bugzilla-daemon at mindrot.org
2022-Oct-10 13:44 UTC
[Bug 3481] New: PAM_TEXT_INFO messages are shown twice if they are the last conversation
https://bugzilla.mindrot.org/show_bug.cgi?id=3481
Bug ID: 3481
Summary: PAM_TEXT_INFO messages are shown twice if they are the
last conversation
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: PAM support
Assignee: unassigned-bugs at mindrot.org
Reporter: bugs at mrvanes.com
When the last conversation from PAM module is of type PAM_TEXT_INFO,
the last message "User admin has authenticated successfully" is
displayed twice as can be seen in the output from our module:
$ ssh ascz at client.vm.scz-vm.net
(ascz at client.vm.scz-vm.net) Please sign in to:
https://sbs.scz-vm.net/weblogin/weblogin/d8b054d3-8082-4278-8947-82973ffffb77
Verification code:
User admin has authenticated successfully
User admin has authenticated successfully
Last login: Mon Oct 10 13:27:31 2022 from 172.20.1.1
The programs included with the Debian GNU/Linux system are free
software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
However, when I add a conversation "Press Enter to continue" of type
PAM_PROMPT_ECHO_OFF just before the PAM module returns, I get this:
$ ssh ascz at client.vm.scz-vm.net
(ascz at client.vm.scz-vm.net) Please sign in to:
https://sbs.scz-vm.net/weblogin/weblogin/fd0cc5e5-a0f4-4eb6-a14b-68196ed7110f
Verification code:
(ascz at client.vm.scz-vm.net) User admin has authenticated successfully
Press Enter to continue
Last login: Mon Oct 10 13:33:12 2022 from 172.20.1.1
The programs included with the Debian GNU/Linux system are free
software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Pamtester does not exhibit this behaviour.
The PAM module code, for reference:
https://github.com/SURFscz/pam-weblogin
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Feb-15 16:30 UTC
[Bug 3481] PAM_TEXT_INFO messages are shown twice if they are the last conversation
https://bugzilla.mindrot.org/show_bug.cgi?id=3481 --- Comment #1 from Martin <bugs at mrvanes.com> --- Created attachment 3677 --> https://bugzilla.mindrot.org/attachment.cgi?id=3677&action=edit Minimal test case Attached is a minimal test case that shows the observed behaviour in all it's glory. It includes the tty_output() in the same we include it in our module. It was compiled on ubuntu 22.10 using: $ gcc pam_test.c -shared -o pam_test.so -lpam copied to /usr/local/lib/security $ sudo cp pam_test.so /usr/local/lib/security/pam_test.so activated as a pam module in /etc/pam.d/sshd just above common-account ... auth required /usr/local/lib/security/pam_test.so # Standard Un*x authorization. @include common-account tested using pamtester: $ pamtester sshd martin authenticate Password: Info pamtester: successfully authenticated tested using sshd: $ ssh localhost (martin at localhost) Password: Info Info Welcome to Ubuntu 22.10 (GNU/Linux 6.1.11 x86_64) Which clearly shows the double output of the last (and only) PAM_TEXT_INFO message. -- You are receiving this mail because: You are watching the assignee of the bug.