search for: auth_fail

...rd_change_required(1); + /* Import environment from subprocess */ num_env = buffer_get_int(b); sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); @@ -290,9 +314,28 @@ sshpam_thread(void *ctxtp) sshpam_err = pam_authenticate(sshpam_handle, 0); if (sshpam_err != PAM_SUCCESS) goto auth_fail; + + if (compat20) { + if (do_pam_account()) { + if (sshpam_new_authtok_reqd) { + sshpam_err = pam_chauthtok(sshpam_handle, + PAM_CHANGE_EXPIRED_AUTHTOK); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; + pam_password_change_required(0); + } + } else { + goto au...

...int sshpam_session_open = 0; static int sshpam_cred_established = 0; +static int sshpam_account_status = -1; struct pam_ctxt { sp_pthread_t pam_thread; @@ -231,6 +234,15 @@ sshpam_thread(void *ctxtp) sshpam_err = pam_authenticate(sshpam_handle, 0); if (sshpam_err != PAM_SUCCESS) goto auth_fail; + if (compat20) { + if (do_pam_account() && sshpam_new_authtok_reqd) { + sshpam_err = pam_chauthtok(sshpam_handle, + PAM_CHANGE_EXPIRED_AUTHTOK); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; + sshpam_new_authtok_reqd = 0; /* XXX: reset fwd flags */ + } + } buffer_p...

...en(state->filename, "rb"); + FILE *passwdfile = NULL; char line[MAX_LINE_LEN]; char *sep; thread_rwlock_rlock(&state->file_rwlock); + if (!state->allow_duplicate_users) { + if (auth_is_listener_connected(source, username)) { + return AUTH_FAILED; + } + } + passwdfile = fopen(state->filename, "rb"); if(passwdfile == NULL) { WARN2("Failed to open authentication database \"%s\": %s", state->filename, strerror(errno)); @@ -208,9 +239,12 @@ state = callo...

...es of > icecast. > > thoughts ? comments ? This is good, but I have one comment... > > thread_rwlock_rlock(&state->file_rwlock); > + if (!state->allow_duplicate_users) { > + if (auth_is_listener_connected(source, username)) { > + return AUTH_FAILED; Currently, we only have a generic 'AUTH_FAILED' here. I'd like to see an AUTH_FORBIDDEN (or some other name) added, which would be handled in the connection logic by returning a 403 (not a 401). What do you think of that? Mike --- >8 ---- List archives: http://www.xiph.org/...

...int sshpam_session_open = 0; static int sshpam_cred_established = 0; +static int sshpam_account_status = -1; struct pam_ctxt { sp_pthread_t pam_thread; @@ -231,6 +234,17 @@ sshpam_thread(void *ctxtp) sshpam_err = pam_authenticate(sshpam_handle, 0); if (sshpam_err != PAM_SUCCESS) goto auth_fail; +#ifndef DISABLE_KBDINT_CHAUTHTOK + if (compat20) { + if (do_pam_account() && sshpam_new_authtok_reqd) { + sshpam_err = pam_chauthtok(sshpam_handle, + PAM_CHANGE_EXPIRED_AUTHTOK); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; + sshpam_new_authtok_reqd = 0; /* XXX: rese...

...s not match expected '%s'", + pam_user, authctxt->user); + return PAM_USER_UNKNOWN; + } + + return PAM_SUCCESS; +} + /* * Authentication thread. */ @@ -521,6 +543,9 @@ sshpam_thread(void *ctxtp) sshpam_set_maxtries_reached(1); if (sshpam_err != PAM_SUCCESS) goto auth_fail; + sshpam_err = check_pam_user(sshpam_authctxt); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; if (!do_pam_account()) { sshpam_err = PAM_ACCT_EXPIRED; @@ -686,8 +711,7 @@ sshpam_cleanup(void) static int sshpam_init(struct ssh *ssh, Authctxt *authctxt) { - const char *pam_user, *user...

...urn PAM_AUTH_ERR; + } + + free(authctxt->pw); + authctxt->pw = pw; + free(authctxt->user); + authctxt->user = user; + } + return PAM_SUCCESS; +} + +/* * Conversation function for authentication thread. */ static int @@ -469,6 +502,10 @@ if (sshpam_err != PAM_SUCCESS) goto auth_fail; + sshpam_err = sshpam_handle_user_change(sshpam_handle, sshpam_authctxt); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; + if (compat20) { if (!do_pam_account()) { sshpam_err = PAM_ACCT_EXPIRED; @@ -1206,7 +1243,8 @@ sshpam_err = pam_authenticate(sshpam_handle, flags); sshpam...

...ERR); +} +/* + * Child process. + */ +static void * +sshpam_child(struct sshpam_ctxt *ctxt) +{ + struct pam_conv conv = { sshpam_child_conv, ctxt }; + pam_handle_t *sshpamh; + int err; + + err = pam_start(SSHD_PAM_SERVICE, ctxt->user, &conv, &sshpamh); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_authenticate(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_acct_mgmt(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; +#if 0 /* - * Grabbing control of execution and spinning until we get what - * we want is probably rude, but it seems to work prope...

...ERR); +} +/* + * Child process. + */ +static void * +sshpam_child(struct sshpam_ctxt *ctxt) +{ + struct pam_conv conv = { sshpam_child_conv, ctxt }; + pam_handle_t *sshpamh; + int err; + + err = pam_start(SSHD_PAM_SERVICE, ctxt->user, &conv, &sshpamh); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_authenticate(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; + err = pam_acct_mgmt(sshpamh, 0); + if (err != PAM_SUCCESS) + goto auth_fail; +#if 0 /* - * Grabbing control of execution and spinning until we get what - * we want is probably rude, but it seems to work prope...

...t;, pam_user); #endif @@ -224,11 +287,11 @@ sshpam_conv.appdata_ptr = ctxt; buffer_init(&buffer); - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, + sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_CONV, (const void *)&sshpam_conv); if (sshpam_err != PAM_SUCCESS) goto auth_fail; - sshpam_err = pam_authenticate(sshpam_handle, 0); + sshpam_err = pam_authenticate(grab_pamh(0, NULL), 0); if (sshpam_err != PAM_SUCCESS) goto auth_fail; buffer_put_cstring(&buffer, "OK"); @@ -238,7 +301,7 @@ auth_fail: buffer_put_cstring(&buffer, - pam_strerror(s...

...; +/* + * Child process. + */ +static void * +pam_child(struct pam_ctxt *ctxt) +{ + struct pam_conv pam_conv = { pam_child_conv, ctxt }; + pam_handle_t *pamh; + int pam_err; + + pam_err = pam_start("sshd", ctxt->pam_user, &pam_conv, &pamh); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_err = pam_authenticate(pamh, 0); + if (pam_err != PAM_SUCCESS) + goto auth_fail; + pam_send(ctxt, "=OK"); + pam_end(pamh, pam_err); + exit(0); + auth_fail: + pam_send(ctxt, "!%s", pam_strerror(pamh, pam_err)); + pam_end(pamh, pam_err); + exit(0); +} - packet_start(SSH2_...

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #619 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-05-31 23:25 -------

...get 'process-uuid' from reply dict [2013-05-11 06:38:59.077571] E [client-handshake.c:1397:client_setvolume_cbk] 0-dpkvol-client-0: SETVOLUME on remote-host failed: Authentication failed [2013-05-11 06:38:59.077606] I [client-handshake.c:1482:client_setvolume_cbk] 0-dpkvol-client-0: sending AUTH_FAILED event [2013-05-11 06:38:59.077647] E [fuse-bridge.c:4788:notify] 0-fuse: Server authenication failed. Shutting down. [2013-05-11 06:38:59.077680] I [fuse-bridge.c:5212:fini] 0-fuse: Unmounting '/mnt'. [2013-05-11 06:38:59.082462] W [glusterfsd.c:970:cleanup_and_exit] (-->/usr/lib64/lib...