|
Lines 229-234
static int sshpam_authenticated = 0;
Link Here
|
| 229 |
static int sshpam_session_open = 0; |
229 |
static int sshpam_session_open = 0; |
| 230 |
static int sshpam_cred_established = 0; |
230 |
static int sshpam_cred_established = 0; |
| 231 |
static int sshpam_account_status = -1; |
231 |
static int sshpam_account_status = -1; |
|
|
232 |
static int sshpam_maxtries_reached = 0; |
| 232 |
static char **sshpam_env = NULL; |
233 |
static char **sshpam_env = NULL; |
| 233 |
static Authctxt *sshpam_authctxt = NULL; |
234 |
static Authctxt *sshpam_authctxt = NULL; |
| 234 |
static const char *sshpam_password = NULL; |
235 |
static const char *sshpam_password = NULL; |
|
Lines 468-473
sshpam_thread(void *ctxtp)
Link Here
|
| 468 |
if (sshpam_err != PAM_SUCCESS) |
469 |
if (sshpam_err != PAM_SUCCESS) |
| 469 |
goto auth_fail; |
470 |
goto auth_fail; |
| 470 |
sshpam_err = pam_authenticate(sshpam_handle, flags); |
471 |
sshpam_err = pam_authenticate(sshpam_handle, flags); |
|
|
472 |
if (sshpam_err == PAM_MAXTRIES) |
| 473 |
sshpam_set_maxtries_reached(1); |
| 471 |
if (sshpam_err != PAM_SUCCESS) |
474 |
if (sshpam_err != PAM_SUCCESS) |
| 472 |
goto auth_fail; |
475 |
goto auth_fail; |
| 473 |
|
476 |
|
|
Lines 519-524
sshpam_thread(void *ctxtp)
Link Here
|
| 519 |
/* XXX - can't do much about an error here */ |
522 |
/* XXX - can't do much about an error here */ |
| 520 |
if (sshpam_err == PAM_ACCT_EXPIRED) |
523 |
if (sshpam_err == PAM_ACCT_EXPIRED) |
| 521 |
ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); |
524 |
ssh_msg_send(ctxt->pam_csock, PAM_ACCT_EXPIRED, &buffer); |
|
|
525 |
else if (sshpam_maxtries_reached) |
| 526 |
ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer); |
| 522 |
else |
527 |
else |
| 523 |
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); |
528 |
ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); |
| 524 |
buffer_free(&buffer); |
529 |
buffer_free(&buffer); |
|
Lines 759-765
sshpam_query(void *ctx, char **name, char **info,
Link Here
|
| 759 |
free(msg); |
764 |
free(msg); |
| 760 |
break; |
765 |
break; |
| 761 |
case PAM_ACCT_EXPIRED: |
766 |
case PAM_ACCT_EXPIRED: |
| 762 |
sshpam_account_status = 0; |
767 |
case PAM_MAXTRIES: |
|
|
768 |
if (type == PAM_ACCT_EXPIRED) |
| 769 |
sshpam_account_status = 0; |
| 770 |
if (type == PAM_MAXTRIES) |
| 771 |
sshpam_set_maxtries_reached(1); |
| 763 |
/* FALLTHROUGH */ |
772 |
/* FALLTHROUGH */ |
| 764 |
case PAM_AUTH_ERR: |
773 |
case PAM_AUTH_ERR: |
| 765 |
debug3("PAM: %s", pam_strerror(sshpam_handle, type)); |
774 |
debug3("PAM: %s", pam_strerror(sshpam_handle, type)); |
|
Lines 1208-1213
sshpam_auth_passwd(Authctxt *authctxt, const char *password)
Link Here
|
| 1208 |
|
1217 |
|
| 1209 |
sshpam_err = pam_authenticate(sshpam_handle, flags); |
1218 |
sshpam_err = pam_authenticate(sshpam_handle, flags); |
| 1210 |
sshpam_password = NULL; |
1219 |
sshpam_password = NULL; |
|
|
1220 |
if (sshpam_err == PAM_MAXTRIES) { |
| 1221 |
debug3("PAM: %s maxtries reached", __func__); |
| 1222 |
sshpam_set_maxtries_reached(1); |
| 1223 |
} |
| 1211 |
if (sshpam_err == PAM_SUCCESS && authctxt->valid) { |
1224 |
if (sshpam_err == PAM_SUCCESS && authctxt->valid) { |
| 1212 |
debug("PAM: password authentication accepted for %.100s", |
1225 |
debug("PAM: password authentication accepted for %.100s", |
| 1213 |
authctxt->user); |
1226 |
authctxt->user); |
|
Lines 1219-1222
sshpam_auth_passwd(Authctxt *authctxt, const char *password)
Link Here
|
| 1219 |
return 0; |
1232 |
return 0; |
| 1220 |
} |
1233 |
} |
| 1221 |
} |
1234 |
} |
|
|
1235 |
|
| 1236 |
int |
| 1237 |
sshpam_get_maxtries_reached(void) |
| 1238 |
{ |
| 1239 |
return sshpam_maxtries_reached; |
| 1240 |
} |
| 1241 |
|
| 1242 |
void |
| 1243 |
sshpam_set_maxtries_reached(int reached) |
| 1244 |
{ |
| 1245 |
if (reached == 0 || sshpam_maxtries_reached) |
| 1246 |
return; |
| 1247 |
sshpam_maxtries_reached = 1; |
| 1248 |
options.password_authentication = 0; |
| 1249 |
options.kbd_interactive_authentication = 0; |
| 1250 |
options.challenge_response_authentication = 0; |
| 1251 |
} |
| 1222 |
#endif /* USE_PAM */ |
1252 |
#endif /* USE_PAM */ |