diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-09-11 23:07:03 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-09-11 23:07:03 +1000 |
| commit | 77fc29eeb382974ae063227c249ee3b98646e38a (patch) | |
| tree | fba14efc7adf195758fc0e556c88d8fcc772919c /auth2.c | |
| parent | 4765679649c51a83e5ceb3d0c1e51e33db251f27 (diff) | |
| download | openssh-git-77fc29eeb382974ae063227c249ee3b98646e38a.tar.gz | |
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
Bug #892: Send messages from failing PAM account modules to the client via
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
Diffstat (limited to 'auth2.c')
| -rw-r--r-- | auth2.c | 15 |
1 files changed, 13 insertions, 2 deletions
@@ -35,6 +35,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "dispatch.h" #include "pathnames.h" #include "monitor_wrap.h" +#include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -44,6 +45,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; +extern Buffer loginmsg; /* methods */ @@ -216,8 +218,17 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authenticated = 0; #ifdef USE_PAM - if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) - authenticated = 0; + if (options.use_pam && authenticated) { + if (!PRIVSEP(do_pam_account())) { + authenticated = 0; + /* if PAM returned a message, send it to the user */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + userauth_send_banner(buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } + } + } #endif #ifdef _UNICOS |