- (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from

   PAM via keyboard-interactive.  Patch tested by the folks at Vintela.

2 files changed, 15 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 2b8bf8f2..554f17e2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@
    child during PAM account check without clearing it.  This restores the
    post-login warnings such as LDAP password expiry.  Patch from Tomas Mraz
    with help from several others.
+ - (dtucker) [auth-pam.c] Bug #1028: send final non-query messages from
+   PAM via keyboard-interactive.  Patch tested by the folks at Vintela.
 
 20050922
  - (dtucker) [configure.ac] Use -R linker flag for libedit too; patch from
@@ -3001,4 +3003,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.3887.2.3 2005/09/30 00:22:45 dtucker Exp $
+$Id: ChangeLog,v 1.3887.2.4 2005/09/30 00:55:17 dtucker Exp $
diff --git a/auth-pam.c b/auth-pam.c
index 0446cd55..e3156470 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -47,7 +47,7 @@
 
 /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
 #include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.126 2005/07/17 07:18:50 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.126.2.1 2005/09/30 00:55:17 dtucker Exp $");
 
 #ifdef USE_PAM
 #if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -716,8 +716,18 @@ sshpam_query(void *ctx, char **name, char **info,
 			plen++;
 			xfree(msg);
 			break;
-		case PAM_SUCCESS:
 		case PAM_AUTH_ERR:
+			debug3("PAM: PAM_AUTH_ERR");
+			if (**prompts != NULL && strlen(**prompts) != 0) {
+				*info = **prompts;
+				**prompts = NULL;
+				*num = 0;
+				**echo_on = 0;
+				ctxt->pam_done = -1;
+				return 0;
+			}
+			/* FALLTHROUGH */
+		case PAM_SUCCESS:
 			if (**prompts != NULL) {
 				/* drain any accumulated messages */
 				debug("PAM: %s", **prompts);