bugzilla-daemon at mindrot.org
2020-Apr-25 10:55 UTC
[Bug 3154] New: Issue with showing info and error messages from a blocking PAM module
https://bugzilla.mindrot.org/show_bug.cgi?id=3154
Bug ID: 3154
Summary: Issue with showing info and error messages from a
blocking PAM module
Product: Portable OpenSSH
Version: 8.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: pejovic at gmail.com
Created attachment 3388
--> https://bugzilla.mindrot.org/attachment.cgi?id=3388&action=edit
PAM module that demonstrates the problem
I've stumbled across an apparent issue with showing messages using
PAM_TEXT_INFO style from a PAM module that blocks for (non-keyboard)
user input. The same thing happens when using PAM_ERROR_MSG, but
PAM_PROMPT_ECHO_OFF/ON work correctly.
Attached is an example module that works properly with sudo, but shows
both messages at the same time, at the end of the PAM stack execution,
when trying to log into a server running sshd.
Note that nothing is displayed from previous PAM modules either, i.e.
if I put pam_echo module in the stack before the blocking one, its
output is also displayed at the very end of the stack execution.
This was tested on Arch Linux with openssh 8.2p1-3, and Ubuntu 18.04
with openssh-server 7.6p1-4ubuntu0.3. The
"ChallengeResponseAuthentication" option was enabled in
/etc/ssh/sshd_config.
--
You are receiving this mail because:
You are watching the assignee of the bug.
Possibly Parallel Threads
- Problems with conversation functions PAM + OpenSSH
- PAM_ERROR_MSG and PAM_TEXT_INFO from modules
- [Bug 2876] New: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication
- auth-pam.c support for pam_chauthtok()
- PAM keyboard-interactive
Wisdom of the Ancients
