openssh bugs - Aug 2006 - [Bug 1215] sshd requires entry from getpwnam for PAM accounts

http://bugzilla.mindrot.org/show_bug.cgi?id=1215

           Summary: sshd requires entry from getpwnam for PAM accounts
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: PAM support
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dtucker at zip.com.au


sshd requires that a user exists in /etc/passwd or similar (eg nss).

With some changes, it should be possible to track PAM_USER as it
changes and adjust the authctxt accordingly.

I'm not sure that this is a good idea, but I wanted to investigate
what's involved.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1215





------- Comment #1 from dtucker at zip.com.au  2006-08-10 00:38 -------
Created an attachment (id=1170)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1170&action=view)
attempt to make sshd handle when getpwnam doesn't know about the user
but PAM does

Warning: this is not production-quality code.  I wrote it based on
hacking one of my test modules to behave as I think the RADIUS/TACACS
PAM modules would.  It leaks like a sieve and is barely tested.

It would be interesting to know if it works, though.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1215


t8m at centrum.cz changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |t8m at centrum.cz






------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1215


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
Attachment #1170 is|0                           |1
           obsolete|                            |




------- Comment #2 from dtucker at zip.com.au  2006-08-10 08:01 -------
Created an attachment (id=1171)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1171&action=view)
make sshd handle when getpwnam doesn't know about the user but PAM does

Updated patch (against 4.3p2).  Leaks less (but still leaks) and copies
passwd struct when PAM changes the username (the old one should have,
but didn't).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.