Marc G. Fournier
1999-Nov-22 19:13 UTC
[s-x86] OpenSSH 1.2pre14 fails on pam_open_session() ...
On Mon, 22 Nov 1999, Philip Brown wrote:> [ Marc G. Fournier writes ] > > debug("PAM_retval(open_session) about to run"); > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > ==========================================> > > > so, its looking like I'm authenticated properly, but when trying to set up > > the whole environment, its failing...? anyone know how I should go about > > debugging this? > > well its obviously blowing up on pam_open_session, so you need to validate > your "pamh" handle somehow.thank you, and how would one do this? considering that my 'pamh' handle is being used three times prior to that, in: pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host); pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user); pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); all in the same function, I would have thought that this would have been okay...all of the above go through successfully... my only real "reference" for PAM is wu-ftpd, in which the pam authentication stuff all works, but the pam_* functions that wu-ftpd uses doesn't appear to be even close to what is used in sshd.c :( Marc G. Fournier marc.fournier at acadiau.ca Senior Systems Administrator Acadia University "These are my opinions, which are not necessarily shared by my employer"
Ben Taylor
1999-Nov-29 23:12 UTC
[s-x86] Re: OpenSSH 1.2pre14 fails on pam_open_session() ...
On Mon, 29 Nov 1999 patrick.novak at po.state.ct.us wrote:> On Mon, 22 Nov 1999, Philip Brown wrote: > > > [ Marc G. Fournier writes ] > > > debug("PAM_retval(open_session) about to run"); > > > pam_retval = pam_open_session((pam_handle_t *)pamh, 0); > > > > > > > > ==========================================> > > > > > so, its looking like I'm authenticated properly, but when trying to set up > > > the whole environment, its failing...? anyone know how I should go about > > > debugging this? > > > > well its obviously blowing up on pam_open_session, so you need to > validate > > your "pamh" handle somehow. > > thank you, and how would one do this? considering that my 'pamh' handle > is being used three times prior to that, in: > > pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, > remote_host); > pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, > remote_user); > pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); > > all in the same function, I would have thought that this would have been > okay...all of the above go through successfully...I did a whole lot of reading on PAM, on how Sun managed to ignore the DCE standard for PAM (see the error message as an example), the configuration files, the libraries, the works. Got some really funky cores when I handed the config file a line about 10 lines long. I'm pretty comfortable about what the issue is, and it's Sun. I don't think anything is using the session manager, but they are using auth, account and password. The fact that the code is so similar and executed the same way indicates a problem in the library. I tried using some of the other libraries and did not get a seg fault, so it has to be pam_open_session in pam_unix.so.1. I opened a support call with Sun today, and boy wasn't that fun. I finally told the support guy all I wanted was a debug version of pam_unix.so.1. I'll see what they do with that. Anyone know how to get sshd to actually produce a core file? I know it's not supposed to, but it should probably do so during a debug session.> my only real "reference" for PAM is wu-ftpd, in which the pam > authentication stuff all works, but the pam_* functions that wu-ftpd uses > doesn't appear to be even close to what is used in sshd.c :(The difference is the session management. It's not properly being handled. Did anyone notice that pam_close_session is a null function, at least according to Sun's documentation. Ben