commit 41a11e413cc5b7cd95ab66b40e2d25ae8c614b3b
author roman <roman@localhost.localdomain> Wed Jun 22 09:27:08 2022 +0200
committer Michal Vasko <mvasko@cesnet.cz> Fri Jul 15 13:06:01 2022 +0200
tree e28d37921f2c328655011781ece5e0ad6c509d12
parent 6ece9c5a1b455e9d6d41cc9a919ab5933822e1ac

pam UPDATE auth using Linux PAM

Added the ability to authenticate via Linux PAM when using keyboard-interactive SSH authentication method. One new API call was added.

src/session_server.c

diff --git a/src/session_server.c b/src/session_server.c
index 546050c..5ce9fa3 100644
--- a/src/session_server.c
+++ b/src/session_server.c
@@ -776,6 +776,12 @@
     }
     server_opts.hostkey_data = NULL;
     server_opts.hostkey_data_free = NULL;
+
+    /* PAM */
+    free(server_opts.conf_name);
+    free(server_opts.conf_dir);
+    server_opts.conf_name = NULL;
+    server_opts.conf_dir = NULL;
 #endif
 #ifdef NC_ENABLED_TLS
     if (server_opts.server_cert_data && server_opts.server_cert_data_free) {
@@ -1995,7 +2001,7 @@
             goto cleanup;
         }
         server_opts.endpts[server_opts.endpt_count - 1].opts.ssh->auth_methods =
-                NC_SSH_AUTH_PUBLICKEY | NC_SSH_AUTH_PASSWORD | NC_SSH_AUTH_INTERACTIVE;
+                NC_SSH_AUTH_PUBLICKEY | NC_SSH_AUTH_PASSWORD;
         server_opts.endpts[server_opts.endpt_count - 1].opts.ssh->auth_attempts = 3;
         server_opts.endpts[server_opts.endpt_count - 1].opts.ssh->auth_timeout = 30;
         break;
@@ -2817,7 +2823,7 @@
             ERRMEM;
             goto cleanup;
         }
-        endpt->opts.ssh->auth_methods = NC_SSH_AUTH_PUBLICKEY | NC_SSH_AUTH_PASSWORD | NC_SSH_AUTH_INTERACTIVE;
+        endpt->opts.ssh->auth_methods = NC_SSH_AUTH_PUBLICKEY | NC_SSH_AUTH_PASSWORD;
         endpt->opts.ssh->auth_attempts = 3;
         endpt->opts.ssh->auth_timeout = 30;
         break;