search for: sshpam_device

...authenticate via pam/keyboard-interactive, then when do_pam_account figures out your password is expired and calls pam_password_change_required, the latter will probably segfault when it dereferences the uninitialized int *force_pwchange. this is b/c, if you don't authenticate using the PRIVSEP(sshpam_device), sshpam_init_ctx is never called, so force_pwchange isn't properly initialized i'll attach a workaround patch, but not without serious misgivings about how crappy it is, so it won't hurt my feelings if you come up with a much better fix all in all, though, 3.8p1 does password-changin...

...auth2-chall.c 2 Jul 2002 02:19:35 -0000 @@ -40,11 +40,17 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; +extern KbdintDevice mm_bsdauth_device; #else #ifdef SKEY extern KbdintDevice skey_device; +extern KbdintDevice mm_skey_device; #endif #endif +#ifdef USE_PAM +extern KbdintDevice sshpam_device; +extern KbdintDevice mm_sshpam_device; +#endif KbdintDevice *devices[] = { #ifdef BSD_AUTH @@ -54,6 +60,23 @@ &skey_device, #endif #endif +#ifdef USE_PAM + &sshpam_device, +#endif + NULL +}; + +KbdintDevice *mm_devices[] = { +#ifdef BSD_AUTH + &mm_bsdauth_device, +#else +#ifdef...

...00 @@ -924,7 +924,7 @@ mm_answer_pam_respond(int sock, Buffer * sshpam_authok = NULL; num = buffer_get_int(m); if (num > 0) { - resp = xmalloc(num * sizeof(char *)); + resp = xcalloc(num, sizeof(char *)); for (i = 0; i < num; ++i) resp[i] = buffer_get_string(m, NULL); ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); Index: monitor_wrap.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor_wrap.c,v retrieving revision 1.59 diff -u -p -r1.59 monitor_wrap.c --- monitor_wrap.c 31 Mar 2006 12:13:02 -0...

...uth2-chall.c 25 Jun 2002 01:42:11 -0000 @@ -40,11 +40,17 @@ #ifdef BSD_AUTH extern KbdintDevice bsdauth_device; +extern KbdintDevice mm_bsdauth_device; #else #ifdef SKEY extern KbdintDevice skey_device; +extern KbdintDevice mm_skey_device; #endif #endif +#ifdef USE_PAM +extern KbdintDevice sshpam_device; +extern KbdintDevice mm_sshpam_device; +#endif KbdintDevice *devices[] = { #ifdef BSD_AUTH @@ -54,6 +60,23 @@ &skey_device, #endif #endif +#ifdef USE_PAM + &sshpam_device, +#endif + NULL +}; + +KbdintDevice *mm_devices[] = { +#ifdef BSD_AUTH + &mm_bsdauth_device, +#else +#ifdef...

...de ------ int mm_answer_pam_query(int sock, Buffer *m) { char *name, *info, **prompts; u_int i, num, *echo_on; <== num is not initialized and could be a random large number int ret; debug3("%s", __func__); sshpam_authok = NULL; ret = (sshpam_device.query)(sshpam_ctxt, &name, &info, &num, &prompts, &echo_on); <== num may not be altered in this call if (ret == 0 && num == 0) sshpam_authok = sshpam_ctxt; if (num > 1 || name == NULL || info == NULL) ret = -1;...

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

https://bugzilla.mindrot.org/show_bug.cgi?id=2876 Bug ID: 2876 Summary: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5