Oct 03 22:25:30 2013 +0800 +++ b/auth.h Thu Oct 03 23:04:11 2013 +0800 @@ -36,6 +36,7 @@ void recv_msg_userauth_request(); void send_msg_userauth_failure(int partial, int incrfail); void send_msg_userauth_success(); +void send_msg_userauth_banner(buffer *msg); void svr_auth_password(); void svr_auth_pubkey(); void svr_auth_pam();
--- a/svr-auth.c Thu Oct 03 22:25:30 2013 +0800 +++ b/svr-auth.c Thu Oct 03 23:04:11 2013 +0800 @@ -37,7 +37,6 @@ static void authclear(); static int checkusername(unsigned char *username, unsigned int userlen); -static void send_msg_userauth_banner(); /* initialise the first time for a session, resetting all parameters */ void svr_authinitialise() { @@ -82,24 +81,18 @@ /* Send a banner message if specified to the client. The client might * ignore this, but possibly serves as a legal "no trespassing" sign */ -static void send_msg_userauth_banner() { +void send_msg_userauth_banner(buffer *banner) { TRACE(("enter send_msg_userauth_banner")) - if (svr_opts.banner == NULL) { - TRACE(("leave send_msg_userauth_banner: banner is NULL")) - return; - } CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); - buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner, - svr_opts.banner->len), svr_opts.banner->len); + buf_putstring(ses.writepayload, buf_getptr(banner, banner->len), + banner->len); buf_putstring(ses.writepayload, "en", 2); encrypt_packet(); - buf_free(svr_opts.banner); - svr_opts.banner = NULL; TRACE(("leave send_msg_userauth_banner")) } @@ -122,7 +115,9 @@ /* send the banner if it exists, it will only exist once */ if (svr_opts.banner) { - send_msg_userauth_banner(); + send_msg_userauth_banner(svr_opts.banner); + buf_free(svr_opts.banner); + svr_opts.banner = NULL; } username = buf_getstring(ses.payload, &userlen);
--- a/svr-authpam.c Thu Oct 03 22:25:30 2013 +0800 +++ b/svr-authpam.c Thu Oct 03 23:04:11 2013 +0800 @@ -142,6 +142,22 @@ (*respp) = resp; break; + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + + if (msg_len > 0) { + buffer * pam_err = buf_new(msg_len + 4); + buf_setpos(pam_err, 0); + buf_putbytes(pam_err, "\r\n", 2); + buf_putbytes(pam_err, (*msg)->msg, msg_len); + buf_putbytes(pam_err, "\r\n", 2); + buf_setpos(pam_err, 0); + + send_msg_userauth_banner(pam_err); + buf_free(pam_err); + } + break; + default: TRACE(("Unknown message type")) rc = PAM_CONV_ERR;