[Bug 524] Keyboard-interactive PAM back end hides information

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Mar 27 22:05:53 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=524

           Summary: Keyboard-interactive PAM back end hides information
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: pont_bug_mindrot at soua.net


The mapping from pam_message to SSH_MSG_USERAUTH_INFO_REQUEST currently puts
anything that isn't a prompt (information request) into the first prompt. As
prompts may be truncated that isn't really the right thing to do, this patch
puts those in the instruction field instead.

(Lost information is normally not a problem, but with a PAM module that puts the
challenge in one of those message it may be, and I can't think of any reason
it's better to have the text in the first prompt).

I did the patch for someone else and now there seems to be some other problem
with using PAM from sshd on my system, so consider it untested.

--CUT--
--- auth2-pam.c.old     Fri Mar 21 11:10:57 2003
+++ auth2-pam.c Thu Mar 27 10:52:08 2003
@@ -84,7 +84,14 @@
 
   packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
   packet_put_cstring("");      /* Name */
-  packet_put_cstring("");      /* Instructions */
+
+  if (text) {
+    packet_put_cstring(text);
+    xfree(text);         
+    text = NULL;
+  } else
+    packet_put_cstring("");    /* Instructions */
+
   packet_put_cstring("");      /* Language */
   packet_put_int(context_pam2.num_expected);
   
@@ -96,12 +103,7 @@
                continue;
        
        context_pam2.prompts[j++] = i;
-       if (text) {
-               message_cat(&text, PAM_MSG_MEMBER(msg, i, msg));
-               packet_put_cstring(text);
-               text = NULL;
-       } else
-               packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg));
+       packet_put_cstring(PAM_MSG_MEMBER(msg, i, msg));
        packet_put_char(style == PAM_PROMPT_ECHO_ON);
   }
   packet_send();
--CUT--



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-unix-dev mailing list