← Back to branch summary

~ubuntu-branches/ubuntu/utopic/dropbear/utopic-proposed

« back to all changes in this revision

Viewing changes to svr-authpam.c

  • Committer: Bazaar Package Importer
  • Author(s): Matt Johnston
  • Date: 2005-12-08 19:20:21 UTC
  • mfrom: (1.2.2 upstream)
  • Revision ID: james.westby@ubuntu.com-20051208192021-nyp9rwnt77nsg6ty
Tags: 0.47-1
* New upstream release.
* SECURITY: Fix incorrect buffer sizing.

Show diffs side-by-side

added added

removed removed

Lines of Context:
svr-authpam.c
54
54
        int rc = PAM_SUCCESS;
55
55
        struct pam_response* resp = NULL;
56
56
        struct UserDataS* userDatap = (struct UserDataS*) appdata_ptr;
 
57
        unsigned int msg_len = 0;
 
58
        unsigned int i = 0;
57
59
 
58
60
        const char* message = (*msg)->msg;
59
61
 
 
62
        /* make a copy we can strip */
 
63
        char * compare_message = m_strdup(message);
 
64
 
60
65
        TRACE(("enter pamConvFunc"))
61
66
 
62
67
        if (num_msg != 1) {
63
68
                /* If you're getting here - Dropbear probably can't support your pam
64
69
                 * modules. This whole file is a bit of a hack around lack of
65
 
                 * asynchronocity in PAM anyway */
 
70
                 * asynchronocity in PAM anyway. */
66
71
                dropbear_log(LOG_INFO, "pamConvFunc() called with >1 messages: not supported.");
67
72
                return PAM_CONV_ERR;
68
73
        }
69
74
        
70
75
        TRACE(("msg_style is %d", (*msg)->msg_style))
71
 
        if (message) {
72
 
                TRACE(("message is '%s'", message))
 
76
        if (compare_message) {
 
77
                TRACE(("message is '%s'", compare_message))
73
78
        } else {
74
79
                TRACE(("null message"))
75
80
        }
76
81
 
 
82
 
 
83
        /* Make the string lowercase. */
 
84
        msg_len = strlen(compare_message);
 
85
        for (i = 0; i < msg_len; i++) {
 
86
                compare_message[i] = tolower(compare_message[i]);
 
87
        }
 
88
 
 
89
        /* If the string ends with ": ", remove the space. 
 
90
           ie "login: " vs "login:" */
 
91
        if (msg_len > 2 
 
92
                        && compare_message[msg_len-2] == ':' 
 
93
                        && compare_message[msg_len-1] == ' ') {
 
94
                compare_message[msg_len-1] = '\0';
 
95
        }
 
96
 
77
97
        switch((*msg)->msg_style) {
78
98
 
79
99
                case PAM_PROMPT_ECHO_OFF:
80
100
 
81
 
                        if (strcmp(message, "Password:") != 0) {
82
 
                                        TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt"))
83
 
                                        rc = PAM_CONV_ERR;
84
 
                                        break;
 
101
                        if (!(strcmp(compare_message, "password:") == 0)) {
 
102
                                /* We don't recognise the prompt as asking for a password,
 
103
                                   so can't handle it. Add more above as required for
 
104
                                   different pam modules/implementations */
 
105
                                dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (no echo)",
 
106
                                                compare_message);
 
107
                                rc = PAM_CONV_ERR;
 
108
                                break;
85
109
                        }
86
110
 
87
111
                        /* You have to read the PAM module-writers' docs (do we look like
99
123
 
100
124
                case PAM_PROMPT_ECHO_ON:
101
125
 
102
 
                        if ((strcmp(message, "login: " ) != 0) 
103
 
                                        && (strcmp(message, "login:" ) != 0)
104
 
                                        && (strcmp(message, "Please enter username: " ) != 0)) {
105
 
                                TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt"))
 
126
                        if (!((strcmp(compare_message, "login:" ) == 0) 
 
127
                                || (strcmp(compare_message, "please enter username:") == 0))) {
 
128
                                /* We don't recognise the prompt as asking for a username,
 
129
                                   so can't handle it. Add more above as required for
 
130
                                   different pam modules/implementations */
 
131
                                dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (with echo)",
 
132
                                                compare_message);
106
133
                                rc = PAM_CONV_ERR;
107
134
                                break;
108
135
                        }
125
152
                        break;      
126
153
        }
127
154
 
 
155
        m_free(compare_message);
128
156
        TRACE(("leave pamConvFunc, rc %d", rc))
129
157
 
130
158
        return rc;
155
183
        unsigned char changepw;
156
184
 
157
185
        /* check if client wants to change password */
158
 
        changepw = buf_getbyte(ses.payload);
 
186
        changepw = buf_getbool(ses.payload);
159
187
        if (changepw) {
160
188
                /* not implemented by this server */
161
189
                send_msg_userauth_failure(0, 1);