Displaying 15 results from an estimated 15 matches for "print_pam_messag".
Did you mean:
print_pam_messages
2004 Jan 15
2
What is print_pam_messages() used for ?
Hi,
I was investigating why I don't see any warnings from
pam_ldap indicating the pending expiration of passwords as well as
for PAM_NEW_AUTHTOK_REQD. Eventually, I found that do_pam_account()
does not have a conversation function. Also, there is a function
print_pam_messages (currently empty) which look suspiciously like it
is ear marked to show just those error messages:
/* auth-pam.c */
void print_pam_messages(void)
{
/* XXX */
}
By any chance, is someone working on a patch to show these
warning messages ?
Thanks.
Ralf.
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...ition to the kludge to feed the user's password into PAM during
initial login
* add function do_pam_chauthtok() to call pam_chauthtok() if needed,
once interactive session has been established
auth-pam.h:
* add prototype for do_pam_chauthtok()
session.c:
* add call to do_pam_chauthtok() after print_pam_messages()
I am subscribed to openssh-unix-dev, so you do not have to copy any list
discussion to me personally.
===================================================================
RCS file: RCS/auth-pam.c,v
retrieving revision 1.1
diff -u -r1.1 auth-pam.c
--- auth-pam.c 2000/09/06 22:29:58 1.1
+++ auth...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...ot;dup2 stdin: %s", strerror(errno));
@@ -608,6 +604,24 @@
/* Close the extra descriptor for the pseudo tty. */
close(ttyfd);
+#ifdef USE_PAM
+ /*
+ * If password change is needed, do it now.
+ * For privsep, this needs to occur before we acquire a
+ * controlling tty.
+ */
+ print_pam_messages();
+ if (use_privsep && is_pam_password_change_required())
+ PRIVSEP(do_pam_chauthtok());
+#endif
+ /* Make the pseudo tty our controlling tty. */
+ pty_make_controlling_tty(&ttyfd, s->tty);
+
+ /* without privsep, chauthtok requires a controlling tty */
+ if (!use_privsep)...
2003 Jul 09
0
[PATCH] Add expired password handling for AIX.
...quired but no "
+ "TTY available");
/* Fork the child. */
if ((pid = fork()) == 0) {
@@ -726,6 +731,7 @@
socklen_t fromlen;
struct sockaddr_storage from;
struct passwd * pw = s->pw;
+ int password_changed = 0;
pid_t pid = getpid();
/*
@@ -758,6 +764,13 @@
print_pam_messages();
do_pam_chauthtok();
}
+#else
+ buffer_append(&expiremsg, "\0", 1);
+ if (password_change_required) {
+ printf("%s\n", (char *)buffer_ptr(&expiremsg));
+ fflush(stdout);
+ password_changed = do_tty_change_password(pw);
+ }
#endif
if (check_quietlogin(s,...
2003 Jul 30
1
[PATCH] Password expiry merge (AIX parts)
...quired but no "
+ "TTY available");
/* Fork the child. */
if ((pid = fork()) == 0) {
@@ -726,6 +731,7 @@
socklen_t fromlen;
struct sockaddr_storage from;
struct passwd * pw = s->pw;
+ int password_changed = 0;
pid_t pid = getpid();
/*
@@ -758,6 +764,13 @@
print_pam_messages();
do_pam_chauthtok();
}
+#else
+ buffer_append(&expiremsg, "\0", 1);
+ if (password_change_required) {
+ printf("%s\n", (char *)buffer_ptr(&expiremsg));
+ fflush(stdout);
+ password_changed = do_tty_change_password(pw);
+ }
#endif
if (check_quietlogin(s,...
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
...-746,16 +749,23 @@
options.verify_reverse_mapping),
(struct sockaddr *)&from, fromlen);
-#ifdef USE_PAM
/*
* If password change is needed, do it now.
* This needs to occur before the ~/.hushlogin check.
*/
+#ifdef USE_PAM
if (is_pam_password_change_required()) {
print_pam_messages();
- do_pam_chauthtok();
+ if (!use_privsep)
+ do_pam_chauthtok();
}
#endif
+ buffer_append(&expire_message, "\0", 1);
+ if (password_change_required) {
+ printf("%s", (char *)buffer_ptr(&expire_message));
+ do_tty_change_password(pw);
+ password_changed = 1;...
2002 Oct 13
1
[PATCH] AIX password expiration
...+766,13 @@
}
#endif
+#ifdef WITH_AIXAUTHENTICATE
+ if (is_aix_password_change_required()) {
+ printf("%s\n", aixexpiremsg);
+ do_aix_change_password(pw);
+ }
+#endif
+
if (check_quietlogin(s, command))
return;
@@ -764,7 +780,10 @@
if (!is_pam_password_change_required())
print_pam_messages();
#endif /* USE_PAM */
+
#ifdef WITH_AIXAUTHENTICATE
+ if (!is_aix_password_change_required() && aixexpiremsg && *aixexpiremsg)
+ printf("%s\n", aixexpiremsg);
if (aixloginmsg && *aixloginmsg)
printf("%s\n", aixloginmsg);
#endif /* WITH_AIXAUT...
2000 Jul 07
1
Potentially insecure format string handling in PAM support
...;t think its exploitable. But
the format string processing isn't needed here, so it should be painless to
remove.
Here's the patch.
-- Aaron
- --- auth-pam.c~ Thu Jun 22 04:44:54 2000
+++ auth-pam.c Fri Jul 7 14:57:16 2000
@@ -277,7 +277,7 @@
void print_pam_messages(void)
{
if (pam_msg != NULL)
- - fprintf(stderr, pam_msg);
+ fputs(pam_msg, stderr);
}
/* Append a message to the PAM message buffer */
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQCVAwUBOWZU...
2001 Jan 03
0
AIX loginsuccess and aixloginmsg ?
...rm/test if aixloginmsg should be freed ?
If so this little patch might work (I didn't test this !!!!!):
^^^^^^^^^^^^^^^^^^^^^^^^^
--- session.c-orig Wed Jan 3 10:19:31 2001
+++ session.c Wed Jan 3 10:20:48 2001
@@ -750,8 +750,10 @@
print_pam_messages();
#endif /* USE_PAM */
#ifdef WITH_AIXAUTHENTICATE
- if (aixloginmsg && *aixloginmsg)
+ if (aixloginmsg && *aixloginmsg) {
printf("%s\n", aixloginmsg);
+ free(aixloginmsg);
+ }
#endif /* WITH_AIXAUTHENTICATE */...
2003 Jul 30
7
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564
------- Additional Comments From djm at mindrot.org 2003-07-30 11:48 -------
Maybe UsePAM should be a tri-state: "kbd-int", "no" or "always". This is ugly -
suggestions wanted.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Oct 21
0
[Bug 419] New: HP-UX PAM problems with 3.5p1
...enssh-3.5p1a/auth-pam.h Wed Oct 16 10:00:40 2002
@@ -39,6 +39,7 @@
int do_pam_authenticate(int flags);
int do_pam_account(char *username, char *remote_user);
void do_pam_session(char *username, const char *ttyname);
+void do_pam_set_tty(const char *ttyname);
void do_pam_setcred(int init);
void print_pam_messages(void);
int is_pam_password_change_required(void);
diff -u -r openssh-3.5p1/session.c openssh-3.5p1a/session.c
--- openssh-3.5p1/session.c Thu Sep 26 02:38:50 2002
+++ openssh-3.5p1a/session.c Wed Oct 16 15:01:40 2002
@@ -454,7 +454,6 @@
session_proctitle(s);
#if defined(USE_PAM)
- do_pam_se...
2002 Jul 16
2
HP-UX PAM with Trusted System patch
...ssh-3.4p1-dw/auth-pam.h Tue Jul 16 07:54:05 2002
@@ -12,6 +12,7 @@
int do_pam_authenticate(int flags);
int do_pam_account(char *username, char *remote_user);
void do_pam_session(char *username, const char *ttyname);
+void do_pam_set_tty(const char *ttyname);
void do_pam_setcred(int init);
void print_pam_messages(void);
int is_pam_password_change_required(void);
Only in openssh-3.4p1-dw: auth-pam.h.orig
diff -u -r openssh-3.4p1/session.c openssh-3.4p1-dw/session.c
--- openssh-3.4p1/session.c Wed Jun 26 08:51:06 2002
+++ openssh-3.4p1-dw/session.c Tue Jul 16 07:54:06 2002
@@ -461,7 +461,6 @@
session_pro...
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
...+104,6 @@
#define MAX_SESSIONS 10
Session sessions[MAX_SESSIONS];
-#ifdef WITH_AIXAUTHENTICATE
-char *aixloginmsg;
-#endif /* WITH_AIXAUTHENTICATE */
-
#ifdef HAVE_LOGIN_CAP
login_cap_t *lc;
#endif
@@ -770,10 +767,13 @@
if (options.use_pam && !is_pam_password_change_required())
print_pam_messages();
#endif /* USE_PAM */
-#ifdef WITH_AIXAUTHENTICATE
- if (aixloginmsg && *aixloginmsg)
- printf("%s\n", aixloginmsg);
-#endif /* WITH_AIXAUTHENTICATE */
+
+ /* display post-login message */
+ if (buffer_len(&loginmsg) > 0) {
+ buffer_append(&loginmsg, "\0&quo...
2003 May 10
4
New PAM code landing (at last)
Hello all,
The long-mooted PAM merge from FreeBSD is starting _now_. This replaces
the PAM password auth kludge that we have used until now with a discrete
challenge-response module. This module is invoked via
keyboard-interactive for protocol 2 or TIS auth for protocol 1.
Warning: this is a large change and will probably break things. It has
only been tested with basic password auth modules and
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...nect("Password change required but no "
@@ -581,7 +580,7 @@
ttyfd = s->ttyfd;
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, s->tty);
+ do_pam_set_tty(s->tty);
do_pam_setcred(1);
#endif
@@ -753,7 +752,7 @@
*/
if (is_pam_password_change_required()) {
print_pam_messages();
- do_pam_chauthtok();
+ PRIVSEP(do_pam_chauthtok());
}
#endif
@@ -1238,6 +1237,12 @@
* Reestablish them here.
*/
do_pam_setcred(0);
+
+ /*
+ * We need to open the session here because PAM on HP-UX does not
+ * work after the call to permanently_set_uid.
+ */
+ do_pam_...