diff options
author | Damien Miller <djm@mindrot.org> | 2000-10-14 11:16:12 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-10-14 11:16:12 +1100 |
commit | 60819b44bdd81b08844a29c9c70c32b19594b40b (patch) | |
tree | 46297972ebec241cdcbbc8013e1ca08a69ee467a /auth-pam.c | |
parent | 48b7cc0dd7d166ea0ea76c6c2a1da26923e7ac32 (diff) |
- (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth
Diffstat (limited to 'auth-pam.c')
-rw-r--r-- | auth-pam.c | 23 |
1 files changed, 15 insertions, 8 deletions
@@ -29,7 +29,7 @@ #include "xmalloc.h" #include "servconf.h" -RCSID("$Id: auth-pam.c,v 1.14 2000/10/07 11:16:55 stevesk Exp $"); +RCSID("$Id: auth-pam.c,v 1.15 2000/10/14 00:16:12 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -83,11 +83,16 @@ static int pamconv(int num_msg, const struct pam_message **msg, for (count = 0; count < num_msg; count++) { switch ((*msg)[count].msg_style) { case PAM_PROMPT_ECHO_ON: - fputs((*msg)[count].msg, stderr); - fgets(buf, sizeof(buf), stdin); - reply[count].resp = xstrdup(buf); - reply[count].resp_retcode = PAM_SUCCESS; - break; + if (pamstate == INITIAL_LOGIN) { + free(reply); + return PAM_CONV_ERR; + } else { + fputs((*msg)[count].msg, stderr); + fgets(buf, sizeof(buf), stdin); + reply[count].resp = xstrdup(buf); + reply[count].resp_retcode = PAM_SUCCESS; + break; + } case PAM_PROMPT_ECHO_OFF: if (pamstate == INITIAL_LOGIN) { if (pampasswd == NULL) { @@ -95,8 +100,10 @@ static int pamconv(int num_msg, const struct pam_message **msg, return PAM_CONV_ERR; } reply[count].resp = xstrdup(pampasswd); - } else - reply[count].resp = xstrdup(read_passphrase((*msg)[count].msg, 1)); + } else { + reply[count].resp = + xstrdup(read_passphrase((*msg)[count].msg, 1)); + } reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: |