diff options
author | Darren Tucker <dtucker@dtucker.net> | 2020-08-07 09:12:16 +0200 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2020-08-07 09:14:56 +0200 |
commit | ed6bef77f5bb5b8f9ca2914478949e29f2f0a780 (patch) | |
tree | 045eaa656999dd458d14a88965b295766c3ea634 /auth2.c | |
parent | Output test debug logs on failure. (diff) | |
download | openssh-ed6bef77f5bb5b8f9ca2914478949e29f2f0a780.tar.xz openssh-ed6bef77f5bb5b8f9ca2914478949e29f2f0a780.zip |
Always send any PAM account messages.
If the PAM account stack reaturns any messages, send them to the user
not just if the check succeeds. bz#2049, ok djm@
Diffstat (limited to 'auth2.c')
-rw-r--r-- | auth2.c | 26 |
1 files changed, 13 insertions, 13 deletions
@@ -390,20 +390,20 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, #ifdef USE_PAM if (options.use_pam && authenticated) { - int r; - - if (!PRIVSEP(do_pam_account())) { - /* if PAM returned a message, send it to the user */ - if (sshbuf_len(loginmsg) > 0) { - if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); - if ((r = ssh_packet_write_wait(ssh)) != 0) { - sshpkt_fatal(ssh, r, - "%s: send PAM banner", __func__); - } + int r, success = PRIVSEP(do_pam_account()); + + /* If PAM returned a message, send it to the user. */ + if (sshbuf_len(loginmsg) > 0) { + if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0) + fatal("%s: buffer error: %s", + __func__, ssh_err(r)); + userauth_send_banner(ssh, sshbuf_ptr(loginmsg)); + if ((r = ssh_packet_write_wait(ssh)) != 0) { + sshpkt_fatal(ssh, r, + "%s: send PAM banner", __func__); } + } + if (!success) { fatal("Access denied for user %s by PAM account " "configuration", authctxt->user); } |