diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2005-01-20 22:20:50 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2005-01-20 22:20:50 +1100 |
| commit | 3c66080aa26e5121805c80728a9c801b08a7870e (patch) | |
| tree | 350a6cd92438b1ad876622b92557be577e8457b7 | |
| parent | 33bc334a8bb6f20ca659f7d4f4669a04d54bd2e8 (diff) | |
- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
the list of available kbdint devices if UsePAM=no. ok djm@
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | auth-chall.c | 7 | ||||
| -rw-r--r-- | auth.h | 2 | ||||
| -rw-r--r-- | auth2-chall.c | 24 |
4 files changed, 36 insertions, 1 deletions
@@ -41,6 +41,8 @@ - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128 bytes to prevent errors from login_init_entry() when the username is exactly 64 bytes(!) long. From brhamon at cisco.com, ok djm@ + - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from + the list of available kbdint devices if UsePAM=no. ok djm@ 20050118 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement @@ -2013,4 +2015,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3619 2005/01/20 11:07:29 dtucker Exp $ +$Id: ChangeLog,v 1.3620 2005/01/20 11:20:50 dtucker Exp $ diff --git a/auth-chall.c b/auth-chall.c index a9d314dd..e4f78309 100644 --- a/auth-chall.c +++ b/auth-chall.c @@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); #include "auth.h" #include "log.h" #include "xmalloc.h" +#include "servconf.h" /* limited protocol v1 interface to kbd-interactive authentication */ extern KbdintDevice *devices[]; static KbdintDevice *device; +extern ServerOptions options; char * get_challenge(Authctxt *authctxt) @@ -41,6 +43,11 @@ get_challenge(Authctxt *authctxt) u_int i, numprompts; u_int *echo_on; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + device = devices[0]; /* we always use the 1st device for protocol 1 */ if (device == NULL) return NULL; @@ -130,6 +130,8 @@ int auth_shadow_pwexpired(Authctxt *); #endif #include "auth-pam.h" +void remove_kbdint_device(const char *); + void disable_forwarding(void); void do_authentication(Authctxt *); diff --git a/auth2-chall.c b/auth2-chall.c index 29234439..384a543e 100644 --- a/auth2-chall.c +++ b/auth2-chall.c @@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); #include "xmalloc.h" #include "dispatch.h" #include "log.h" +#include "servconf.h" + +/* import */ +extern ServerOptions options; static int auth2_challenge_start(Authctxt *); static int send_userauth_info_request(Authctxt *); @@ -71,6 +75,21 @@ struct KbdintAuthctxt u_int nreq; }; +#ifdef USE_PAM +void +remove_kbdint_device(const char *devname) +{ + int i, j; + + for (i = 0; devices[i] != NULL; i++) + if (strcmp(devices[i]->name, devname) == 0) { + for (j = i; devices[j] != NULL; j++) + devices[j] = devices[j+1]; + i--; + } +} +#endif + static KbdintAuthctxt * kbdint_alloc(const char *devs) { @@ -78,6 +97,11 @@ kbdint_alloc(const char *devs) Buffer b; int i; +#ifdef USE_PAM + if (!options.use_pam) + remove_kbdint_device("pam"); +#endif + kbdintctxt = xmalloc(sizeof(KbdintAuthctxt)); if (strcmp(devs, "") == 0) { buffer_init(&b); |