Displaying 11 results from an estimated 11 matches for "do_pam_set_conv".
2001 Oct 29
2
pam_open_session w/o tty on Solaris
...orked for me as
well.
In any case, the following change appears to address the problem:
diff -ru openssh-2.9.9p2_orig/auth-pam.c openssh-2.9.9p2/auth-pam.c
--- openssh-2.9.9p2_orig/auth-pam.c Mon Apr 23 14:38:37 2001
+++ openssh-2.9.9p2/auth-pam.c Mon Oct 29 15:32:08 2001
@@ -272,6 +272,12 @@
do_pam_set_conv(&conv);
+#ifdef PAM_SUN_CODEBASE
+ if (ttyname == NULL) {
+ ttyname = "";
+ }
+#endif /* PAM_SUN_CODEBASE */
+
if (ttyname != NULL) {
debug("PAM setting tty to \"%.200s\"", ttyname);
pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
Obviously that ex...
2002 Feb 27
0
openssh & solaris
...pired
passwd can login and is not prompted to change their password.
NOTE: "pam_setcred: error Permission denied" errors are still issued when
exiting a session.
*** auth-pam.c- Mon Feb 25 18:36:04 2002
--- auth-pam.c Tue Feb 26 10:05:31 2002
***************
*** 297,304 ****
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh,
! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred fa...
2002 Feb 27
0
[Bug 127] New: PAM with ssh authentication and pam_krb5 doesn't work properly
...with solaris 8) with the pam.conf entry:
sshd auth sufficient /usr/lib/security/$ISA/pam_unix.so.1
sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
*** auth-pam.c- Mon Feb 25 18:36:04 2002
--- auth-pam.c Tue Feb 26 10:05:31 2002
***************
*** 297,304 ****
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh,
! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred failed...
2002 Jun 26
3
pam session as root
...tval, PAM_STRERROR(__pamh,
pam_retval));
}
+ if (session_opened)
+ return; /*Be idempotent so we can be called in monitor and
child*/
pam_retval = pam_open_session(__pamh, 0);
if (pam_retval != PAM_SUCCESS)
fatal("PAM session setup failed[%d]: %.200s",
@@ -304,6 +306,8 @@
do_pam_set_conv(&conv);
+ if (init&&creds_set)
+ return; /*be idempotent so we can be called in monitor and
child*/
debug("PAM establishing creds");
pam_retval = pam_setcred(__pamh,
init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
diff -u -r1.1.1.1 monitor.c
--- monitor.c 24...
2001 Nov 07
2
Flaw in empty password authentication in sshd
...ible patch for the problem is given below:
*** auth-pam.c Tue Apr 24 00:08:37 2001
--- auth-amrita.c Tue Nov 6 22:58:46 2001
***************
*** 203,208 ****
--- 203,209 ----
{
extern ServerOptions options;
int pam_retval;
+ int flags=0;
do_pam_set_conv(&conv);
***************
*** 217,223 ****
__pampasswd = password;
pamstate = INITIAL_LOGIN;
! pam_retval = do_pam_authenticate(0);
if (pam_retval == PAM_SUCCESS) {
debug("PAM Password authentication accepted for "
"user \"%...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...name);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));
+ }
+}
+
/* Set PAM credentials */
void do_pam_setcred(int init)
{
@@ -344,17 +354,15 @@
do_pam_set_conv(&conv);
if (password_change_required) {
- if (use_privsep)
- fatal("Password changing is currently unsupported"
- " with privilege separation");
pamstate = OTHER;
pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_retval != PAM_SUCC...
2003 May 02
6
openssh 3.6.1_p2 problem with pam (fwd)
----- Forwarded message from Andrea Barisani <lcars at infis.univ.trieste.it> -----
Date: Fri, 2 May 2003 14:01:33 +0200
From: Andrea Barisani <lcars at infis.univ.trieste.it>
To: openssh at openssh.com
Subject: openssh 3.6.1_p2 problem with pam
Hi, I've just updated to openssh 3.6.1_p2 and I notice this behaviour:
# ssh -l lcars mybox
[2 seconds delay]
lcars at mybox's
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...name);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));
+ }
+}
+
/* Set PAM credentials */
void do_pam_setcred(int init)
{
@@ -344,17 +354,15 @@
do_pam_set_conv(&conv);
if (password_change_required) {
- if (use_privsep)
- fatal("Password changing is currently unsupported"
- " with privilege separation");
pamstate = OTHER;
pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_retval != PAM_SUCC...
2002 Apr 26
0
PAM keyboard-interactive
...-1 || len > sizeof(buf))
+ fatal("pam_send: message too long");
+ mstr = xstrdup(buf);
+ if (ctxt->pam_pid != 0)
+ debug2("to child: %d bytes", len);
+ r = send(ctxt->pam_sock, mstr, len + 1, MSG_EOR);
+ free(mstr);
+ return (r);
+}
- conv2.appdata_ptr = authctxt;
- do_pam_set_conv(&conv2);
+/*
+ * Peek at first byte of next message.
+ */
+static int
+pam_peek(struct pam_ctxt *ctxt)
+{
+ char ch;
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
- &input_userauth_info_response_pam);
- retval = (do_pam_authenticate(0) == PAM_SUCCESS);
- dispatch_set(SSH2_MSG_USERAUT...
2002 Jul 02
3
New PAM kbd-int diff
...== -1 || len >= sizeof(buf))
+ fatal("sshpam_send: message too long");
+ mstr = xstrdup(buf);
+ if (ctxt->pid != 0)
+ debug2("to child: %d bytes", len);
+ r = send(ctxt->sock, mstr, len + 1, MSG_EOR);
+ free(mstr);
+ return (r);
+}
- conv2.appdata_ptr = authctxt;
- do_pam_set_conv(&conv2);
+/*
+ * Peek at first byte of next message.
+ */
+static int
+sshpam_peek(struct sshpam_ctxt *ctxt)
+{
+ char ch;
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
- &input_userauth_info_response_pam);
- retval = (do_pam_authenticate(0) == PAM_SUCCESS);
- dispatch_set(SSH2_MSG_...
2002 Jun 25
4
PAM kbd-int with privsep
...n == -1 || len > sizeof(buf))
+ fatal("sshpam_send: message too long");
+ mstr = xstrdup(buf);
+ if (ctxt->pid != 0)
+ debug2("to child: %d bytes", len);
+ r = send(ctxt->sock, mstr, len + 1, MSG_EOR);
+ free(mstr);
+ return (r);
+}
- conv2.appdata_ptr = authctxt;
- do_pam_set_conv(&conv2);
+/*
+ * Peek at first byte of next message.
+ */
+static int
+sshpam_peek(struct sshpam_ctxt *ctxt)
+{
+ char ch;
- dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE,
- &input_userauth_info_response_pam);
- retval = (do_pam_authenticate(0) == PAM_SUCCESS);
- dispatch_set(SSH2_MSG_...