From 142a0f8a83262b278d7d4eeaada2801a039c94c8 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 3 Oct 2013 23:04:11 +0800 Subject: Send PAM error messages as a banner messages Patch from Martin Donnelly, modified. --- svr-authpam.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'svr-authpam.c') diff --git a/svr-authpam.c b/svr-authpam.c index e84f076..a586727 100644 --- a/svr-authpam.c +++ b/svr-authpam.c @@ -142,6 +142,22 @@ pamConvFunc(int num_msg, (*respp) = resp; break; + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + + if (msg_len > 0) { + buffer * pam_err = buf_new(msg_len + 4); + buf_setpos(pam_err, 0); + buf_putbytes(pam_err, "\r\n", 2); + buf_putbytes(pam_err, (*msg)->msg, msg_len); + buf_putbytes(pam_err, "\r\n", 2); + buf_setpos(pam_err, 0); + + send_msg_userauth_banner(pam_err); + buf_free(pam_err); + } + break; + default: TRACE(("Unknown message type")) rc = PAM_CONV_ERR; -- cgit v1.2.3 From 6a09fa23d0fa7237936dc0e99bff4abf37c27d68 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 3 Oct 2013 23:04:26 +0800 Subject: Get rid of spurious newlines in pam log messages --- svr-authpam.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'svr-authpam.c') diff --git a/svr-authpam.c b/svr-authpam.c index a586727..0b1d69f 100644 --- a/svr-authpam.c +++ b/svr-authpam.c @@ -212,14 +212,14 @@ void svr_auth_pam() { /* Init pam */ if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { - dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s\n", + dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", rc, pam_strerror(pamHandlep, rc)); goto cleanup; } /* just to set it to something */ if ((rc = pam_set_item(pamHandlep, PAM_TTY, "ssh") != PAM_SUCCESS)) { - dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s\n", + dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s", rc, pam_strerror(pamHandlep, rc)); goto cleanup; } @@ -232,7 +232,7 @@ void svr_auth_pam() { /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */ if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) { - dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", + dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s", rc, pam_strerror(pamHandlep, rc)); dropbear_log(LOG_WARNING, "Bad PAM password attempt for '%s' from %s", @@ -243,7 +243,7 @@ void svr_auth_pam() { } if ((rc = pam_acct_mgmt(pamHandlep, 0)) != PAM_SUCCESS) { - dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", + dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s", rc, pam_strerror(pamHandlep, rc)); dropbear_log(LOG_WARNING, "Bad PAM password attempt for '%s' from %s", -- cgit v1.2.3