- (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from

the list of available kbdint devices if UsePAM=no. ok djm@
2024-12-22 01:50:16 +00:00 · 2005-01-20 22:20:50 +11:00 · 2005-01-20 22:20:50 +11:00 · 3c66080aa2
commit 3c66080aa2
parent 33bc334a8b
4 changed files with 36 additions and 1 deletions
--- a/4
+++ b/4
@ -41,6 +41,8 @@
 - (dtucker) [loginrec.h] Bug #952: Increase size of username field to 128
   bytes to prevent errors from login_init_entry() when the username is
   exactly 64 bytes(!) long.  From brhamon at cisco.com, ok djm@
+ - (dtucker) [auth-chall.c auth.h auth2-chall.c] Bug #936: Remove pam from
+   the list of available kbdint devices if UsePAM=no.  ok djm@

 20050118
 - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement
@ -2013,4 +2015,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu

-$Id: ChangeLog,v 1.3619 2005/01/20 11:07:29 dtucker Exp $
+$Id: ChangeLog,v 1.3620 2005/01/20 11:20:50 dtucker Exp $
--- a/auth-chall.c
+++ b/auth-chall.c
@ -28,11 +28,13 @@ RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $");
 #include "auth.h"
 #include "log.h"
 #include "xmalloc.h"
+#include "servconf.h"

 /* limited protocol v1 interface to kbd-interactive authentication */

 extern KbdintDevice *devices[];
 static KbdintDevice *device;
+extern ServerOptions options;

 char *
 get_challenge(Authctxt *authctxt)
@ -41,6 +43,11 @@ get_challenge(Authctxt *authctxt)
 	u_int i, numprompts;
 	u_int *echo_on;

+#ifdef USE_PAM
+	if (!options.use_pam)
+		remove_kbdint_device("pam");
+#endif
+
 	device = devices[0]; /* we always use the 1st device for protocol 1 */
 	if (device == NULL)
 		return NULL;
--- a/auth.h
+++ b/auth.h
@ -130,6 +130,8 @@ int auth_shadow_pwexpired(Authctxt *);
 #endif

 #include "auth-pam.h"
+void remove_kbdint_device(const char *);
+
 void disable_forwarding(void);

 void	do_authentication(Authctxt *);
--- a/auth2-chall.c
+++ b/auth2-chall.c
@ -32,6 +32,10 @@ RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $");
 #include "xmalloc.h"
 #include "dispatch.h"
 #include "log.h"
+#include "servconf.h"
+
+/* import */
+extern ServerOptions options;

 static int auth2_challenge_start(Authctxt *);
 static int send_userauth_info_request(Authctxt *);
@ -71,6 +75,21 @@ struct KbdintAuthctxt
 	u_int nreq;
 };

+#ifdef USE_PAM
+void
+remove_kbdint_device(const char *devname)
+{
+	int i, j;
+
+	for (i = 0; devices[i] != NULL; i++)
+		if (strcmp(devices[i]->name, devname) == 0) {
+			for (j = i; devices[j] != NULL; j++)
+				devices[j] = devices[j+1];
+			i--;
+		}
+}
+#endif
+
 static KbdintAuthctxt *
 kbdint_alloc(const char *devs)
 {
@ -78,6 +97,11 @@ kbdint_alloc(const char *devs)
 	Buffer b;
 	int i;

+#ifdef USE_PAM
+	if (!options.use_pam)
+		remove_kbdint_device("pam");
+#endif
+
 	kbdintctxt = xmalloc(sizeof(KbdintAuthctxt));
 	if (strcmp(devs, "") == 0) {
 		buffer_init(&b);