-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
auth-pam: Immediately report instructions to clients and fix handling in ssh client #452
base: master
Are you sure you want to change the base?
Commits on Dec 6, 2023
-
auth: Add KbdintResult definition to define result values explicitly
kbdint result vfunc may return various values, so use an enum to make it clearer what each result means without having to dig into the struct documentation.
Configuration menu - View commit details
-
Copy full SHA for 7c116ef - Browse repository at this point
Copy the full SHA 7c116efView commit details -
auth-pam: Add an enum to define the PAM done status
Makes things more readable and easier to extend
Configuration menu - View commit details
-
Copy full SHA for 91ef15e - Browse repository at this point
Copy the full SHA 91ef15eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6fa8934 - Browse repository at this point
Copy the full SHA 6fa8934View commit details -
auth-pam: Immediately report interactive instructions to clients
SSH keyboard-interactive authentication method supports instructions but sshd didn't show them until an user prompt was requested. This is quite inconvenient for various PAM modules that need to notify an user without requiring for their explicit input. So, properly implement RFC4256 making instructions to be shown to users when they are requested from PAM. Closes: https://bugzilla.mindrot.org/show_bug.cgi?id=2876
Configuration menu - View commit details
-
Copy full SHA for 598ee34 - Browse repository at this point
Copy the full SHA 598ee34View commit details
Commits on Jan 11, 2024
-
sshconnect2: Write kbd-interactive service, info and instructions as …
…utf-8 As per the previous server change now the keyboard-interactive service and instruction values could be reported as soon as they are available and so they're not prompts anymore and not parsed like them. While this was already supported by the SSH client, these messages were not properly written as the escaped sequences they contained were not correctly reported. So for example a message containing "\" was represented as "\\" and similarly for all the other C escape sequences. This was leading to more problems when it come to utf-8 chars, as they were only represented by their octal representation. This was easily testable by adding a line like the one below to the sshd PAM service: auth requisite pam_echo.so Hello SSHD! Want some 🍕? Which was causing this to be written instead: Hello SSHD! Want some \360\237\215\225? To handle this, instead of simply using fmprintf, we're using the notifier in a way can be exposed to users in the proper format and UI.
Configuration menu - View commit details
-
Copy full SHA for cc14301 - Browse repository at this point
Copy the full SHA cc14301View commit details -
auth2-chall: Fix selection of the keyboard-interactive device
We were only checking if the prefix of a device name was matching what we had in the devices list, so if the device list contained "pam", then also the device "pam-foo" was matching.
Configuration menu - View commit details
-
Copy full SHA for 99656ca - Browse repository at this point
Copy the full SHA 99656caView commit details