| Summary: | Keyboard-interactive PAM back end hides information | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Pontus Sköld <pont_bug_mindrot> |
| Component: | sshd | Assignee: | OpenSSH Bugzilla mailing list <openssh-bugs> |
| Status: | CLOSED FIXED | ||
| Severity: | minor | ||
| Priority: | P2 | ||
| Version: | -current | ||
| Hardware: | All | ||
| OS: | All | ||
PAM support has changed in CVS completely from the last release. PAM is now a near-proper kbd-int citizen. Mass change of RESOLVED bugs to CLOSED |
The mapping from pam_message to SSH_MSG_USERAUTH_INFO_REQUEST currently puts anything that isn't a prompt (information request) into the first prompt. As prompts may be truncated that isn't really the right thing to do, this patch puts those in the instruction field instead. (Lost information is normally not a problem, but with a PAM module that puts the challenge in one of those message it may be, and I can't think of any reason it's better to have the text in the first prompt). I did the patch for someone else and now there seems to be some other problem with using PAM from sshd on my system, so consider it untested. --CUT-- --- auth2-pam.c.old Fri Mar 21 11:10:57 2003 +++ auth2-pam.c Thu Mar 27 10:52:08 2003 @@ -84,7 +84,14 @@ packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST); packet_put_cstring(""); /* Name */ - packet_put_cstring(""); /* Instructions */ + + if (text) { + packet_put_cstring(text); + xfree(text); + text = NULL; + } else + packet_put_cstring(""); /* Instructions */ + packet_put_cstring(""); /* Language */ packet_put_int(context_pam2.num_expected); @@ -96,12 +103,7 @@ continue; context_pam2.prompts[j++] = i; - if (text) { - message_cat(&text, PAM_MSG_MEMBER(msg, i, msg)); - packet_put_cstring(text); - text = NULL; - } else - packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg)); + packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg)); packet_put_char(style == PAM_PROMPT_ECHO_ON); } packet_send(); --CUT--