author | Huie-Ying Lee <huieying.lee@oracle.com> |
Tue, 01 Jul 2014 13:51:11 -0700 | |
changeset 1979 | bdbb0de8834e |
child 2206 | e71c20dca64b |
permissions | -rw-r--r-- |
1979
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
1 |
# |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
2 |
# This patch contains an important bug fix for the PAM password userauth |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
3 |
# conversation function. This bug fix was contributed back to the upstream in |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
4 |
# 2009, but it was not accepted by the upstream. For more information, see |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
5 |
# https://bugzilla.mindrot.org/show_bug.cgi?id=1681. |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
6 |
# |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
7 |
--- orig/auth-pam.c Fri Jun 20 14:55:27 2014 |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
8 |
+++ new/auth-pam.c Fri Jun 20 14:54:39 2014 |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
9 |
@@ -1111,11 +1111,13 @@ |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
10 |
free(env); |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
11 |
} |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
12 |
|
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
13 |
+#ifndef PAM_BUGFIX |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
14 |
/* |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
15 |
* "Blind" conversation function for password authentication. Assumes that |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
16 |
* echo-off prompts are for the password and stores messages for later |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
17 |
* display. |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
18 |
*/ |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
19 |
+#endif |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
20 |
static int |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
21 |
sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
22 |
struct pam_response **resp, void *data) |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
23 |
@@ -1137,6 +1139,17 @@ |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
24 |
for (i = 0; i < n; ++i) { |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
25 |
switch (PAM_MSG_MEMBER(msg, i, msg_style)) { |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
26 |
case PAM_PROMPT_ECHO_OFF: |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
27 |
+#ifdef PAM_BUGFIX |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
28 |
+ /* |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
29 |
+ * PAM conversation function for the password userauth |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
30 |
+ * method (non-interactive) really cannot do any |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
31 |
+ * prompting. We set the PAM_AUTHTOK item in |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
32 |
+ * sshpam_auth_passwd()to avoid conversation. If some |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
33 |
+ * modules still try to converse, then the password |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
34 |
+ * userauth will fail. |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
35 |
+ */ |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
36 |
+ goto fail; |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
37 |
+#else |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
38 |
if (sshpam_password == NULL) |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
39 |
goto fail; |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
40 |
if ((reply[i].resp = strdup(sshpam_password)) == NULL) |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
41 |
@@ -1143,6 +1156,7 @@ |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
42 |
goto fail; |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
43 |
reply[i].resp_retcode = PAM_SUCCESS; |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
44 |
break; |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
45 |
+#endif |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
46 |
case PAM_ERROR_MSG: |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
47 |
case PAM_TEXT_INFO: |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
48 |
len = strlen(PAM_MSG_MEMBER(msg, i, msg)); |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
49 |
@@ -1197,6 +1211,15 @@ |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
50 |
options.permit_root_login != PERMIT_YES)) |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
51 |
sshpam_password = badpw; |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
52 |
|
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
53 |
+#ifdef PAM_BUGFIX |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
54 |
+ sshpam_err = pam_set_item(sshpam_handle, PAM_AUTHTOK, password); |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
55 |
+ if (sshpam_err != PAM_SUCCESS) { |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
56 |
+ debug("PAM: %s: failed to set PAM_AUTHTOK: %s", __func__, |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
57 |
+ pam_strerror(sshpam_handle, sshpam_err)); |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
58 |
+ return 0; |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
59 |
+ } |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
60 |
+#endif |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
61 |
+ |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
62 |
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
63 |
(const void *)&passwd_conv); |
bdbb0de8834e
19034156 PAM coversation function for passwd auth method has an incorrect assumption
Huie-Ying Lee <huieying.lee@oracle.com>
parents:
diff
changeset
|
64 |
if (sshpam_err != PAM_SUCCESS) |