search for: pam_strerror

...SUCCESS; break; default: free(reply); @@ -103,22 +135,22 @@ if (pamh != NULL) { - pam_retval = pam_close_session((pam_handle_t *)pamh, 0); + pam_retval = pam_close_session(pamh, 0); if (pam_retval != PAM_SUCCESS) { log("Cannot close PAM session: %.200s", - PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + PAM_STRERROR(pamh, pam_retval)); } - pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); + pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) { debug("Cannot delete credentials: %.200s", -...

.... gcc -g -O2 -Wall -I/usr/local/ssl/include -DETCDIR=\"/etc/ssh\" -DSSH_PROGRAM=\"/usr/bin/ssh\" -DASKPASS_PROGRAM=\"/usr/libexec/ssh/ssh-askpass\" -DHAVE_CONFIG_H -c sshd.c -o sshd.o sshd.c: In function `pam_cleanup_proc': sshd.c:224: warning: passing arg 1 of `pam_strerror' makes integer from pointer without a cast sshd.c:224: too many arguments to function `pam_strerror' sshd.c:231: warning: passing arg 1 of `pam_strerror' makes integer from pointer without a cast sshd.c:231: too many arguments to function `pam_strerror' ... more of these... make: **...

Trying 2.1.1p2 on HP-UX 11 (trusted system) I get: Jul 3 14:24:53 robinson sshd[1236]: debug: Encryption type: 3des Jul 3 14:24:53 robinson sshd[1236]: debug: Received session key; encryption turned on. Jul 3 14:24:53 robinson sshd[1236]: debug: Installing crc compensation attack detector. Jul 3 14:24:53 robinson sshd[1236]: debug: Starting up PAM with username "stevesk" Jul 3

...goto auth_fail; - sshpam_err = pam_authenticate(sshpam_handle, 0); + sshpam_err = pam_authenticate(grab_pamh(0, NULL), 0); if (sshpam_err != PAM_SUCCESS) goto auth_fail; buffer_put_cstring(&buffer, "OK"); @@ -238,7 +301,7 @@ auth_fail: buffer_put_cstring(&buffer, - pam_strerror(sshpam_handle, sshpam_err)); + pam_strerror(grab_pamh(0, NULL), sshpam_err)); ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); buffer_free(&buffer); pthread_exit(NULL); @@ -274,20 +337,31 @@ sshpam_cleanup(void) { debug("PAM: cleanup"); - if (sshpam_handle ==...

...ompts); **prompts = NULL; } @@ -551,21 +549,6 @@ do_pam_account(void) } void -do_pam_session(void) -{ - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: failed to set PAM_CONV: %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: pam_open_session(): %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_session_open = 1; -} - -void do_pam_set_tty(const char *tty) { if (tty !=...

...rich (george at geology.bristol.ac.uk) *** defines.h.orig Thu Oct 19 23:14:05 2000 --- defines.h Mon Jan 22 16:52:05 2001 *************** *** 338,345 **** --- 338,349 ---- /* Function replacement / compatibility hacks */ /* In older versions of libpam, pam_strerror takes a single argument */ + /* Older versions of PAM (1.10) don't define some symbols the same way */ #ifdef HAVE_OLD_PAM # define PAM_STRERROR(a,b) pam_strerror((b)) + # define PAM_DELETE_CRED PAM_CRED_DELETE + # define PAM_ESTABLISH_CRED PAM_CRED_ESTABLISH + # define PAM_NEW_AUTHTOK_REQD...

...tBSD doesn't have a ut_type struct member). With the patch below, openssh will compile and run on NetBSD again. Thanks, David --- configure.orig Tue Dec 21 06:51:22 1999 +++ configure Thu Dec 23 14:15:16 1999 @@ -2073,12 +2073,43 @@ fi rm -f conftest* -echo $ac_n "checking whether pam_strerror takes only one argument""... $ac_c" 1>&6 -echo "configure:2078: checking whether pam_strerror takes only one argument" >&5 +echo $ac_n "checking For struct lastlog in utmp.h""... $ac_c" 1>&6 +echo "configure:2078: checking For s...

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and

...Define if your libraries define login() */ #define HAVE_LOGIN 1 /* Define if your libraries define daemon() */ #define HAVE_DAEMON 1 /* Define if you want to allow MD5 passwords */ /* #undef HAVE_MD5_PASSWORDS */ /* Define if you have an old version of PAM which takes only one argument */ /* to pam_strerror */ #define HAVE_OLD_PAM 1 /* Data types */ /* #undef HAVE_QUAD_T */ #define HAVE_INTXX_T 1 #define HAVE_U_INTXX_T 1 #define HAVE_UINTXX_T 1 /* Define if you have /dev/ptmx */ /* #undef HAVE_DEV_PTMX */ /* Define if you have /dev/ptc */ /* #undef HAVE_DEV_PTS_AND_PTC */ /* Path to xauth binary *...

...149,7 @@ int do_pam_auth(const char *user, const char *password); void do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, char *ttyname); +void do_pam_setcred(); void pam_cleanup_proc(void *context); static struct pam_conv conv = { @@ -230,6 +231,12 @@ PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + pam_retval = pam_setcred((pam_handle_t *)pamh, PAM_DELETE_CRED); + if (pam_retval != PAM_SUCCESS) { + log("Cannot delete credentials: %.200s", + PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + } + pam_retval = pam_end((pam_handle_...

...it seems to be preferrable to skip credentials deletion on HP-UX... Cheers! Michael diff -u -r openssh-3.5p1/auth-pam.c openssh-3.5p1a/auth-pam.c --- openssh-3.5p1/auth-pam.c Sun Jul 28 22:24:08 2002 +++ openssh-3.5p1a/auth-pam.c Wed Oct 16 15:00:01 2002 @@ -186,12 +186,14 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +#ifndef __hpux if (__pamh && creds_set) { pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) debug("Cannot delete credentials[%d]: %.200s", pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +#endif...

...ase change it now." -#define NEW_AUTHTOK_MSG_PRIVSEP \ - "Your password has expired, the session cannot proceed." static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -186,12 +184,15 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +/* HP-UX doesn't like credentials to be deleted. Skip and rely on pam_end() */ +#ifndef __hpux if (__pamh && creds_set) { pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) debug("Cannot delete credentials[%d]:...

...@@ { int pam_retval; - debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname()); - pam_retval = pam_set_item(pamh, PAM_RHOST, - get_canonical_hostname()); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set rhost failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } - if (remote_user != NULL) { debug("PAM setting ruser to \"%.200s\"", remote_user); pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user); @@ -310,6 +302,14 @@ if (pam_retval != PAM_SUCCESS) { fatal("PAM initialisation failed[%d]: %....

...for me. Should it be changed to do the same thing, ie --- auth-pam.c 3 Jun 2003 00:25:48 -0000 1.64 +++ auth-pam.c 8 Aug 2003 02:13:34 -0000 @@ -531,11 +531,13 @@ if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); - debug("PAM: setting PAM_TTY to \"%s\"", tty); - sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, tty); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: failed to set PAM_TTY: %s", - pam_str...

...ase change it now." -#define NEW_AUTHTOK_MSG_PRIVSEP \ - "Your password has expired, the session cannot proceed." static int do_pam_conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); @@ -186,12 +184,15 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); } +/* HP-UX doesn't like credentials to be deleted. Skip and rely on pam_end() */ +#ifndef __hpux if (__pamh && creds_set) { pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); if (pam_retval != PAM_SUCCESS) debug("Cannot delete credentials[%d]:...

...ry"); break; @@ -108,12 +116,14 @@ } free(resp); + str_free(&username); return PAM_CONV_ERR; } resp[i].resp_retcode = PAM_SUCCESS; resp[i].resp = string; } + str_free(&username); *resp_r = resp; return PAM_SUCCESS; @@ -231,7 +241,10 @@ pam_strerror(pamh, status)); return status; } - auth_request_set_field(request, "user", item, NULL); + if (module->pam_allow_transform) + { + auth_request_set_field(request, "user", item, NULL); + } return PAM_SUCCESS; } @@ -257,6 +270,11 @@ struct pam_conv conv; enum passd...

...04-10-07 08:38:59.000000000 +0300 @@ -193,6 +193,18 @@ return status; } + if ((status = pam_open_session(pamh, 0)) != PAM_SUCCESS) { + *error = t_strdup_printf("pam_open_session(%s) failed: %s", + user, pam_strerror(pamh, status)); + return status; + } + + if ((status = pam_close_session(pamh, 0)) != PAM_SUCCESS) { + *error = t_strdup_printf("pam_close_session(%s) failed: %s", + user, pam_strerror(pamh, status)); +...

...(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); +/* XXX: move to header file */ +const char * +get_remote_name_or_ip(void); + /* module-local variables */ static struct pam_conv conv = { do_pam_conversation, @@ -356,9 +360,9 @@ pam_retval, PAM_STRERROR(__pamh, pam_retval)); debug("PAM setting rhost to \"%.200s\"", - get_canonical_hostname(options.reverse_mapping_check)); + get_remote_name_or_ip()); pam_retval = pam_set_item(__pamh, PAM_RHOST, - get_canonical_hostname(options.reverse_mapping_check)); + get_rem...

Hi, I'm using SuSE 8.2 and I got the source for samba 3.0.2a and I tried to install it. ./configure (w/o any arguments) went ok so I type make and it gives me the following errors: Linking bin/smbd auth/pampass.o(.text+0x59): In function `smb_pam_error_handler': : undefined reference to `pam_strerror' auth/pampass.o(.text+0xcb6): In function `smb_pam_end': : undefined reference to `pam_end' auth/pampass.o(.text+0xde1): In function `smb_pam_start': : undefined reference to `pam_start' auth/pampass.o(.text+0xe7c): In function `smb_pam_start': : undefined reference to `pam_...

...u_int +do_pam_account(void) +{ + struct pam_conv *OldConv; + if (sshpam_account_status != -1) + return (sshpam_account_status); + + sshpam_err = pam_get_item(sshpam_handle, PAM_CONV, (void *)&OldConv); + if (sshpam_err != PAM_SUCCESS) + fatal ("PAM: failed to get PAM_CONV: %s", + pam_strerror (sshpam_handle, sshpam_err)); + + sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (void *)&store_conv); + if (sshpam_err != PAM_SUCCESS) + fatal("PAM: failed to set PAM_CONV: %s", + pam_strerror(sshpam_handle, sshpam_err)); + + sshpam_err = pam_acct_mgmt(sshpam_handle, 0); + de...