Hi,
I recently played around with a custom PAM module for user authentication via
ssh. During the authentication process I want to display various messages which
I
am able to do using a conv() call passing my messages. If the message is simple
everything works as expected.
When I use terminal/ANSI escape codes (e.g. something like 33[40;37;1m to
provide colors) however, the output is only correct when I set the pam message
type
PAM_PROMPT_ECHO_ON. If I choose PAM_TEXT_INFO or PAM_ERROR_MSG
the escape sequences have no effect and are printed literally. Using
PAM_PROMPT_ECHO_ON as message type is no solution as it requires the
user to press a key after each message. Is this a bug or a feature? I could
imagine
this being a security feature, but then, why would one message type allow it?
Skimming through the code of libpam and openssh didn't help. Is there
perhaps
a flag or an option to ssh which forbids some things I try to use?
Under Ubuntu and RedHat (which don't use openpam but an own PAM
implementation) everything works as expected. I am using 10-STABLE
but 9.2 shows the same behavior.
Thanks!
--
My code looks similar to this:
int style = PAM_PROMPT_ECHO_ON;
// don't work
//int style = PAM_TEXT_INFO;
//int style = PAM_ERROR_MSG;
r = pam_get_item(pamhg, PAM_CONV, &convp);
conv = (const struct pam_conv *)convp;
vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap);
msg.msg_style = style;
msg.msg = msgbuf;
msgp = &msg;
r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr);
---
Alle Postf?cher an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen!
http://email.freenet.de/basic/Informationen