The unified diff between revisions [87286233..] and [6962b52a..] is displayed below. It can also be downloaded as a raw diff.
#
#
# patch "channel.h"
# from [2616df4031a05a3fea394b765fd1004944677ef5]
# to [f0285633bae6fc082951524deaa3ada0061ebff4]
#
# patch "svr-authpam.c"
# from [48afbf9c99df79c7ba65ddbed8180fc4e2036386]
# to [d2e49b9902777338e827e1935b24457b86fce347]
#
============================================================
--- channel.h 2616df4031a05a3fea394b765fd1004944677ef5
+++ channel.h f0285633bae6fc082951524deaa3ada0061ebff4
@@ -119,7 +119,7 @@ void common_recv_msg_channel_data(struct
circbuffer * buf);
#ifdef DROPBEAR_CLIENT
-const struct ChanType clichansess;
+extern const struct ChanType clichansess;
#endif
#if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
============================================================
--- svr-authpam.c 48afbf9c99df79c7ba65ddbed8180fc4e2036386
+++ svr-authpam.c d2e49b9902777338e827e1935b24457b86fce347
@@ -54,34 +54,58 @@ pamConvFunc(int num_msg,
int rc = PAM_SUCCESS;
struct pam_response* resp = NULL;
struct UserDataS* userDatap = (struct UserDataS*) appdata_ptr;
+ unsigned int msg_len = 0;
+ unsigned int i = 0;
const char* message = (*msg)->msg;
+ // make a copy we can strip
+ char * compare_message = m_strdup(message);
+
TRACE(("enter pamConvFunc"))
if (num_msg != 1) {
/* If you're getting here - Dropbear probably can't support your pam
* modules. This whole file is a bit of a hack around lack of
- * asynchronocity in PAM anyway */
+ * asynchronocity in PAM anyway. */
dropbear_log(LOG_INFO, "pamConvFunc() called with >1 messages: not supported.");
return PAM_CONV_ERR;
}
TRACE(("msg_style is %d", (*msg)->msg_style))
- if (message) {
- TRACE(("message is '%s'", message))
+ if (compare_message) {
+ TRACE(("message is '%s'", compare_message))
} else {
TRACE(("null message"))
}
+
+ // Make the string lowercase.
+ msg_len = strlen(compare_message);
+ for (i = 0; i < msg_len; i++) {
+ compare_message[i] = tolower(compare_message[i]);
+ }
+
+ // If the string ends with ": ", remove the space.
+ // ie "login: " vs "login:"
+ if (msg_len > 2
+ && compare_message[msg_len-2] == ':'
+ && compare_message[msg_len-1] == ' ') {
+ compare_message[msg_len-1] = '\0';
+ }
+
switch((*msg)->msg_style) {
case PAM_PROMPT_ECHO_OFF:
- if (strcmp(message, "Password:") != 0) {
- TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt"))
- rc = PAM_CONV_ERR;
- break;
+ if (!(strcmp(compare_message, "password:") == 0)) {
+ // We don't recognise the prompt as asking for a password,
+ // so can't handle it. Add more above as required for
+ // different pam modules/implementations
+ dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (no echo)",
+ compare_message);
+ rc = PAM_CONV_ERR;
+ break;
}
/* You have to read the PAM module-writers' docs (do we look like
@@ -99,10 +123,13 @@ pamConvFunc(int num_msg,
case PAM_PROMPT_ECHO_ON:
- if ((strcmp(message, "login: " ) != 0)
- && (strcmp(message, "login:" ) != 0)
- && (strcmp(message, "Please enter username: " ) != 0)) {
- TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt"))
+ if (!((strcmp(compare_message, "login:" ) == 0)
+ || (strcmp(compare_message, "please enter username:") == 0))) {
+ // We don't recognise the prompt as asking for a username,
+ // so can't handle it. Add more above as required for
+ // different pam modules/implementations
+ dropbear_log(LOG_NOTICE, "PAM unknown prompt %s (with echo)",
+ compare_message);
rc = PAM_CONV_ERR;
break;
}
@@ -125,6 +152,7 @@ pamConvFunc(int num_msg,
break;
}
+ m_free(compare_message);
TRACE(("leave pamConvFunc, rc %d", rc))
return rc;