diff options
author | dtucker <dtucker> | 2004-09-11 13:07:03 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2004-09-11 13:07:03 +0000 |
commit | 9d83f23f2fcbfea1ce09025a87ef2528c979146b (patch) | |
tree | 7044c36b48e013d21fe6e98b0caf5cc69b5ac7b2 /auth-pam.c | |
parent | df28a1ce6463e9e4d83a1e15f92558fec2a95a61 (diff) | |
download | openssh-9d83f23f2fcbfea1ce09025a87ef2528c979146b.tar.gz |
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
Bug #892: Send messages from failing PAM account modules to the client via
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -47,7 +47,7 @@ /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ #include "includes.h" -RCSID("$Id: auth-pam.c,v 1.116 2004/09/11 12:28:02 dtucker Exp $"); +RCSID("$Id: auth-pam.c,v 1.117 2004/09/11 13:07:03 dtucker Exp $"); #ifdef USE_PAM #if defined(HAVE_SECURITY_PAM_APPL_H) @@ -572,7 +572,7 @@ sshpam_init(Authctxt *authctxt) } debug("PAM: initializing for \"%s\"", user); sshpam_err = - pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); + pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle); sshpam_authctxt = authctxt; if (sshpam_err != PAM_SUCCESS) { @@ -804,11 +804,13 @@ finish_pam(void) u_int do_pam_account(void) { + debug("%s: called", __func__); if (sshpam_account_status != -1) return (sshpam_account_status); sshpam_err = pam_acct_mgmt(sshpam_handle, 0); - debug3("PAM: %s pam_acct_mgmt = %d", __func__, sshpam_err); + debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, + pam_strerror(sshpam_handle, sshpam_err)); if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { sshpam_account_status = 0; @@ -838,7 +840,7 @@ void do_pam_setcred(int init) { sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); + (const void *)&store_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); |