Send PAM error messages as a banner messages

Patch from Martin Donnelly, modified.
2025-02-12 07:25:30 +00:00 · 2013-10-03 23:04:11 +08:00 · 2013-10-03 23:04:11 +08:00 · 142a0f8a83
commit 142a0f8a83
parent d1dec41f76
3 changed files with 23 additions and 11 deletions
--- a/auth.h
+++ b/auth.h
@ -36,6 +36,7 @@ void cli_authinitialise();
 void recv_msg_userauth_request();
 void send_msg_userauth_failure(int partial, int incrfail);
 void send_msg_userauth_success();
 void send_msg_userauth_banner(buffer *msg);
 void svr_auth_password();
 void svr_auth_pubkey();
 void svr_auth_pam();
--- a/svr-auth.c
+++ b/svr-auth.c
@ -37,7 +37,6 @@
 static void authclear();
 static int checkusername(unsigned char *username, unsigned int userlen);
 static void send_msg_userauth_banner();
 /* initialise the first time for a session, resetting all parameters */
 void svr_authinitialise() {
@ -82,24 +81,18 @@ static void authclear() {
 /* Send a banner message if specified to the client. The client might
 * ignore this, but possibly serves as a legal "no trespassing" sign */
-static void send_msg_userauth_banner() {
+void send_msg_userauth_banner(buffer *banner) {
 	TRACE(("enter send_msg_userauth_banner"))
 	if (svr_opts.banner == NULL) {
 		TRACE(("leave send_msg_userauth_banner: banner is NULL"))
 		return;
 	}
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
-	buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
+	buf_putstring(ses.writepayload, buf_getptr(banner, banner->len),
-				svr_opts.banner->len), svr_opts.banner->len);
+			banner->len);
 	buf_putstring(ses.writepayload, "en", 2);
 	encrypt_packet();
 	buf_free(svr_opts.banner);
 	svr_opts.banner = NULL;
 	TRACE(("leave send_msg_userauth_banner"))
 }
@ -122,7 +115,9 @@ void recv_msg_userauth_request() {
 	/* send the banner if it exists, it will only exist once */
 	if (svr_opts.banner) {
-		send_msg_userauth_banner();
+		send_msg_userauth_banner(svr_opts.banner);
 		buf_free(svr_opts.banner);
 		svr_opts.banner = NULL;
 	}
 	username = buf_getstring(ses.payload, &userlen);
--- a/svr-authpam.c
+++ b/svr-authpam.c
@ -142,6 +142,22 @@ pamConvFunc(int num_msg,
 			(*respp) = resp;
 			break;
 		case PAM_ERROR_MSG:
 		case PAM_TEXT_INFO:
 			if (msg_len > 0) {
 				buffer * pam_err = buf_new(msg_len + 4);
 				buf_setpos(pam_err, 0);
 				buf_putbytes(pam_err, "\r\n", 2);
 				buf_putbytes(pam_err, (*msg)->msg, msg_len);
 				buf_putbytes(pam_err, "\r\n", 2);
 				buf_setpos(pam_err, 0);
 				send_msg_userauth_banner(pam_err);
 				buf_free(pam_err);
 			}
 			break;
 		default:
 			TRACE(("Unknown message type"))
 			rc = PAM_CONV_ERR;