[Bug 3154] New: Issue with showing info and error messages from a blocking PAM module

Sat Apr 25 20:55:34 AEST 2020

https://bugzilla.mindrot.org/show_bug.cgi?id=3154

            Bug ID: 3154
           Summary: Issue with showing info and error messages from a
                    blocking PAM module
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: pejovic at gmail.com

Created attachment 3388
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3388&action=edit
PAM module that demonstrates the problem

I've stumbled across an apparent issue with showing messages using
PAM_TEXT_INFO style from a PAM module that blocks for (non-keyboard)
user input. The same thing happens when using PAM_ERROR_MSG, but
PAM_PROMPT_ECHO_OFF/ON work correctly.

Attached is an example module that works properly with sudo, but shows
both messages at the same time, at the end of the PAM stack execution,
when trying to log into a server running sshd.

Note that nothing is displayed from previous PAM modules either, i.e.
if I put pam_echo module in the stack before the blocking one, its
output is also displayed at the very end of the stack execution.

This was tested on Arch Linux with openssh 8.2p1-3, and Ubuntu 18.04
with openssh-server 7.6p1-4ubuntu0.3. The
"ChallengeResponseAuthentication" option was enabled in
/etc/ssh/sshd_config.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.