From c384a74c7b96c448a14fac2da59ec3e3a043de2b Mon Sep 17 00:00:00 2001 From: dtucker Date: Thu, 20 Jan 2005 11:20:50 +0000 Subject: [PATCH] - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from the list of available kbdint devices if UsePAM=no. ok djm@ --- ChangeLog | 2 ++ auth-chall.c | 7 +++++++ auth.h | 2 ++ auth2-chall.c | 24 ++++++++++++++++++++++++ 4 files changed, 35 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9699c9d6..963b94ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 bytes to prevent errors from login_init_entry() when the username is exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ + - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from + the list of available kbdint devices if UsePAM=no. ok djm@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement diff --git a/auth-chall.c b/auth-chall.c index a9d314dd..e4f78309 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); #include "auth.h" #include "log.h" #include "xmalloc.h" +#include "servconf.h" /* limited protocol v1 interface to kbd-interactive authentication */ extern KbdintDevice *devices[]; static KbdintDevice *device; +extern ServerOptions options; char * get_challenge(Authctxt *authctxt) @@ -41,6 +43,11 @@ get_challenge(Authctxt *authctxt) u_int i, numprompts; u_int *echo_on; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + device = devices[0]; /* we always use the 1st device for protocol 1 */ if (device == NULL) return NULL; diff --git a/auth.h b/auth.h index 760337be..6c0089dc 100644 --- a/auth.h +++ b/auth.h @@ -130,6 +130,8 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +void remove_kbdint_device(const char *); + void disable_forwarding(void); void do_authentication(Authctxt *); diff --git a/auth2-chall.c b/auth2-chall.c index 29234439..384a543e 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); #include "xmalloc.h" #include "dispatch.h" #include "log.h" +#include "servconf.h" + +/* import */ +extern ServerOptions options; static int auth2_challenge_start(Authctxt *); static int send_userauth_info_request(Authctxt *); @@ -71,6 +75,21 @@ struct KbdintAuthctxt u_int nreq; }; +#ifdef USE_PAM +void +remove_kbdint_device(const char *devname) +{ + int i, j; + + for (i = 0; devices[i] != NULL; i++) + if (strcmp(devices[i]->name, devname) == 0) { + for (j = i; devices[j] != NULL; j++) + devices[j] = devices[j+1]; + i--; + } +} +#endif + static KbdintAuthctxt * kbdint_alloc(const char *devs) { @@ -78,6 +97,11 @@ kbdint_alloc(const char *devs) Buffer b; int i; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { buffer_init(&b); -- 2.45.2