diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2004-12-03 04:33:47 +0100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2004-12-03 04:33:47 +0100 |
| commit | c13866719fc39d5feebfb80ca251a7b31583d803 (patch) | |
| tree | 4c74232e227c89bf87b83eafcf2165a9aeaf7374 /auth1.c | |
| parent | - jmc@cvs.openbsd.org 2004/11/07 17:57:30 (diff) | |
| download | openssh-c13866719fc39d5feebfb80ca251a7b31583d803.tar.xz openssh-c13866719fc39d5feebfb80ca251a7b31583d803.zip | |
- (dtucker) [auth1.c auth2.c] If the user successfully authenticates but is
subsequently denied by the PAM auth stack, send the PAM message to the
user via packet_disconnect (Protocol 1) or userauth_banner (Protocol 2).
ok djm@
Diffstat (limited to 'auth1.c')
| -rw-r--r-- | auth1.c | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -25,9 +25,11 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); #include "session.h" #include "uidswap.h" #include "monitor_wrap.h" +#include "buffer.h" /* import */ extern ServerOptions options; +extern Buffer loginmsg; /* * convert ssh auth msg type into description @@ -251,8 +253,23 @@ do_authloop(Authctxt *authctxt) #ifdef USE_PAM if (options.use_pam && authenticated && - !PRIVSEP(do_pam_account())) - authenticated = 0; + !PRIVSEP(do_pam_account())) { + char *msg; + size_t len; + + error("Access denied for user %s by PAM account " + "configuration", authctxt->user); + len = buffer_len(&loginmsg); + buffer_append(&loginmsg, "\0", 1); + msg = buffer_ptr(&loginmsg); + /* strip trailing newlines */ + if (len > 0) + while (len > 0 && msg[--len] == '\n') + msg[len] = '\0'; + else + msg = "Access denied."; + packet_disconnect(msg); + } #endif /* Log before sending the reply */ |