Mailing List Archive

[Bug 3154] New: Issue with showing info and error messages from a blocking PAM module
https://bugzilla.mindrot.org/show_bug.cgi?id=3154

Bug ID: 3154
Summary: Issue with showing info and error messages from a
blocking PAM module
Product: Portable OpenSSH
Version: 8.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: PAM support
Assignee: unassigned-bugs@mindrot.org
Reporter: pejovic@gmail.com

Created attachment 3388
--> https://bugzilla.mindrot.org/attachment.cgi?id=3388&action=edit
PAM module that demonstrates the problem

I've stumbled across an apparent issue with showing messages using
PAM_TEXT_INFO style from a PAM module that blocks for (non-keyboard)
user input. The same thing happens when using PAM_ERROR_MSG, but
PAM_PROMPT_ECHO_OFF/ON work correctly.

Attached is an example module that works properly with sudo, but shows
both messages at the same time, at the end of the PAM stack execution,
when trying to log into a server running sshd.

Note that nothing is displayed from previous PAM modules either, i.e.
if I put pam_echo module in the stack before the blocking one, its
output is also displayed at the very end of the stack execution.

This was tested on Arch Linux with openssh 8.2p1-3, and Ubuntu 18.04
with openssh-server 7.6p1-4ubuntu0.3. The
"ChallengeResponseAuthentication" option was enabled in
/etc/ssh/sshd_config.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs