search for: resp_retcod

...count++) { - switch (msg[count]->msg_style) { + for (count = 0; count < num_msg; count++) { + switch ((*msg)[count].msg_style) { + case PAM_PROMPT_ECHO_ON: + fputs((*msg)[count].msg, stderr); + fgets(buf, sizeof(buf), stdin); + reply[count].resp = xstrdup(buf); + reply[count].resp_retcode = PAM_SUCCESS; + break; case PAM_PROMPT_ECHO_OFF: - if (pampasswd == NULL) { - free(reply); - return PAM_CONV_ERR; - } + if (pamstate == INITIAL_LOGIN) { + if (pampasswd == NULL) { + free(reply); + return PAM_CONV_ERR; + } + reply[count].resp = xstrdup...

I tried replacing readpassphrase() for v2.9.9p2 on Sol8 with a different version that just calls getpassphrase(). It appears to solve the echo problem when the user tries to login in interactive mode and needs to change their password. Can anyone else try this with v2.9.9p2 on Solaris? Be sure to add: #define HAVE_GETPASSPHRASE ... to config.h when compiling (since it's not a configurable

.../pdb_smbpasswd.c Compiling passdb/pampass.c "passdb/pampass.c", line 422: warning: assignment type mismatch: pointer to function(int, pointer to pointer to struct pam_message {int msg_style, pointer to char msg}, pointer to pointer to struct pam_response {pointer to char resp, int resp_retcode}, pointer to void) returning int "=" pointer to function(int, pointer to pointer to const struct pam_message {int msg_style, pointer to char msg}, pointer to pointer to struct pam_response {pointer to char resp, int resp_retcode}, pointer to void) returning int Compiling passdb/pdb_tdb.c...

In OpenSSH 3.6.1p2, pam_open_session() ran with a conversation function, do_pam_conversation(), that fed text to the client. In OpenSSH 3.7.1p2, this is no longer the case: session modules run with a conversation function that just returns PAM_CONV_ERR. This means that simple session modules whose job involves printing text on the user's terminal no longer work: pam_lastlog, pam_mail, and

...d. */ ! verbose("Closing connection to %.100s [%.100s] port %d", ! remote_hostname, remote_ip, remote_port); #ifdef USE_PAM finish_pam(); *** ./auth-pam.c.orig Sun Jul 9 08:42:33 2000 --- ./auth-pam.c Thu Aug 24 15:41:56 2000 *************** *** 77,89 **** reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = xstrdup(pampasswd); break; case PAM_TEXT_INFO: reply[count].resp_retcode = PAM_SUCCESS; reply[count].resp = xstrdup(""); ! ! if (msg[count]->msg != NULL) pam_msg_cat(msg[count]->msg); ! break; d...

...packet_integrity_check(plen, 4 + dlen, type); + } else { + free(reply); + return PAM_CONV_ERR; + } + reply[count].resp_retcode = PAM_SUCCESS; + reply[count].resp = xstrdup(pampasswd); + xfree((void*)pampasswd); + pampasswd=NULL; + } else { + /* password or second TIS attemp...

If the info_response code is going to test that the # of responses is < 100, then the info_request code should check that < 100 prompts are sent. It would be rude to send 101 prompts and then fail when the responses come back. I actually think the test should be removed altogether, the limit seems quite arbitrary, but here is a patch to not send > 100 prompts. With this patch, the test

...82,6 +982,8 @@ reply[i].resp = read_passphrase(PAM_MSG_MEMBER(msg, i, msg), RP_ALLOW_STDIN); + if (reply[i].resp == NULL) + goto fail; reply[i].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: ======================================================================= I am attaching the patch file to this bug report... Bill Parker (wp02855 at gmail dot com) -- You are receiving this mail because: You...

...string = strdup(ctx->request->user); + string = strdup(str_c(username)); if (string == NULL) i_fatal_status(FATAL_OUTOFMEM, "Out of memory"); break; @@ -108,12 +116,14 @@ } free(resp); + str_free(&username); return PAM_CONV_ERR; } resp[i].resp_retcode = PAM_SUCCESS; resp[i].resp = string; } + str_free(&username); *resp_r = resp; return PAM_SUCCESS; @@ -231,7 +241,10 @@ pam_strerror(pamh, status)); return status; } - auth_request_set_field(request, "user", item, NULL); + if (module->pam_allow_transfor...

...int style = PAM_MSG_MEMBER(msg, i, msg_style); - switch (style) { - case PAM_PROMPT_ECHO_ON: + ctxt = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof **resp)) == NULL) + return (PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; + resp[i]->resp = NULL; + switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: - context_pam2.num_expected++; + pam_send(ctxt, "p%s", msg[i]->msg); + resp[i]->resp = pam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + pam_send(ctxt, "P%s"...

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

Here is a patch that does TIS auth via PAM. It's controlled by a switch in the sshd_config. You'd use it by having a PAM module that sets PAM_PROMPT_ECHO_ON. eg, you could use it with pam_skey or pam_smxs. The patch is against the 2.9.9p2 distribution. I'm not on the list, a reply if this patch is accepted would be great. (But not required, I know some folks have a distaste for

...n PAM_CONV_ERR; + } + debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); + response = packet_get_string(&dlen); + debug("got response '%s'", response); + packet_integrity_check(plen, 4 + dlen, type); + reply[count].resp = xstrdup(response); + reply[count].resp_retcode = PAM_SUCCESS; + xfree(response); + break; + case PAM_PROMPT_ECHO_OFF: - if (__pampasswd == NULL) { + if (__pampasswd == NULL || + pamprompt != PAM_PROMPT_ECHO_OFF) { free(reply); return PAM_CONV_ERR; } @@ -198,8 +236,8 @@ } } -/* Attempt password authe...

...M_MSG_MEMBER(msg, i, msg_style); - switch (style) { - case PAM_PROMPT_ECHO_ON: + ctxt = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof(struct pam_response))) == NULL) + return (PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; + resp[i]->resp = NULL; + switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: - context_pam2.num_expected++; + sshpam_send(ctxt, "p%s", msg[i]->msg); + resp[i]->resp = sshpam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + sshpam_send(ctxt, "...

-----BEGIN PGP SIGNED MESSAGE----- Hi, I''ve got several replies, thank you for them. Let me summarize: o Many people say there is a PAMified version of ssh available at ftp://ftp.replay.com/pub/crypto/redhat/SRPMS (the source) ftp://ftp.replay.com/pub/crypto/redhat/i386 (Intel binaries) (there are analogous paths for the other architectures). The packages are made by Jan

...int style = PAM_MSG_MEMBER(msg, i, msg_style); - switch (style) { - case PAM_PROMPT_ECHO_ON: + ctxt = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return (PAM_CONV_ERR); + if ((*resp = calloc(n, sizeof **resp)) == NULL) + return (PAM_BUF_ERR); + for (i = 0; i < n; ++i) { + resp[i]->resp_retcode = 0; + resp[i]->resp = NULL; + switch (msg[i]->msg_style) { case PAM_PROMPT_ECHO_OFF: - context_pam2.num_expected++; + sshpam_send(ctxt, "p%s", msg[i]->msg); + resp[i]->resp = sshpam_receive(ctxt); + break; + case PAM_PROMPT_ECHO_ON: + sshpam_send(ctxt, "...

...->msg_style) { + case PAM_PROMPT_ECHO_ON: + case PAM_PROMPT_ECHO_OFF: + if (reply) + realloc(reply, size); + else + reply = malloc(size); + if (!reply) return PAM_CONV_ERR; + size += sizeof(struct pam_response); + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies++].resp = xstrdup (pampasswd); + /* PAM frees resp */ + break; + case PAM_TEXT_INFO: + /* ignore it... */ + break; + case PAM_ERROR_MSG: + default: + /* Must be an error of some sort... */ + free (repl...

...argument : pointer to pointer to char "passdb/pampass.c", line 418: warning: assignment type mismatch: pointer to function(int, pointer to pointer to struct pam_message {int msg_style, pointer to char msg}, pointer to pointer to struct pam_response { pointer to char resp, int resp_retcode}, pointer to void) returning int "=" pointer to function(int, pointer to pointer to const struct pam_message {int ms g_style, pointer to char msg}, pointer to pointer to struct pam_response {pointer to char resp, int resp_retcode}, pointer to void) returning int Compiling passdb/pdb_tdb....