search for: pam_set_item

Displaying 20 results from an estimated 55 matches for "pam_set_item".

2002 Feb 15
2
Advice on: sshd[28182]: PAM pam_set_item: NULL pam handle passed
...in that particular group, whilst not affecting the users who browse the box via network neighborhood. But this seemed to work fine for a few hrs and now no one in the Winbind group can login to ssh. Looking thru the /var/log/secure, Iam getting the error: Feb 15 10:21:27 yoda sshd[28182]: PAM pam_set_item: NULL pam handle passed Feb 15 10:21:27 yoda sshd[28182]: PAM pam_set_item: NULL pam handle passed Feb 15 10:21:27 yoda sshd[28182]: Failed password for illegal user MMEBS+mark from 192.168.*.* port 2166 Feb 15 10:21:29 yoda sshd[28182]: Connection closed by 192.168.*.* If comment out the Allowgr...
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...s", - pw->pw_name, PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + pw->pw_name, PAM_STRERROR(pamh, pam_retval)); return 0; } } @@ -157,33 +190,35 @@ int pam_retval; debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname()); - pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, + pam_retval = pam_set_item(pamh, PAM_RHOST, get_canonical_hostname()); if (pam_retval != PAM_SUCCESS) { fatal("PAM set rhost failed: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); } if (...
2003 Oct 29
4
Fix for USE_POSIX_THREADS in auth-pam.c
...m_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user); + pam_get_item(grab_pamh(0, NULL), PAM_USER, (const void **)&pam_user); setproctitle("%s [pam]", pam_user); #endif @@ -224,11 +287,11 @@ sshpam_conv.appdata_ptr = ctxt; buffer_init(&buffer); - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, + sshpam_err = pam_set_item(grab_pamh(0, NULL), PAM_CONV, (const void *)&sshpam_conv); if (sshpam_err != PAM_SUCCESS) goto auth_fail; - sshpam_err = pam_authenticate(sshpam_handle, 0); + sshpam_err = pam_authenticate(grab_pamh(0, NULL), 0); if (sshpam_err !...
2004 Dec 28
2
LinuxPAM and sshd: changing conversation function doesn't work but claims to.
Hi. I'm one of the OpenSSH developers, and I've done some of the work on sshd's PAM interface recently. I've discovered some behaviour peculiar to LinuxPAM that I can't explain: changing the conversation function does not appear to work, even though the pam_set_item() call claims to succeed. The previous conversation function is still called. Background: the PAM API is a poor fit for the SSH protocol, so the conversation function needs to do vastly different things at different points in the protocol. Instead of one enormous multi-mode function, sshd...
2014 Apr 24
0
Help implementing username_format in auth PAM driver
...lookup(ctx->request)); if (string == NULL) i_fatal_status(FATAL_OUTOFMEM, "Out of memory"); break; @@ -240,7 +253,7 @@ static void set_pam_items(struct auth_request *request, pam_handle_t *pamh) host = net_ip2addr(&request->remote_ip); if (host != NULL) (void)pam_set_item(pamh, PAM_RHOST, host); - (void)pam_set_item(pamh, PAM_RUSER, request->user); + (void)pam_set_item(pamh, PAM_RUSER, pam_username_lookup(request)); /* TTY is needed by eg. pam_access module */ (void)pam_set_item(pamh, PAM_TTY, "dovecot"); } @@ -262,7 +275,7 @@ pam_verify_plain_call...
2002 Aug 30
4
Patch so that sshd makes use of PAM_USER
<<pam_user.patch>> Hello. I created a patch that causes sshd to take notice of the value of PAM_USER after calling into the pam_xxx functions. This makes it possible for a PAM module to effect user mappings by setting the value of PAM_USER with pam_set_item(). If anyone has comments or suggestions, let me know. Thanks, Jeremy -------------- next part -------------- A non-text attachment was scrubbed... Name: pam_user.patch Type: application/octet-stream Size: 8581 bytes Desc: pam_user.patch Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/a...
1999 Nov 22
1
[s-x86] OpenSSH 1.2pre14 fails on pam_open_session() ...
...> > debugging this? > > well its obviously blowing up on pam_open_session, so you need to validate > your "pamh" handle somehow. thank you, and how would one do this? considering that my 'pamh' handle is being used three times prior to that, in: pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST, remote_host); pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER, remote_user); pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0); all in the same function, I would have thought that this would have been okay...all of the above go through successfu...
2002 Feb 14
2
[Bug 117] OpenSSH second-guesses PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=117 ------- Additional Comments From djm at mindrot.org 2002-02-15 10:10 ------- > OpenSSH traditionally would not even start PAM, and > now starts it specifying 'NOUSER' as the login name. We have always used NOUSER, the recent patch just makes it consistent between protocols 1 and 2. > The second is to prevent username guessing
2006 May 12
1
About RH patches and 1.0beta8
...tch calls 'chown root.root', is good to have the certs owned by root? patch: dovecot-1.0.beta2-pam-setcred.patch is dissables the call to pam_setcred() because there is no other call to pam_setcred() in order to release the resources patch: dovecot-1.0.beta2-pam-tty.patch it add a call to pam_set_item() I don't to attach the patches to the list, but I can if anyone could not extract them from the .src.rpm Many thanks Oliver -- Oliver Schulze L. <oliver at samera.com.py>
2001 Feb 10
1
[PATCH] Tell PAM about remote host earlier
...abartlet at pcug.org.au -------------- next part -------------- --- auth-pam.c.orig Sat Feb 10 13:01:35 2001 +++ auth-pam.c Sat Feb 10 14:14:53 2001 @@ -191,14 +191,6 @@ { int pam_retval; - debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname()); - pam_retval = pam_set_item(pamh, PAM_RHOST, - get_canonical_hostname()); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set rhost failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } - if (remote_user != NULL) { debug("PAM setting ruser to \"%.200s\"", remote_user)...
2004 Mar 24
1
Trying to compile Samba 3.0.2a
...rror' auth/pampass.o(.text+0xcb6): In function `smb_pam_end': : undefined reference to `pam_end' auth/pampass.o(.text+0xde1): In function `smb_pam_start': : undefined reference to `pam_start' auth/pampass.o(.text+0xe7c): In function `smb_pam_start': : undefined reference to `pam_set_item' auth/pampass.o(.text+0xeec): In function `smb_pam_start': : undefined reference to `pam_set_item' auth/pampass.o(.text+0xfea): In function `smb_pam_auth': : undefined reference to `pam_authenticate' auth/pampass.o(.text+0x1317): In function `smb_pam_account': : undefined re...
2000 Jul 03
2
2.1.1p2 HP-UX 11 PAM General Commerical Security error
Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3
2004 Jun 14
1
PAM_RHOST item
A little problem, which is bugging me: when using PAM authentication, Dovecot (0.99.5) does not set the PAM_RHOST item, so the PAM modules cannot know who the client is. We need this for some PAM module doing access control. Changing passdb-pam.c to pam_set_item it seems trivial, but I'm bugged as to how to get the client name from there. It seems not to be available in the auth_request strut or anything from there. I tried even adding an upwards reference from there to the struct client *, but then I see that there are three structs named client and...
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
...acket_write_wait(); -#endif + debug("%s: %s", __func__, **prompts); + buffer_append(&loginmsg, **prompts, + strlen(**prompts)); xfree(**prompts); **prompts = NULL; } @@ -551,21 +549,6 @@ do_pam_account(void) } void -do_pam_session(void) -{ - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: failed to set PAM_CONV: %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("P...
2000 Nov 17
4
cvs
Hello, I use cvs to download samba with pserver.samba.org i get the 2.0.4b version ! where can i get the last stable release (2.0.7) and alpha versions with cvs and anonymous ? Thanks Guy Roussin
2003 Sep 22
1
Problem with non-interactive shells on Sol8 with 3.7.1p1
...p1.udel.edu sshd[21223]: [ID 800047 local4.debug] debug1: PAM: initializing for "ed" Sep 22 13:12:41 ldap1.udel.edu sshd[21223]: [ID 800047 local4.debug] debug1: PAM: setting PAM_RHOST to "polycut.nss.udel.edu" Sep 22 13:12:41 ldap1.udel.edu sshd[21223]: [ID 859314 local4.debug] pam_set_item(4) Sep 22 13:12:41 ldap1.udel.edu sshd[21223]: [ID 800047 local4.debug] debug1: PAM: setting PAM_TTY to "ssh" Sep 22 13:12:41 ldap1.udel.edu sshd[21223]: [ID 859314 local4.debug] pam_set_item(3) Sep 22 13:12:41 ldap1.udel.edu sshd[21223]: [ID 800047 local4.info] Failed none for ed from 12...
2001 Oct 25
3
PAM conversation stuff
...logically the bug is in the part of the conversation routine that isn't checking to see if stdin/stdout is a TTY before trying to prompt the user for info. Conversely, the conversation routine is just a glorified "printf", then where in the heck is the password read in, and where is pam_set_item() being called to fill in the details before the call to pam_chauthtok() can actually update the password? Thanks, Ed Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and Systems Services finger -l ed at polycut.nss.udel.edu for PGP public...
2001 Oct 29
2
pam_open_session w/o tty on Solaris
...29 15:32:08 2001 @@ -272,6 +272,12 @@ do_pam_set_conv(&conv); +#ifdef PAM_SUN_CODEBASE + if (ttyname == NULL) { + ttyname = ""; + } +#endif /* PAM_SUN_CODEBASE */ + if (ttyname != NULL) { debug("PAM setting tty to \"%.200s\"", ttyname); pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); Obviously that expands the meaning of PAM_SUN_CODEBASE a bit from its current definition, but it seemed a fairly reasonable thing to use, since this appears to be another misbehavior of PAM under Solaris. I don't honestly know enough about the inner workings of PAM...
2003 Sep 23
5
PAM sessions and conversation functions
In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and
2006 Jan 16
0
passdb-pam: PAM_RHOST on FreeBSD >= 5.0 (where PAM != Linux-PAM)
...f. Now having updated to the latest snapshot (which may be released as beta1), I stumbled on it again: In src/auth/passdb-pam.c, where the client host is passed to PAM, the code looks like this: #ifdef PAM_RHOST const char *host = net_ip2addr(&request->remote_ip); if (host != NULL) pam_set_item(pamh, PAM_RHOST, host); #endif For some reason there is a preprocessor/compile-time check whethere there exists such a preprocessor symbol as the PAM item PAM_RHOST (why check that? IIRC PAM_RHOST is standard and in all PAM implementations). However, PAM_RHOST (or other PAM items, for that matte...