search for: print_pam_messages

Displaying 15 results from an estimated 15 matches for "print_pam_messages".

2004 Jan 15
2
What is print_pam_messages() used for ?
Hi, I was investigating why I don't see any warnings from pam_ldap indicating the pending expiration of passwords as well as for PAM_NEW_AUTHTOK_REQD. Eventually, I found that do_pam_account() does not have a conversation function. Also, there is a function print_pam_messages (currently empty) which look suspiciously like it is ear marked to show just those error messages: /* auth-pam.c */ void print_pam_messages(void) { /* XXX */ } By any chance, is someone working on a patch to show these warning messages ? Thanks. Ralf.
2000 Sep 13
2
auth-pam.c support for pam_chauthtok()
...ition to the kludge to feed the user's password into PAM during initial login * add function do_pam_chauthtok() to call pam_chauthtok() if needed, once interactive session has been established auth-pam.h: * add prototype for do_pam_chauthtok() session.c: * add call to do_pam_chauthtok() after print_pam_messages() I am subscribed to openssh-unix-dev, so you do not have to copy any list discussion to me personally. =================================================================== RCS file: RCS/auth-pam.c,v retrieving revision 1.1 diff -u -r1.1 auth-pam.c --- auth-pam.c 2000/09/06 22:29:58 1.1 +++ auth-p...
2002 Dec 21
6
[PATCH] PAM chauthtok + Privsep
...ot;dup2 stdin: %s", strerror(errno)); @@ -608,6 +604,24 @@ /* Close the extra descriptor for the pseudo tty. */ close(ttyfd); +#ifdef USE_PAM + /* + * If password change is needed, do it now. + * For privsep, this needs to occur before we acquire a + * controlling tty. + */ + print_pam_messages(); + if (use_privsep && is_pam_password_change_required()) + PRIVSEP(do_pam_chauthtok()); +#endif + /* Make the pseudo tty our controlling tty. */ + pty_make_controlling_tty(&ttyfd, s->tty); + + /* without privsep, chauthtok requires a controlling tty */ + if (!use_privsep) +...
2003 Jul 09
0
[PATCH] Add expired password handling for AIX.
...quired but no " + "TTY available"); /* Fork the child. */ if ((pid = fork()) == 0) { @@ -726,6 +731,7 @@ socklen_t fromlen; struct sockaddr_storage from; struct passwd * pw = s->pw; + int password_changed = 0; pid_t pid = getpid(); /* @@ -758,6 +764,13 @@ print_pam_messages(); do_pam_chauthtok(); } +#else + buffer_append(&expiremsg, "\0", 1); + if (password_change_required) { + printf("%s\n", (char *)buffer_ptr(&expiremsg)); + fflush(stdout); + password_changed = do_tty_change_password(pw); + } #endif if (check_quietlogin(s, co...
2003 Jul 30
1
[PATCH] Password expiry merge (AIX parts)
...quired but no " + "TTY available"); /* Fork the child. */ if ((pid = fork()) == 0) { @@ -726,6 +731,7 @@ socklen_t fromlen; struct sockaddr_storage from; struct passwd * pw = s->pw; + int password_changed = 0; pid_t pid = getpid(); /* @@ -758,6 +764,13 @@ print_pam_messages(); do_pam_chauthtok(); } +#else + buffer_append(&expiremsg, "\0", 1); + if (password_change_required) { + printf("%s\n", (char *)buffer_ptr(&expiremsg)); + fflush(stdout); + password_changed = do_tty_change_password(pw); + } #endif if (check_quietlogin(s, co...
2002 Nov 20
0
[PATCH #9] Password expiration via /bin/passwd.
...-746,16 +749,23 @@ options.verify_reverse_mapping), (struct sockaddr *)&from, fromlen); -#ifdef USE_PAM /* * If password change is needed, do it now. * This needs to occur before the ~/.hushlogin check. */ +#ifdef USE_PAM if (is_pam_password_change_required()) { print_pam_messages(); - do_pam_chauthtok(); + if (!use_privsep) + do_pam_chauthtok(); } #endif + buffer_append(&expire_message, "\0", 1); + if (password_change_required) { + printf("%s", (char *)buffer_ptr(&expire_message)); + do_tty_change_password(pw); + password_changed = 1; +...
2002 Oct 13
1
[PATCH] AIX password expiration
...+766,13 @@ } #endif +#ifdef WITH_AIXAUTHENTICATE + if (is_aix_password_change_required()) { + printf("%s\n", aixexpiremsg); + do_aix_change_password(pw); + } +#endif + if (check_quietlogin(s, command)) return; @@ -764,7 +780,10 @@ if (!is_pam_password_change_required()) print_pam_messages(); #endif /* USE_PAM */ + #ifdef WITH_AIXAUTHENTICATE + if (!is_aix_password_change_required() && aixexpiremsg && *aixexpiremsg) + printf("%s\n", aixexpiremsg); if (aixloginmsg && *aixloginmsg) printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHE...
2000 Jul 07
1
Potentially insecure format string handling in PAM support
...;t think its exploitable. But the format string processing isn't needed here, so it should be painless to remove. Here's the patch. -- Aaron - --- auth-pam.c~ Thu Jun 22 04:44:54 2000 +++ auth-pam.c Fri Jul 7 14:57:16 2000 @@ -277,7 +277,7 @@ void print_pam_messages(void) { if (pam_msg != NULL) - - fprintf(stderr, pam_msg); + fputs(pam_msg, stderr); } /* Append a message to the PAM message buffer */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBOWZUP0...
2001 Jan 03
0
AIX loginsuccess and aixloginmsg ?
...rm/test if aixloginmsg should be freed ? If so this little patch might work (I didn't test this !!!!!): ^^^^^^^^^^^^^^^^^^^^^^^^^ --- session.c-orig Wed Jan 3 10:19:31 2001 +++ session.c Wed Jan 3 10:20:48 2001 @@ -750,8 +750,10 @@ print_pam_messages(); #endif /* USE_PAM */ #ifdef WITH_AIXAUTHENTICATE - if (aixloginmsg && *aixloginmsg) + if (aixloginmsg && *aixloginmsg) { printf("%s\n", aixloginmsg); + free(aixloginmsg); + } #endif /* WITH_AIXAUTHENTICATE */...
2003 Jul 30
7
[Bug 564] new PAM code only calls pam_acct_mgmt for challenge-response clients
http://bugzilla.mindrot.org/show_bug.cgi?id=564 ------- Additional Comments From djm at mindrot.org 2003-07-30 11:48 ------- Maybe UsePAM should be a tri-state: "kbd-int", "no" or "always". This is ugly - suggestions wanted. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2002 Oct 21
0
[Bug 419] New: HP-UX PAM problems with 3.5p1
...enssh-3.5p1a/auth-pam.h Wed Oct 16 10:00:40 2002 @@ -39,6 +39,7 @@ int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); +void do_pam_set_tty(const char *ttyname); void do_pam_setcred(int init); void print_pam_messages(void); int is_pam_password_change_required(void); diff -u -r openssh-3.5p1/session.c openssh-3.5p1a/session.c --- openssh-3.5p1/session.c Thu Sep 26 02:38:50 2002 +++ openssh-3.5p1a/session.c Wed Oct 16 15:01:40 2002 @@ -454,7 +454,6 @@ session_proctitle(s); #if defined(USE_PAM) - do_pam_sess...
2002 Jul 16
2
HP-UX PAM with Trusted System patch
...ssh-3.4p1-dw/auth-pam.h Tue Jul 16 07:54:05 2002 @@ -12,6 +12,7 @@ int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); +void do_pam_set_tty(const char *ttyname); void do_pam_setcred(int init); void print_pam_messages(void); int is_pam_password_change_required(void); Only in openssh-3.4p1-dw: auth-pam.h.orig diff -u -r openssh-3.4p1/session.c openssh-3.4p1-dw/session.c --- openssh-3.4p1/session.c Wed Jun 26 08:51:06 2002 +++ openssh-3.4p1-dw/session.c Tue Jul 16 07:54:06 2002 @@ -461,7 +461,6 @@ session_proct...
2003 Jul 05
0
[PATCH] Replace AIX loginmsg with generic Buffer loginmsg
...+104,6 @@ #define MAX_SESSIONS 10 Session sessions[MAX_SESSIONS]; -#ifdef WITH_AIXAUTHENTICATE -char *aixloginmsg; -#endif /* WITH_AIXAUTHENTICATE */ - #ifdef HAVE_LOGIN_CAP login_cap_t *lc; #endif @@ -770,10 +767,13 @@ if (options.use_pam && !is_pam_password_change_required()) print_pam_messages(); #endif /* USE_PAM */ -#ifdef WITH_AIXAUTHENTICATE - if (aixloginmsg && *aixloginmsg) - printf("%s\n", aixloginmsg); -#endif /* WITH_AIXAUTHENTICATE */ + + /* display post-login message */ + if (buffer_len(&loginmsg) > 0) { + buffer_append(&loginmsg, "\0"...
2003 May 10
4
New PAM code landing (at last)
Hello all, The long-mooted PAM merge from FreeBSD is starting _now_. This replaces the PAM password auth kludge that we have used until now with a discrete challenge-response module. This module is invoked via keyboard-interactive for protocol 2 or TIS auth for protocol 1. Warning: this is a large change and will probably break things. It has only been tested with basic password auth modules and
2002 Dec 10
5
[PATCH] Password expiry with Privsep and PAM
...nect("Password change required but no " @@ -581,7 +580,7 @@ ttyfd = s->ttyfd; #if defined(USE_PAM) - do_pam_session(s->pw->pw_name, s->tty); + do_pam_set_tty(s->tty); do_pam_setcred(1); #endif @@ -753,7 +752,7 @@ */ if (is_pam_password_change_required()) { print_pam_messages(); - do_pam_chauthtok(); + PRIVSEP(do_pam_chauthtok()); } #endif @@ -1238,6 +1237,12 @@ * Reestablish them here. */ do_pam_setcred(0); + + /* + * We need to open the session here because PAM on HP-UX does not + * work after the call to permanently_set_uid. + */ + do_pam_se...