Date: Fri, 04 Jul 2014 11:04:59 +0200 From: perox@freenet.de To: freebsd-stable@freebsd.org Subject: ANSI Escape sequences in PAM message Message-ID: <3fd9d591070e4e0a7afa86ff85a84922@email.freenet.de>
index | next in thread | raw e-mail
Hi,
I recently played around with a custom PAM module for user authentication via
ssh. During the authentication process I want to display various messages which I
am able to do using a conv() call passing my messages. If the message is simple
everything works as expected.
When I use terminal/ANSI escape codes (e.g. something like �33[40;37;1m to
provide colors) however, the output is only correct when I set the pam message type
PAM_PROMPT_ECHO_ON. If I choose PAM_TEXT_INFO or PAM_ERROR_MSG
the escape sequences have no effect and are printed literally. Using
PAM_PROMPT_ECHO_ON as message type is no solution as it requires the
user to press a key after each message. Is this a bug or a feature? I could imagine
this being a security feature, but then, why would one message type allow it?
Skimming through the code of libpam and openssh didn't help. Is there perhaps
a flag or an option to ssh which forbids some things I try to use?
Under Ubuntu and RedHat (which don't use openpam but an own PAM
implementation) everything works as expected. I am using 10-STABLE
but 9.2 shows the same behavior.
Thanks!
--
My code looks similar to this:
int style = PAM_PROMPT_ECHO_ON;
// don't work
//int style = PAM_TEXT_INFO;
//int style = PAM_ERROR_MSG;
r = pam_get_item(pamhg, PAM_CONV, &convp);
conv = (const struct pam_conv *)convp;
vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap);
msg.msg_style = style;
msg.msg = msgbuf;
msgp = &msg;
r = (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr);
---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3fd9d591070e4e0a7afa86ff85a84922>