openssh bugs - Jul 2004 - [Bug 892] Send output from PAM account modules to user

http://bugzilla.mindrot.org/show_bug.cgi?id=892

           Summary: Send output from PAM account modules to user
           Product: Portable OpenSSH
           Version: -current
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: PAM support
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: dtucker at zip.com.au


At the moment, output from the PAM account modules is discarded in some cases.

This is because if the user hasn't gone through one of the PAM auth methods
(eg
if they used publickey) then the sshpam_null_conv conversation function is still
used.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=892





------- Additional Comments From dtucker at zip.com.au  2004-07-05 17:25 -------
Created an attachment (id=681)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=681&action=view)
Collect PAM auth messages and send with SSH2_BANNER

This patch collects the messages from pam_acct_mgmt (using the existing
store_conv), copies it from the monitor and sends it to the user using a
SSH2_MSG_USERAUTH_BANNER message.  auth-pam.c used to do something like this in
the pre-privsep days.

This does not leak information to unauthenticated users since a user must
successfully authenticate via some method before that can occur.

(The diff is smaller than it looks, most of the bulk is the relocation of
sshpam_store_conv so that it can be used earlier, it was not changed.)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.