- struct pam_response *reply;
- int count;
- char buf[1024];
-
- /* PAM will free this later */
- reply = malloc(num_msg * sizeof(*reply));
- if (reply == NULL)
- return PAM_CONV_ERR;
-
- for (count = 0; count < num_msg; count++) {
- if (pamstate == INITIAL_LOGIN) {
- /*
- * We can't use stdio yet, queue messages for
- * printing later
- */
- switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
- case PAM_PROMPT_ECHO_ON:
- free(reply);
- return PAM_CONV_ERR;
- case PAM_PROMPT_ECHO_OFF:
- if (__pampasswd == NULL) {
- free(reply);
- return PAM_CONV_ERR;
- }
- reply[count].resp = xstrdup(__pampasswd);
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- case PAM_ERROR_MSG:
- case PAM_TEXT_INFO:
- if ((*msg)[count].msg != NULL) {
- message_cat(&__pam_msg,
- PAM_MSG_MEMBER(msg, count, msg));
- }
- reply[count].resp = xstrdup("");
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- default:
- free(reply);
- return PAM_CONV_ERR;
- }
- } else {
- /*
- * stdio is connected, so interact directly
- */
- switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
- case PAM_PROMPT_ECHO_ON:
- fputs(PAM_MSG_MEMBER(msg, count, msg), stderr);
- fgets(buf, sizeof(buf), stdin);
- reply[count].resp = xstrdup(buf);
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- case PAM_PROMPT_ECHO_OFF:
- reply[count].resp = xstrdup(
- read_passphrase(PAM_MSG_MEMBER(msg, count,
- msg), 1));
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- case PAM_ERROR_MSG:
- case PAM_TEXT_INFO:
- if ((*msg)[count].msg != NULL)
- fprintf(stderr, "%s\n",
- PAM_MSG_MEMBER(msg, count, msg));
- reply[count].resp = xstrdup("");
- reply[count].resp_retcode = PAM_SUCCESS;
- break;
- default:
- free(reply);
- return PAM_CONV_ERR;
- }
+ Buffer buffer;
+ struct pam_ctxt *ctxt;
+ int i;
+
+ ctxt = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return (PAM_CONV_ERR);
+ *resp = xmalloc(n * sizeof **resp);
+ buffer_init(&buffer);
+ for (i = 0; i < n; ++i) {
+ resp[i]->resp_retcode = 0;
+ resp[i]->resp = NULL;
+ switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
+ case PAM_PROMPT_ECHO_OFF:
+ buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ ssh_msg_recv(ctxt->pam_csock, &buffer);
+ if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+ goto fail;
+ resp[i]->resp = buffer_get_string(&buffer, NULL);
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ ssh_msg_recv(ctxt->pam_csock, &buffer);
+ if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+ goto fail;
+ resp[i]->resp = buffer_get_string(&buffer, NULL);
+ break;
+ case PAM_ERROR_MSG:
+ buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ break;
+ case PAM_TEXT_INFO:
+ buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg));
+ ssh_msg_send(ctxt->pam_csock,
+ PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
+ break;
+ default:
+ goto fail;