Displaying 20 results from an estimated 34 matches for "pam_retv".
Did you mean:
pam_env
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...", stderr);
+ }
+ }
reply[count].resp = xstrdup("");
-
- if (msg[count]->msg != NULL)
- pam_msg_cat(msg[count]->msg);
-
+ reply[count].resp_retcode = PAM_SUCCESS;
break;
default:
free(reply);
@@ -103,22 +135,22 @@
if (pamh != NULL)
{
- pam_retval = pam_close_session((pam_handle_t *)pamh, 0);
+ pam_retval = pam_close_session(pamh, 0);
if (pam_retval != PAM_SUCCESS) {
log("Cannot close PAM session: %.200s",
- PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+ PAM_STRERROR(pamh, pam_retval));
}
- pam_retval = p...
2000 Jul 03
2
2.1.1p2 HP-UX 11 PAM General Commerical Security error
Trying 2.1.1p2 on HP-UX 11 (trusted system) I get:
Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des
Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on.
Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector.
Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk"
Jul 3
2001 Feb 10
1
[PATCH] Tell PAM about remote host earlier
...ery slightly
odd because the last 2 lines it adds are the the same as the 2 lines
before the patch.)
--
Andrew Bartlett
abartlet at pcug.org.au
-------------- next part --------------
--- auth-pam.c.orig Sat Feb 10 13:01:35 2001
+++ auth-pam.c Sat Feb 10 14:14:53 2001
@@ -191,14 +191,6 @@
{
int pam_retval;
- debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname());
- pam_retval = pam_set_item(pamh, PAM_RHOST,
- get_canonical_hostname());
- if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set rhost failed[%d]: %.200s",
- pam_retval, PAM_STRERROR(pamh, p...
1999 Dec 28
0
Patches to report rsaref build and to call pam_setcred
...r *user, const char *password);
void do_pam_account(char *username, char *remote_user);
void do_pam_session(char *username, char *ttyname);
+void do_pam_setcred();
void pam_cleanup_proc(void *context);
static struct pam_conv conv = {
@@ -230,6 +231,12 @@
PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
}
+ pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED);
+ if (pam_retval != PAM_SUCCESS) {
+ log("Cannot delete credentials: %.200s",
+ PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+ }
+
pam_retval = pam_end((pam_handle_t *)pamh, pam_retval);
if (p...
2002 Oct 21
0
[Bug 419] New: HP-UX PAM problems with 3.5p1
...Success
So it seems to be preferrable to skip credentials deletion on HP-UX...
Cheers!
Michael
diff -u -r openssh-3.5p1/auth-pam.c openssh-3.5p1a/auth-pam.c
--- openssh-3.5p1/auth-pam.c Sun Jul 28 22:24:08 2002
+++ openssh-3.5p1a/auth-pam.c Wed Oct 16 15:00:01 2002
@@ -186,12 +186,14 @@
pam_retval, PAM_STRERROR(__pamh, pam_retval));
}
+#ifndef __hpux
if (__pamh && creds_set) {
pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);
if (pam_retval != PAM_SUCCESS)
debug("Cannot delete credentials[%d]: %.200s",
pam_retval, PAM_STRERROR(__pamh, pam_retval)...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...expired, please change it now."
-#define NEW_AUTHTOK_MSG_PRIVSEP \
- "Your password has expired, the session cannot proceed."
static int do_pam_conversation(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
@@ -186,12 +184,15 @@
pam_retval, PAM_STRERROR(__pamh, pam_retval));
}
+/* HP-UX doesn't like credentials to be deleted. Skip and rely on pam_end() */
+#ifndef __hpux
if (__pamh && creds_set) {
pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);
if (pam_retval != PAM_SUCCESS)
debug("Cannot delete...
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...expired, please change it now."
-#define NEW_AUTHTOK_MSG_PRIVSEP \
- "Your password has expired, the session cannot proceed."
static int do_pam_conversation(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
@@ -186,12 +184,15 @@
pam_retval, PAM_STRERROR(__pamh, pam_retval));
}
+/* HP-UX doesn't like credentials to be deleted. Skip and rely on pam_end() */
+#ifndef __hpux
if (__pamh && creds_set) {
pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED);
if (pam_retval != PAM_SUCCESS)
debug("Cannot delete...
1999 Nov 22
1
[s-x86] OpenSSH 1.2pre14 fails on pam_open_session() ...
On Mon, 22 Nov 1999, Philip Brown wrote:
> [ Marc G. Fournier writes ]
> > debug("PAM_retval(open_session) about to run");
> > pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
>
> >
> > ===========================================
> >
> > so, its looking like I'm authenticated properly, but when trying to set up
> > the whole env...
2001 Nov 07
2
Flaw in empty password authentication in sshd
...empty passwords are not permitted.
A possible patch for the problem is given below:
*** auth-pam.c Tue Apr 24 00:08:37 2001
--- auth-amrita.c Tue Nov 6 22:58:46 2001
***************
*** 203,208 ****
--- 203,209 ----
{
extern ServerOptions options;
int pam_retval;
+ int flags=0;
do_pam_set_conv(&conv);
***************
*** 217,223 ****
__pampasswd = password;
pamstate = INITIAL_LOGIN;
! pam_retval = do_pam_authenticate(0);
if (pam_retval == PAM_SUCCESS) {
debug("PAM Password authenticat...
1999 Nov 22
0
OpenSSH 1.2pre14 fails on pam_open_session() ...
...e know more about PAM under Solaris 7/x86 then I do, that
can maybe tackle this, and/or suggestion a route to take to fix?
After doing some debugging, it looks like the problem is a seg fault at:
sshd.c:void pam_cleanup_proc(void *context)
===========================================
debug("PAM_retval(open_session) about to run");
pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
debug("PAM_retval(open_session) successful");
if (pam_retval != PAM_SUCCESS)
{
log("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));...
2001 Mar 30
1
PAM and -u0
...conversation(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
+/* XXX: move to header file */
+const char *
+get_remote_name_or_ip(void);
+
/* module-local variables */
static struct pam_conv conv = {
do_pam_conversation,
@@ -356,9 +360,9 @@
pam_retval, PAM_STRERROR(__pamh, pam_retval));
debug("PAM setting rhost to \"%.200s\"",
- get_canonical_hostname(options.reverse_mapping_check));
+ get_remote_name_or_ip());
pam_retval = pam_set_item(__pamh, PAM_RHOST,
- get_canonical_hostname(options.reverse_mapping_check)...
2002 Jun 26
3
pam session as root
...mmediate security concern with moving the
pam_open_session (and pam_setcred) stuff to the parent (root) process?
(E.g., via the patch below.)
--
Mike Stone
diff -u -r1.4 auth-pam.c
--- auth-pam.c 25 Jun 2002 00:45:33 -0000 1.4
+++ auth-pam.c 25 Jun 2002 20:33:41 -0000
@@ -286,6 +286,8 @@
pam_retval, PAM_STRERROR(__pamh,
pam_retval));
}
+ if (session_opened)
+ return; /*Be idempotent so we can be called in monitor and
child*/
pam_retval = pam_open_session(__pamh, 0);
if (pam_retval != PAM_SUCCESS)
fatal("PAM session setup failed[%d]: %.200s",
@@ -304,6 +306,8 @@
do...
2000 Oct 11
1
Expired passwords & PAM
...50 djm Exp $");
-#define NEW_AUTHTOK_MSG \
- "Warning: You password has expired, please change it now"
-
/* Callbacks */
static int pamconv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
@@ -175,11 +172,17 @@
pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
switch (pam_retval) {
- case PAM_SUCCESS:
+ case PAM_SUCCESS:
/* This is what we want */
break;
- case PAM_NEW_AUTHTOK_REQD:
- pam_msg_...
2001 Feb 26
1
2.5.1p1 on Redhat Linux 6.2 using PAM does not log closing of session
Hello all,
On Redhat 6.2, the PAM_unix module logs the session opening, but not
the session closing. This was logged as of 2.3.0p1. Upgrading to
2.5.1p1 makrs the start of the problem.
Thanks in advance,
Victor
--
Victor J. Orlikowski
======================
v.j.orlikowski at gte.net
orlikowski at apache.org
vjo at us.ibm.com
2002 Feb 27
0
openssh & solaris
...etcred: error Permission denied" errors are still issued when
exiting a session.
*** auth-pam.c- Mon Feb 25 18:36:04 2002
--- auth-pam.c Tue Feb 26 10:05:31 2002
***************
*** 297,304 ****
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh,
! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred failed[%d]: %.200s",
--- 297,303 ----
do_pam_set_conv(&conv);...
2002 Feb 27
0
[Bug 127] New: PAM with ssh authentication and pam_krb5 doesn't work properly
.../pam_unix.so.1
sshd auth sufficient /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass
*** auth-pam.c- Mon Feb 25 18:36:04 2002
--- auth-pam.c Tue Feb 26 10:05:31 2002
***************
*** 297,304 ****
do_pam_set_conv(&conv);
debug("PAM establishing creds");
! pam_retval = pam_setcred(__pamh,
! init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED);
if (pam_retval != PAM_SUCCESS) {
if (was_authenticated)
fatal("PAM setcred failed[%d]: %.200s",
--- 297,303 ----
do_pam_set_conv(&conv);...
2002 Jul 16
2
HP-UX PAM with Trusted System patch
...nssh-3.4p1/auth-pam.c openssh-3.4p1-dw/auth-pam.c
--- openssh-3.4p1/auth-pam.c Tue May 7 21:27:56 2002
+++ openssh-3.4p1-dw/auth-pam.c Tue Jul 16 07:54:05 2002
@@ -294,6 +294,18 @@
session_opened = 1;
}
+/* Set the TTY after session is open */
+void do_pam_set_tty(const char *ttyname) {
+ int pam_retval;
+ if (ttyname != NULL) {
+ debug("PAM setting tty to \"%.200s\"", ttyname);
+ pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname);
+ if (pam_retval != PAM_SUCCESS)
+ fatal("PAM set tty failed[%d]: %.200s",
+ pam_retval, PAM_STRERROR(__pamh, pam_retval));...
2000 Aug 27
0
patch for TIS (skey/opie) *and* passwd auth via PAM
...-123,29 +173,34 @@
}
}
-/* Attempt password authentation using PAM */
-int auth_pam_password(struct passwd *pw, const char *password)
+/* Attempt authentication using PAM */
+int auth_pam_password(struct passwd *pw, const char *password, int auth_type)
{
extern ServerOptions options;
int pam_retval;
+ if (auth_type != current_auth_type) {
+ finish_pam();
+ start_pam2(pw, auth_type);
+ }
+
/* deny if no user. */
if (pw == NULL)
return 0;
if (pw->pw_uid == 0 && options.permit_root_login == 2)
return 0;
- if (*password == ...
2001 Oct 25
6
Regarding PAM_TTY_KLUDGE and Solaris 8...
>Okay, this appears to be a problem with pam_unix.so - the code in
>pam_sm_open_session is written with the assumption that the tty name is of
>the form "/dev/" + something else on the end. I'm not sure why the
pam_sm_open_session in pam_unix on Solaris now does this:
/* report error if ttyn or rhost are not set */
if ((ttyn == NULL) || (rhost == NULL))
2003 Feb 20
0
"if 0" in auth-pam.c
...t I think "if 0" is a non-possible
situation, right?
I then removed these conditions, and it worked just fine, changed my
password as it should..
btw, yes, I removed "Privilege Separation" to do these tests.
Here is the piece of code I'm talking about:
switch (pam_retval) {
case PAM_SUCCESS:
/* This is what we want */
break;
#if 0
case PAM_NEW_AUTHTOK_REQD:
message_cat(&__pam_msg, use_privsep ?
NEW_AUTHTOK_MSG_PRIVSEP : NEW_AUTHT...