bugzilla-daemon at mindrot.org
2003-Mar-27 11:05 UTC
[Bug 524] Keyboard-interactive PAM back end hides information
http://bugzilla.mindrot.org/show_bug.cgi?id=524
Summary: Keyboard-interactive PAM back end hides information
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: pont_bug_mindrot at soua.net
The mapping from pam_message to SSH_MSG_USERAUTH_INFO_REQUEST currently puts
anything that isn't a prompt (information request) into the first prompt. As
prompts may be truncated that isn't really the right thing to do, this patch
puts those in the instruction field instead.
(Lost information is normally not a problem, but with a PAM module that puts the
challenge in one of those message it may be, and I can't think of any reason
it's better to have the text in the first prompt).
I did the patch for someone else and now there seems to be some other problem
with using PAM from sshd on my system, so consider it untested.
--CUT--
--- auth2-pam.c.old Fri Mar 21 11:10:57 2003
+++ auth2-pam.c Thu Mar 27 10:52:08 2003
@@ -84,7 +84,14 @@
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
packet_put_cstring(""); /* Name */
- packet_put_cstring(""); /* Instructions */
+
+ if (text) {
+ packet_put_cstring(text);
+ xfree(text);
+ text = NULL;
+ } else
+ packet_put_cstring(""); /* Instructions */
+
packet_put_cstring(""); /* Language */
packet_put_int(context_pam2.num_expected);
@@ -96,12 +103,7 @@
continue;
context_pam2.prompts[j++] = i;
- if (text) {
- message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
- packet_put_cstring(text);
- text = NULL;
- } else
- packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg));
+ packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg));
packet_put_char(style == PAM_PROMPT_ECHO_ON);
}
packet_send();
--CUT--
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
Wisdom of the Ancients
