diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2013-10-03 23:04:11 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2013-10-03 23:04:11 +0800 |
| commit | 222545764a984db12aa7ff1909df726d26d3beb0 (patch) | |
| tree | a912b76fb469fd73e77956f1483cde312009fe94 | |
| parent | e80daa98e9750d1045e5bc99b419c84ead70a684 (diff) | |
| download | dropbear-222545764a984db12aa7ff1909df726d26d3beb0.tar.gz | |
Send PAM error messages as a banner messages
Patch from Martin Donnelly, modified.
| -rw-r--r-- | auth.h | 1 | ||||
| -rw-r--r-- | svr-auth.c | 17 | ||||
| -rw-r--r-- | svr-authpam.c | 16 |
3 files changed, 23 insertions, 11 deletions
@@ -36,6 +36,7 @@ void cli_authinitialise(); void recv_msg_userauth_request(); void send_msg_userauth_failure(int partial, int incrfail); void send_msg_userauth_success(); +void send_msg_userauth_banner(buffer *msg); void svr_auth_password(); void svr_auth_pubkey(); void svr_auth_pam(); @@ -37,7 +37,6 @@ static void authclear(); static int checkusername(unsigned char *username, unsigned int userlen); -static void send_msg_userauth_banner(); /* initialise the first time for a session, resetting all parameters */ void svr_authinitialise() { @@ -82,24 +81,18 @@ static void authclear() { /* Send a banner message if specified to the client. The client might * ignore this, but possibly serves as a legal "no trespassing" sign */ -static void send_msg_userauth_banner() { +void send_msg_userauth_banner(buffer *banner) { TRACE(("enter send_msg_userauth_banner")) - if (svr_opts.banner == NULL) { - TRACE(("leave send_msg_userauth_banner: banner is NULL")) - return; - } CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER); - buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner, - svr_opts.banner->len), svr_opts.banner->len); + buf_putstring(ses.writepayload, buf_getptr(banner, banner->len), + banner->len); buf_putstring(ses.writepayload, "en", 2); encrypt_packet(); - buf_free(svr_opts.banner); - svr_opts.banner = NULL; TRACE(("leave send_msg_userauth_banner")) } @@ -122,7 +115,9 @@ void recv_msg_userauth_request() { /* send the banner if it exists, it will only exist once */ if (svr_opts.banner) { - send_msg_userauth_banner(); + send_msg_userauth_banner(svr_opts.banner); + buf_free(svr_opts.banner); + svr_opts.banner = NULL; } username = buf_getstring(ses.payload, &userlen); diff --git a/svr-authpam.c b/svr-authpam.c index e84f076..a586727 100644 --- a/svr-authpam.c +++ b/svr-authpam.c @@ -142,6 +142,22 @@ pamConvFunc(int num_msg, (*respp) = resp; break; + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + + if (msg_len > 0) { + buffer * pam_err = buf_new(msg_len + 4); + buf_setpos(pam_err, 0); + buf_putbytes(pam_err, "\r\n", 2); + buf_putbytes(pam_err, (*msg)->msg, msg_len); + buf_putbytes(pam_err, "\r\n", 2); + buf_setpos(pam_err, 0); + + send_msg_userauth_banner(pam_err); + buf_free(pam_err); + } + break; + default: TRACE(("Unknown message type")) rc = PAM_CONV_ERR; |