Buffer flush when using pam_info

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hi all,
I had posted a related question to pam developers list, but I have continued investigating and seems to be a question for this mailing list. I have a script to be used by pam_exec when logging into a system through openssh client. This script writes a message in its stdout, that is passed to ssh_thread_conv(auth-pam.c) by a call to pam_info, in pam_exec.so. The message is passed to ssh_msg_send, which issues a write into the corresponent file descriptor.
The problem is: I never get to see that message in the ssh client. OTOH, if I modify pam_exec module to issue a pam_prompt instead of a pam_info, the message appears on the ssh client. The relevant code for both functionalities in auth-pam.c is: 

static int
sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
    struct pam_response **resp, void *data)
{
 .....
                case PAM_PROMPT_ECHO_OFF:
                case PAM_PROMPT_ECHO_ON:
                        buffer_put_cstring(&buffer,
                            PAM_MSG_MEMBER(msg, i, msg));
                        if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) 
                                goto fail;
if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) 
                                goto fail;
                        if (buffer_get_char(&buffer) != PAM_AUTHTOK)
                                goto fail;
reply[i].resp = buffer_get_string(&buffer, NULL); 
                        break;
                case PAM_ERROR_MSG:
                case PAM_TEXT_INFO:
                        buffer_put_cstring(&buffer,
                            PAM_MSG_MEMBER(msg, i, msg));
                        if (ssh_msg_send(ctxt->pam_csock,
PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) 
                                goto fail;
                        break;
.....
}
As can be seen, the only difference (I have also checked the contents of ssh_msg_send) is in the fact that, when pam_prompt is used, a ssh_msg_send is followed by a ssh_msg_recv, whereas for a pam_info, only the ssh_msg_send is performed. 

The OpenSSH version is 7.5p1, and the operating system is CentOS7.3.
Can somebody advice on whether this is a client or a server issue, and... yeah.. what can I do? 

Thank you!
Felix

--
Felix Rubio
"Don't believe what you're told. Double check."
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux