search for: pam_msg

...void start_pam2(struct passwd *pw, int auth_type); + /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -53,6 +56,7 @@ static struct pam_handle_t *pamh = NULL; static const char *pampasswd = NULL; static char *pam_msg = NULL; +static int current_auth_type=-1; /* PAM conversation function. This is really a kludge to get the password */ /* into PAM and to pick up any messages generated by PAM into pamconv_msg */ @@ -61,6 +65,7 @@ { struct pam_response *reply; int count; + int dlen, plen, type;...

...t string processing isn't needed here, so it should be painless to remove. Here's the patch. -- Aaron - --- auth-pam.c~ Thu Jun 22 04:44:54 2000 +++ auth-pam.c Fri Jul 7 14:57:16 2000 @@ -277,7 +277,7 @@ void print_pam_messages(void) { if (pam_msg != NULL) - - fprintf(stderr, pam_msg); + fputs(pam_msg, stderr); } /* Append a message to the PAM message buffer */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBOWZUP0fJWHAEvsjBAQErLQQAq9VEEOS5sjB...

...nOS wasn't. This provides a generic solution through autoconf. Charles ======================================================================== --- configure.in.orig-2.2.0p1 Wed Aug 30 18:20:05 2000 +++ configure.in Tue Sep 5 10:48:20 2000 @@ -284,6 +284,8 @@ ) fi +AC_FUNC_GETPGRP + PAM_MSG="no" AC_ARG_WITH(pam, [ --without-pam Disable PAM support ], --- config.h.in.orig-2.2.0p1 Fri Sep 1 19:08:44 2000 +++ config.h.in Tue Sep 5 11:01:57 2000 @@ -46,6 +46,9 @@ /* Define if your snprintf is busted */ #undef BROKEN_SNPRINTF +/* Define if getpgrp takes no arg...

...nfig | 1 + ssh_config.5 | 8 ++++++++ sshd_config | 3 +++ sshd_config.5 | 8 ++++++++ 11 files changed, 144 insertions(+), 15 deletions(-) diff --git a/configure.ac b/configure.ac index a350a2a..42438b2 100644 --- a/configure.ac +++ b/configure.ac @@ -2867,6 +2867,33 @@ if test "x$PAM_MSG" = "xyes" ; then ]) fi +# Check for SCTP support +AC_CHECK_DECL([IPPROTO_SCTP], [have_sctp=yes], , [ + #include <netinet/in.h> + #include <netinet/sctp.h> +]) + +SCTP_MSG="$have_sctp" +AC_ARG_WITH([sctp], + [ --with-sctp Enable SCTP support ],...

..., crypt, LIBS="$LIBS -lcrypt") + # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" saved_LDFLAGS="$LDFLAGS" @@ -761,12 +769,6 @@ ] ) -# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the -# version in OpenSSL. Skip this for PAM -if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then - AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") -fi - ### Configure cryptographic random number support

...[ @@ -1126,7 +1125,7 @@ AC_ARG_WITH(tcp-wrappers, AC_DEFINE(LIBWRAP, 1, [Define if you want TCP Wrappers support]) - AC_SUBST(LIBWRAP) + SSHDLIBS="$SSHDLIBS -lwrap" TCPW_MSG="yes" ], [ @@ -2028,7 +2027,7 @@ AC_ARG_WITH(pam, PAM_MSG="yes" - LIBPAM="-lpam" + SSHDLIBS="$SSHDLIBS -lpam" AC_DEFINE(USE_PAM, 1, [Define if you want to enable PAM support]) @@ -2038,11 +2037,10 @@ AC_ARG_WITH(pam, # libdl already in LIBS ;; *) - LIBPAM="$LIBPAM -ldl" + SS...

Sorry if this is stuff that's been talked about before. If it is, just ignore me. I'm curious to know why Portable OpenSSH doesn't include @bindir@ in the _PATH_STDPATH. This would save most installers of portable OpenSSH from having to --with-default-path=$PREFIX/bin in order to ensure that scp will work properly. This would also, I imagine, save quite a lot of hassle for

...word has expired, please change it now" /* Callbacks */ static int pamconv(int num_msg, const struct pam_message **msg, @@ -50,40 +50,72 @@ pamconv, NULL }; -static struct pam_handle_t *pamh = NULL; +static pam_handle_t *pamh = NULL; static const char *pampasswd = NULL; static char *pam_msg = NULL; -/* PAM conversation function. This is really a kludge to get the password */ -/* into PAM and to pick up any messages generated by PAM into pamconv_msg */ +/* states for pamconv() */ +typedef enum { INITIAL_LOGIN, OTHER } pamstates; +static pamstates pamstate = INITIAL_LOGIN; +/* remembe...

...socket activation + saved_LIBS="$LIBS" + AC_CHECK_LIB([systemd], [sd_listen_fds], [ + LIBS="-lsystemd $LIBS" + AGENTLIBS="-lsystemd $AGENTLIBS" + ]) + AC_CHECK_FUNCS([sd_listen_fds]) + LIBS="$saved_LIBS" + AC_SUBST([AGENTLIBS]) +fi + # Check for PAM libs PAM_MSG="no" AC_ARG_WITH([pam], @@ -5632,6 +5654,9 @@ fi if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi +if test ! -z "${AGENTLIBS}"; then +echo " +for ssh-agent: ${AGENTLIBS}" +fi echo "" diff --git a/ssh-a...

what do you think about this patch to add the path to scp to _PATH_STDPATH? is there a better or cleaner way to do this? i'm hoping to ward off 'scp doesn't work' questions for the next release. i did *not* add this to a --with-default-path path, because if a user specifies that, they should control its value completely. Index: Makefile.in

..._MSG="no" AC_ARG_WITH(skey, @@ -2398,6 +2445,7 @@ echo " sshd superuser user PATH: $J" fi echo " Manpage format: $MANTYPE" +echo " readline support: $READLINE" echo " PAM support: ${PAM_MSG}" echo " KerberosIV support: $KRB4_MSG" echo " KerberosV support: $KRB5_MSG" @@ -2423,6 +2471,7 @@ echo "Preprocessor flags: ${CPPFLAGS}" echo " Linker flags: ${LDFLAGS}" echo " Libraries: ${LIBWRAP}...

...;123456789");return(b[4]!='\0');} - ], - [AC_MSG_RESULT(yes)], - [ - AC_MSG_RESULT(no) - AC_DEFINE(BROKEN_SNPRINTF) - AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ] - ) -fi - -AC_FUNC_GETPGRP - -AC_FUNC_STRFTIME - # Check for PAM libs PAM_MSG="no" AC_ARG_WITH(pam, @@ -452,7 +400,7 @@ LDFLAGS="$saved_LDFLAGS" fi - LIBS="$saved_LIBS -lcrypto" + LIBS="-lcrypto $saved_LIBS" # Basic test to check for compatible version and correct linking # *does not* test for RSA - that comes later...

...CK_HEADERS(selinux.h) + LIBS="$LIBS -lselinux" + fi + ]) + # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH(kerberos5, @@ -2973,6 +2985,7 @@ echo " Manpage format: $MANTYPE" echo " PAM support: $PAM_MSG" echo " KerberosV support: $KRB5_MSG" +echo " SELinux support: $SELINUX_MSG" echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wra...

..." @@ -1680,7 +1631,6 @@ echo " Manual pages: $F" echo " PID file: $G" echo " Random number collection: $RAND_MSG" -echo " Manpage format: $MAN_MSG" echo " PAM support: ${PAM_MSG}" echo " KerberosIV support: $KRB4_MSG" echo " AFS support: $AFS_MSG" diff -urN openssh_cvs/mdoc2man.pl openssh_work/mdoc2man.pl --- openssh_cvs/mdoc2man.pl Wed Dec 31 18:00:00 1969 +++ openssh_work/mdoc2man.pl Tue Feb 6 23:17:10 2001 @@ -0,0...

...l which the particular binary was looking for. Doing a 'strings' on the binary didn't help. :) So, I added a message to log this on startup, when compiled with PAM support. - in auth-pam.c:pamconv(), add support for PAM_ERROR_MSG. Also, in addition to appending messages to pam_msg, it sends errors and text_infos to the client as debug messages, and also log()'s error messages. I had a situation where a PAM module was trying to send an error to the user, but it was never being displayed. I also figured it'd be nice to see them _immediately_ (when connect...

...AC_MSG_RESULT([yes]) + ssh_agent_options="$ssh_agent_options nthreads:auto" + ] , [ + AC_MSG_RESULT([no]) + AC_MSG_WARN([ssh-agent: do not use threading by default]) + ssh_agent_options="$ssh_agent_options nthreads:manual,default=0" + ] + ) +fi + # Check for PAM libs PAM_MSG="no" AC_ARG_WITH([pam], @@ -4285,6 +4362,7 @@ echo " BSD Auth support: $BSD_AUTH_MSG" echo " Random number source: $RAND_MSG" echo " Privsep sandbox style: $SANDBOX_STYLE" +echo " ssh-...

..._MSG_ERROR([*** libpam missing])) + AC_CHECK_LIB(dl, dlopen, AUTH_LIBS="-ldl $AUTH_LIBS", ) + AC_CHECK_LIB(pam, pam_set_item, AUTH_LIBS="-lpam $AUTH_LIBS", AC_MSG_ERROR([*** libpam missing]), $AUTH_LIBS) AC_CHECK_FUNCS(pam_getenvlist) @@ -743,3 +747,3 @@ if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then - AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") + AC_CHECK_LIB(crypt, crypt, AUTH_LIBS="$AUTH_LIBS -lcrypt") fi @@ -2047,2 +2051,4 @@ AC_EXEEXT + +AC_SUBST(AUTH_LIBS)

...t_pam2.prompts = xmalloc(sizeof(int) * num_msg); - context_pam2.responses = xmalloc(sizeof(struct pam_response) * num_msg); - memset(context_pam2.responses, 0, sizeof(struct pam_response) * num_msg); - - text = NULL; - for (i = 0, context_pam2.num_expected = 0; i < num_msg; i++) { - int style = PAM_MSG_MEMBER(msg, i, msg_style); - switch (style) { - case PAM_PROMPT_ECHO_ON: + ctxt = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof **resp)) == NULL) + return (PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; +...

Hi, The main (and probably the only) use case of this PAM module is to let sudo authenticate users via their ssh-agent, therefore without having to type any password and without being tempted to use the NOPASSWD sudo option for such convenience. The principle is originally implemented by an existing module [0][1] and many pages that explain how to use it for such purpose can be found online.