I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different
version that just calls getpassphrase(). It appears to solve the echo
problem when the user tries to login in interactive mode and needs to
change their password.
Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add:
#define HAVE_GETPASSPHRASE
... to config.h when compiling (since it's not a configurable option yet).
Thanks,
Ed
Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key
*** openbsd-compat/readpassphrase.c_orig Fri Oct 26 14:50:44 2001
--- openbsd-compat/readpassphrase.c Fri Oct 26 15:28:34 2001
***************
*** 33,38 ****
--- 33,40 ----
#ifndef HAVE_READPASSPHRASE
+ #ifndef HAVE_GETPASSPHRASE
+
#include <termios.h>
#include <readpassphrase.h>
***************
*** 148,153 ****
--- 150,176 ----
(void)close(input);
return(buf);
}
+ #else
+
+ #include <unistd.h>
+
+ char *
+ readpassphrase(prompt, buf, bufsiz, flags)
+ const char *prompt;
+ char *buf;
+ size_t bufsiz;
+ int flags;
+ {
+ char *phrase;
+
+ phrase = getpassphrase(prompt);
+ strncpy(buf, phrase, bufsiz - 1);
+ buf[bufsiz - 1] = '\0';
+ return buf;
+ }
+
+ #endif /* HAVE_GETPASSPHRASE */
+
#endif /* HAVE_READPASSPHRASE */
#if 0
On Fri, Oct 26, 2001 at 04:12:35PM -0400, Ed Phillips wrote:> I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different > version that just calls getpassphrase(). It appears to solve the echo > problem when the user tries to login in interactive mode and needs to > change their password.sorry, perhaps i'm missing something, but how is openssh's readpassphrase() related to password changeing?
No. I'd rather find out WHY readpassphrase() fails. This could be an issue on another platform, and I'd rather see it fixed right. - Ben On Fri, 26 Oct 2001, Ed Phillips wrote:> I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different > version that just calls getpassphrase(). It appears to solve the echo > problem when the user tries to login in interactive mode and needs to > change their password. > > Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: > > #define HAVE_GETPASSPHRASE > > ... to config.h when compiling (since it's not a configurable option yet). > > Thanks, > > Ed > > Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 > Systems Programmer III, Network and Systems Services > finger -l ed at polycut.nss.udel.edu for PGP public key > > *** openbsd-compat/readpassphrase.c_orig Fri Oct 26 14:50:44 2001 > --- openbsd-compat/readpassphrase.c Fri Oct 26 15:28:34 2001 > *************** > *** 33,38 **** > --- 33,40 ---- > > #ifndef HAVE_READPASSPHRASE > > + #ifndef HAVE_GETPASSPHRASE > + > #include <termios.h> > #include <readpassphrase.h> > > *************** > *** 148,153 **** > --- 150,176 ---- > (void)close(input); > return(buf); > } > + #else > + > + #include <unistd.h> > + > + char * > + readpassphrase(prompt, buf, bufsiz, flags) > + const char *prompt; > + char *buf; > + size_t bufsiz; > + int flags; > + { > + char *phrase; > + > + phrase = getpassphrase(prompt); > + strncpy(buf, phrase, bufsiz - 1); > + buf[bufsiz - 1] = '\0'; > + return buf; > + } > + > + #endif /* HAVE_GETPASSPHRASE */ > + > #endif /* HAVE_READPASSPHRASE */ > > #if 0 > > >
On Fri, 26 Oct 2001, Ed Phillips wrote: :I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different :version that just calls getpassphrase(). It appears to solve the echo :problem when the user tries to login in interactive mode and needs to :change their password. : :Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: no! try this: Index: auth-pam.c ==================================================================RCS file: /var/cvs/openssh/auth-pam.c,v retrieving revision 1.37 diff -u -r1.37 auth-pam.c --- auth-pam.c 2001/04/23 18:38:37 1.37 +++ auth-pam.c 2001/10/26 20:30:42 @@ -87,7 +87,7 @@ * messages with into __pam_msg. This is used during initial * authentication to bypass the normal PAM password prompt. * - * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1) + * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase() * and outputs messages to stderr. This mode is used if pam_chauthtok() * is called to update expired passwords. */ @@ -148,7 +148,7 @@ case PAM_PROMPT_ECHO_OFF: reply[count].resp = xstrdup( read_passphrase(PAM_MSG_MEMBER(msg, count, - msg), 1)); + msg), RP_ALLOW_STDIN)); reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG:
On Sat, 27 Oct 2001, Markus Friedl wrote: :the call is wrong: : 1) read_passphrase() does already call xstrdup : 2) 1 is passed as a flag to read_passphrase(), and : 1 means: RP_ECHO so echo is not turned off. thanks for strdup() not needed. can PAM users test this? i think RP_ALLOW_STDIN is what we want vs. 0. Index: auth-pam.c ==================================================================RCS file: /var/cvs/openssh/auth-pam.c,v retrieving revision 1.37 diff -u -r1.37 auth-pam.c --- auth-pam.c 2001/04/23 18:38:37 1.37 +++ auth-pam.c 2001/10/27 02:17:57 @@ -87,7 +87,7 @@ * messages with into __pam_msg. This is used during initial * authentication to bypass the normal PAM password prompt. * - * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1) + * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase() * and outputs messages to stderr. This mode is used if pam_chauthtok() * is called to update expired passwords. */ @@ -146,9 +146,9 @@ reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_OFF: - reply[count].resp = xstrdup( - read_passphrase(PAM_MSG_MEMBER(msg, count, - msg), 1)); + reply[count].resp + read_passphrase(PAM_MSG_MEMBER(msg, + count, msg), RP_ALLOW_STDIN); reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG:
On Fri, Oct 26, 2001 at 04:12:35PM -0400, Ed Phillips wrote:> I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different > version that just calls getpassphrase(). It appears to solve the echo > problem when the user tries to login in interactive mode and needs to > change their password. > > Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: > > #define HAVE_GETPASSPHRASEno. the bug should be fixed instead. we already have enough waste in openssh.