Hi,
We've encountered a bug with OpenSSH 3.8.1p1 on Linux. With an account
that has an empty password and with PAM and Privilege Separation turned
on through the SSH1 protocol, the login fails with:
fatal: mm_request_receive_expect: read: rtype 24 != type 46
I believe the problem is a missing do_pam_account() call. The patch below
to auth1.c fixes the problem. If this is correct, can someone please
commit this?
Thanks,
Dave.
--- auth1.c 19 Jun 2004 00:51:06 -0000 1.1
+++ auth1.c 22 Jun 2004 04:07:38 -0000 1.5
@@ -81,8 +81,13 @@
(!options.kerberos_authentication || options.kerberos_or_local_passwd)
&&
#endif
PRIVSEP(auth_password(authctxt, ""))) {
- auth_log(authctxt, 1, "without authentication", "");
- return;
+#ifdef USE_PAM
+ if (options.use_pam && (PRIVSEP(do_pam_account())))
+#endif
+ {
+ auth_log(authctxt, 1, "without authentication", "");
+ return;
+ }
}
/* Indicate that authentication is needed. */
David Wu wrote:> We've encountered a bug with OpenSSH 3.8.1p1 on Linux. With an account > that has an empty password and with PAM and Privilege Separation turned > on through the SSH1 protocol, the login fails with: > > fatal: mm_request_receive_expect: read: rtype 24 != type 46 > > I believe the problem is a missing do_pam_account() call. The patch below > to auth1.c fixes the problem. If this is correct, can someone please > commit this?Thanks, I can reproduce the problem and confirm that the patch fixes it. The patch looks OK too. For those playing along at home, if it's not obvious why this is needed (it wasn't to me :-) it's because when PAM is enabled, the monitor (in monitor_child_preauth) expects a monitor call for do_pam_account immediately after the authentication succeeds, and will blow up as described above if it doesn't get it. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
David Wu wrote:> We've encountered a bug with OpenSSH 3.8.1p1 on Linux. With an account > that has an empty password and with PAM and Privilege Separation turned > on through the SSH1 protocol, the login fails with: > > fatal: mm_request_receive_expect: read: rtype 24 != type 46 > > I believe the problem is a missing do_pam_account() call. The patch below > to auth1.c fixes the problem. If this is correct, can someone please > commit this?Applied to both 3.8.1 branch and HEAD. Thanks. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.