Merge pull request #6 from norrs/pam_server_password_fix
Validate server password when PAM is disabled.
This commit is contained in:
commit
af9161a9bc
|
@ -370,9 +370,8 @@ Conf_Test( void )
|
||||||
? (const char*) array_start(&Conf_Motd) : "");
|
? (const char*) array_start(&Conf_Motd) : "");
|
||||||
}
|
}
|
||||||
printf(" Network = %s\n", Conf_Network);
|
printf(" Network = %s\n", Conf_Network);
|
||||||
#ifndef PAM
|
if (!Conf_PAM)
|
||||||
printf(" Password = %s\n", Conf_ServerPwd);
|
printf(" Password = %s\n", Conf_ServerPwd);
|
||||||
#endif
|
|
||||||
printf(" PidFile = %s\n", Conf_PidFile);
|
printf(" PidFile = %s\n", Conf_PidFile);
|
||||||
printf(" Ports = ");
|
printf(" Ports = ");
|
||||||
ports_puts(&Conf_ListenPorts);
|
ports_puts(&Conf_ListenPorts);
|
||||||
|
@ -2259,7 +2258,7 @@ Validate_Config(bool Configtest, bool Rehash)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef PAM
|
#ifdef PAM
|
||||||
if (Conf_ServerPwd[0])
|
if (Conf_PAM && Conf_ServerPwd[0])
|
||||||
Config_Error(LOG_ERR,
|
Config_Error(LOG_ERR,
|
||||||
"This server uses PAM, \"Password\" in [Global] section will be ignored!");
|
"This server uses PAM, \"Password\" in [Global] section will be ignored!");
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -91,13 +91,12 @@ Login_User(CLIENT * Client)
|
||||||
|
|
||||||
#ifdef PAM
|
#ifdef PAM
|
||||||
if (!Conf_PAM) {
|
if (!Conf_PAM) {
|
||||||
/* Don't do any PAM authentication at all, instead emulate
|
/* Don't do any PAM authentication at all if PAM is not
|
||||||
* the behavior of the daemon compiled without PAM support:
|
* enabled, instead emulate the behavior of the daemon
|
||||||
* because there can't be any "server password", all
|
* compiled without PAM support. */
|
||||||
* passwords supplied are classified as "wrong". */
|
if (strcmp(Conn_Password(conn), Conf_ServerPwd) == 0)
|
||||||
if(Conn_Password(conn)[0] == '\0')
|
|
||||||
return Login_User_PostAuth(Client);
|
return Login_User_PostAuth(Client);
|
||||||
Client_Reject(Client, "Non-empty password", false);
|
Client_Reject(Client, "Bad server password", false);
|
||||||
return DISCONNECTED;
|
return DISCONNECTED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -111,25 +110,27 @@ Login_User(CLIENT * Client)
|
||||||
return Login_User_PostAuth(Client);
|
return Login_User_PostAuth(Client);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Fork child process for PAM authentication; and make sure that the
|
if (Conf_PAM) {
|
||||||
* process timeout is set higher than the login timeout! */
|
/* Fork child process for PAM authentication; and make sure that the
|
||||||
pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
|
* process timeout is set higher than the login timeout! */
|
||||||
cb_Read_Auth_Result, Conf_PongTimeout + 1);
|
pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,
|
||||||
if (pid > 0) {
|
cb_Read_Auth_Result, Conf_PongTimeout + 1);
|
||||||
LogDebug("Authenticator for connection %d created (PID %d).",
|
if (pid > 0) {
|
||||||
conn, pid);
|
LogDebug("Authenticator for connection %d created (PID %d).",
|
||||||
return CONNECTED;
|
conn, pid);
|
||||||
} else {
|
return CONNECTED;
|
||||||
/* Sub process */
|
} else {
|
||||||
Log_Init_Subprocess("Auth");
|
/* Sub process */
|
||||||
Conn_CloseAllSockets(NONE);
|
Log_Init_Subprocess("Auth");
|
||||||
result = PAM_Authenticate(Client);
|
Conn_CloseAllSockets(NONE);
|
||||||
if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
|
result = PAM_Authenticate(Client);
|
||||||
Log_Subprocess(LOG_ERR,
|
if (write(pipefd[1], &result, sizeof(result)) != sizeof(result))
|
||||||
"Failed to pipe result to parent!");
|
Log_Subprocess(LOG_ERR,
|
||||||
Log_Exit_Subprocess("Auth");
|
"Failed to pipe result to parent!");
|
||||||
exit(0);
|
Log_Exit_Subprocess("Auth");
|
||||||
}
|
exit(0);
|
||||||
|
}
|
||||||
|
} else return CONNECTED;
|
||||||
#else
|
#else
|
||||||
/* Check global server password ... */
|
/* Check global server password ... */
|
||||||
if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
|
if (strcmp(Conn_Password(conn), Conf_ServerPwd) != 0) {
|
||||||
|
|
Loading…
Reference in New Issue