From 71dfaf1c19b159243ed0b6bd67efde2b55861347 Mon Sep 17 00:00:00 2001 From: djm Date: Sat, 14 Oct 2000 00:16:12 +0000 Subject: [PATCH] - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth --- ChangeLog | 3 +++ auth-pam.c | 21 ++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 61993bb0..3030dad1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20001014 + - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth + 20001007 - (stevesk) Print PAM return value in PAM log messages to aid with debugging. diff --git a/auth-pam.c b/auth-pam.c index c0973d0e..d6bcbabe 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -83,11 +83,16 @@ static int pamconv(int num_msg, const struct pam_message **msg, for (count = 0; count < num_msg; count++) { switch ((*msg)[count].msg_style) { case PAM_PROMPT_ECHO_ON: - fputs((*msg)[count].msg, stderr); - fgets(buf, sizeof(buf), stdin); - reply[count].resp = xstrdup(buf); - reply[count].resp_retcode = PAM_SUCCESS; - break; + if (pamstate == INITIAL_LOGIN) { + free(reply); + return PAM_CONV_ERR; + } else { + fputs((*msg)[count].msg, stderr); + fgets(buf, sizeof(buf), stdin); + reply[count].resp = xstrdup(buf); + reply[count].resp_retcode = PAM_SUCCESS; + break; + } case PAM_PROMPT_ECHO_OFF: if (pamstate == INITIAL_LOGIN) { if (pampasswd == NULL) { @@ -95,8 +100,10 @@ static int pamconv(int num_msg, const struct pam_message **msg, return PAM_CONV_ERR; } reply[count].resp = xstrdup(pampasswd); - } else - reply[count].resp = xstrdup(read_passphrase((*msg)[count].msg, 1)); + } else { + reply[count].resp = + xstrdup(read_passphrase((*msg)[count].msg, 1)); + } reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: -- 2.45.2