From 60819b44bdd81b08844a29c9c70c32b19594b40b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Oct 2000 11:16:12 +1100 Subject: - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth --- auth-pam.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) (limited to 'auth-pam.c') diff --git a/auth-pam.c b/auth-pam.c index 57a558d8..f4cbd46e 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -29,7 +29,7 @@ #include "xmalloc.h" #include "servconf.h" -RCSID("$Id: auth-pam.c,v 1.14 2000/10/07 11:16:55 stevesk Exp $"); +RCSID("$Id: auth-pam.c,v 1.15 2000/10/14 00:16:12 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" @@ -83,11 +83,16 @@ static int pamconv(int num_msg, const struct pam_message **msg, for (count = 0; count < num_msg; count++) { switch ((*msg)[count].msg_style) { case PAM_PROMPT_ECHO_ON: - fputs((*msg)[count].msg, stderr); - fgets(buf, sizeof(buf), stdin); - reply[count].resp = xstrdup(buf); - reply[count].resp_retcode = PAM_SUCCESS; - break; + if (pamstate == INITIAL_LOGIN) { + free(reply); + return PAM_CONV_ERR; + } else { + fputs((*msg)[count].msg, stderr); + fgets(buf, sizeof(buf), stdin); + reply[count].resp = xstrdup(buf); + reply[count].resp_retcode = PAM_SUCCESS; + break; + } case PAM_PROMPT_ECHO_OFF: if (pamstate == INITIAL_LOGIN) { if (pampasswd == NULL) { @@ -95,8 +100,10 @@ static int pamconv(int num_msg, const struct pam_message **msg, return PAM_CONV_ERR; } reply[count].resp = xstrdup(pampasswd); - } else - reply[count].resp = xstrdup(read_passphrase((*msg)[count].msg, 1)); + } else { + reply[count].resp = + xstrdup(read_passphrase((*msg)[count].msg, 1)); + } reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: -- cgit v1.2.3