diff options
author | dtucker <dtucker> | 2004-09-11 13:07:03 +0000 |
---|---|---|
committer | dtucker <dtucker> | 2004-09-11 13:07:03 +0000 |
commit | 9d83f23f2fcbfea1ce09025a87ef2528c979146b (patch) | |
tree | 7044c36b48e013d21fe6e98b0caf5cc69b5ac7b2 /auth2.c | |
parent | df28a1ce6463e9e4d83a1e15f92558fec2a95a61 (diff) | |
download | openssh-9d83f23f2fcbfea1ce09025a87ef2528c979146b.tar.gz |
- (dtucker) [auth-pam.c auth.h auth2-none.c auth2.c monitor.c monitor_wrap.c]
Bug #892: Send messages from failing PAM account modules to the client via
SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with
SSH2 kbdint authentication, which need to be dealt with separately. ok djm@
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 15 |
1 files changed, 13 insertions, 2 deletions
@@ -35,6 +35,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); #include "dispatch.h" #include "pathnames.h" #include "monitor_wrap.h" +#include "buffer.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -44,6 +45,7 @@ RCSID("$OpenBSD: auth2.c,v 1.107 2004/07/28 09:40:29 markus Exp $"); extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; +extern Buffer loginmsg; /* methods */ @@ -216,8 +218,17 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authenticated = 0; #ifdef USE_PAM - if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) - authenticated = 0; + if (options.use_pam && authenticated) { + if (!PRIVSEP(do_pam_account())) { + authenticated = 0; + /* if PAM returned a message, send it to the user */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0", 1); + userauth_send_banner(buffer_ptr(&loginmsg)); + buffer_clear(&loginmsg); + } + } + } #endif #ifdef _UNICOS |