From owner-freebsd-stable@FreeBSD.ORG  Fri Jul  4 09:08:29 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C8FF91E0
 for <freebsd-stable@freebsd.org>; Fri,  4 Jul 2014 09:08:29 +0000 (UTC)
Received: from mout0.freenet.de (mout0.freenet.de [IPv6:2001:748:100:40::2:2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits))
 (Client CN "*.freenet.de", Issuer "TeleSec ServerPass DE-2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 867C521C6
 for <freebsd-stable@freebsd.org>; Fri,  4 Jul 2014 09:08:29 +0000 (UTC)
Received: from [195.4.92.141] (helo=mjail1.freenet.de)
 by mout0.freenet.de with esmtpa (ID perox@freenet.de) (port 25) (Exim 4.82 #1)
 id 1X2zTm-0000ed-Jm
 for freebsd-stable@freebsd.org; Fri, 04 Jul 2014 11:08:26 +0200
Received: from localhost ([::1]:54786 helo=mjail1.freenet.de)
 by mjail1.freenet.de with esmtpa (ID perox@freenet.de) (Exim 4.82 #1)
 id 1X2zTm-0002Eq-Ca
 for freebsd-stable@freebsd.org; Fri, 04 Jul 2014 11:08:26 +0200
Received: from mx5.freenet.de ([195.4.92.15]:33380)
 by mjail1.freenet.de with esmtpa (ID perox@freenet.de) (Exim 4.82 #1)
 id 1X2zQR-0000ZS-DW
 for freebsd-stable@freebsd.org; Fri, 04 Jul 2014 11:04:59 +0200
Received: from web3.emo.freenet-rz.de ([194.97.107.236]:24113
 helo=web9.emo.freenet-rz.de)
 by mx5.freenet.de with esmtpa (ID perox@freenet.de) (port 587) (Exim 4.82 #1)
 id 1X2zQR-0003l2-C3
 for freebsd-stable@freebsd.org; Fri, 04 Jul 2014 11:04:59 +0200
Received: from localhost ([127.0.0.1] helo=emo.freenet.de)
 by web9.emo.freenet-rz.de with esmtpa (Exim 4.72 1 (Panther_1))
 id 1X2zQR-0007dP-6m
 for <freebsd-stable@freebsd.org>; Fri, 04 Jul 2014 11:04:59 +0200
Date: Fri, 04 Jul 2014 11:04:59 +0200
From: perox@freenet.de
Subject: ANSI Escape sequences in PAM message
To: freebsd-stable@freebsd.org
X-Priority: 3
MIME-Version: 1.0
X-Abuse: 500871696 / 91.19.5.24
Message-Id: <3fd9d591070e4e0a7afa86ff85a84922@email.freenet.de>
User-Agent: freenetMail
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Originated-At: 91.19.5.24!15412
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jul 2014 09:08:29 -0000

Hi,

I recently played around with a custom PAM module for user authentication v=
ia
ssh. During the authentication process I want to display various messages w=
hich I
am able to do using a conv() call passing my messages. If the message is si=
mple
everything works as expected.

When I use terminal/ANSI escape codes (e.g. something like =0033[40;37;1m t=
o=20
provide colors) however, the output is only correct when I set the pam mess=
age type
PAM_PROMPT_ECHO_ON. If I choose PAM_TEXT_INFO or PAM_ERROR_MSG=20
the escape sequences have no effect and are printed literally. Using=20
PAM_PROMPT_ECHO_ON as message type is no solution as it requires the=20
user to press a key after each message. Is this a bug or a feature? I could=
 imagine=20
this being a security feature, but then, why would one message type allow i=
t?=20
Skimming through the code of libpam and openssh didn't help. Is there perha=
ps=20
a flag or an option to ssh which forbids some things I try to use?

Under Ubuntu and RedHat (which don't use openpam but an own PAM
implementation) everything works as expected. I am using 10-STABLE=20
but 9.2 shows the same behavior.

Thanks!

--

My code looks similar to this:

int style =3D PAM_PROMPT_ECHO_ON;
// don't work
//int style =3D PAM_TEXT_INFO;                                            =
=20
//int style =3D PAM_ERROR_MSG;                          =20

r =3D pam_get_item(pamhg, PAM_CONV, &convp);
                                                                          =
=20
conv =3D (const struct pam_conv *)convp;

vsnprintf(msgbuf, PAM_MAX_MSG_SIZE, fmt, ap);
msg.msg_style =3D style;
msg.msg =3D msgbuf;
msgp =3D &msg;        =20
r =3D (conv->conv)(1, &msgp, &rsp, conv->appdata_ptr);

=0A=0A---=0AAlle Postf=C3=A4cher an einem Ort. Jetzt wechseln und E-Mail-Ad=
resse mitnehmen! http://email.freenet.de/basic/Informationen=0A=0A