search for: sshpam_init_ctx

...pam/keyboard-interactive, then when do_pam_account figures out your password is expired and calls pam_password_change_required, the latter will probably segfault when it dereferences the uninitialized int *force_pwchange. this is b/c, if you don't authenticate using the PRIVSEP(sshpam_device), sshpam_init_ctx is never called, so force_pwchange isn't properly initialized i'll attach a workaround patch, but not without serious misgivings about how crappy it is, so it won't hurt my feelings if you come up with a much better fix all in all, though, 3.8p1 does password-changing and chauthtok-in...

...h_fail; +#endif + sshpam_send(ctxt, "=OK"); + pam_end(sshpamh, err); + exit(0); + + auth_fail: + sshpam_send(ctxt, "!%s", pam_strerror(sshpamh, err)); + pam_end(sshpamh, err); + exit(0); } -void -input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt) +void * +sshpam_init_ctx(Authctxt *authctxt) { - Authctxt *authctxt = ctxt; - unsigned int nresp = 0, rlen = 0, i = 0; - char *resp; - - if (authctxt == NULL) - fatal("input_userauth_info_response_pam: no authentication context"); + struct sshpam_ctxt *ctxt; + int socks[2]; + int i; + + debug3("PAM kbd-int...

...r); + exit(0); + + auth_fail: + sshpam_send(ctxt, "!%s", pam_strerror(sshpamh, err)); + pam_end(sshpamh, err); + exit(0); +} - if(context_pam2.num_received == context_pam2.num_expected) { - *resp = context_pam2.responses; - return PAM_SUCCESS; - } else - return PAM_CONV_ERR; +void * +sshpam_init_ctx(Authctxt *authctxt) +{ + struct sshpam_ctxt *ctxt; + int socks[2]; + int i; + + debug3("PAM kbd-int init ctx"); + + ctxt = xmalloc(sizeof *ctxt); + ctxt->user = xstrdup(authctxt->user); + ctxt->done = 0; + if (socketpair(AF_UNIX, SOCK_DGRAM, PF_UNSPEC, socks) == -1) { + error(&q...

...xfree(info); buffer_put_int(m, num); for (i = 0; i < num; ++i) { buffer_put_cstring(m, prompts[i]); <== fail here! xfree(prompts[i]); buffer_put_int(m, echo_on[i]); } ------- sshd debug log ----------- debug3: PAM: sshpam_init_ctx entering debug3: mm_request_send entering: type 49 debug3: mm_sshpam_query debug3: mm_request_send entering: type 50 debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_request_receive_expect entering: type 51 debug3: mm_request_receive entering debug3: mm_request_receive entering...

http://bugzilla.mindrot.org/show_bug.cgi?id=702 Summary: dont call userauth_finish after auth2_challenge_stop Product: Portable OpenSSH Version: 3.7.1p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:

...er sshd[27976]: [ID 800047 auth.debug] debug2: kbdint_next_device: devices <empty> Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug1: auth2_challenge_start: trying authentication method 'pam' Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: PAM: sshpam_init_ctx entering Nov 9 10:00:07 sshserver sshd[27977]: [ID 384020 auth.debug] PAM[27977]: pam_set_item(7f6e8:conv) Nov 9 10:00:07 sshserver sshd[27977]: [ID 225850 auth.debug] PAM[27977]: pam_authenticate(7f6e8, 1) Nov 9 10:00:07 sshserver sshd[27977]: [ID 348363 auth.debug] PAM[27977]: load_modules(7f6...

http://bugzilla.mindrot.org/show_bug.cgi?id=936 Summary: S/Key authentication fails if UsePAM=no Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: ulm at

...ux sshd[8856]: debug2: auth2_challenge_start: devices pam Oct 2 20:06:35 linux sshd[8856]: debug2: kbdint_next_device: devices <empty> Oct 2 20:06:35 linux sshd[8856]: debug1: auth2_challenge_start: trying authentication method 'pam' Oct 2 20:06:35 linux sshd[8856]: debug3: PAM: sshpam_init_ctx entering Oct 2 20:06:35 linux PAM-warn[8860]: function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[john] ruser=[<unknown>] rhost=[127.0.0.1] Oct 2 20:06:35 linux sshd[8860]: debug3: PAM: sshpam_thread_conv entering, 1 messages Oct 2 20:06:35 linux sshd[8860]: debug3: ssh_m...

https://bugzilla.mindrot.org/show_bug.cgi?id=3210 Bug ID: 3210 Summary: Confusing errors when pam_acct_mgmt() fails Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee:

...: auth2_challenge: user=emillbrandt devs= debug3: mm_request_receive entering debug1: kbdint_alloc: devices 'pam' debug2: auth2_challenge_start: devices pam debug2: kbdint_next_device: devices <empty> debug1: auth2_challenge_start: trying authentication method 'pam' debug3: mm_sshpam_init_ctx debug3: mm_request_send entering: type 48 debug3: monitor_read: checking request 48 debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX debug3: mm_answer_pam_init_ctx debug3: mm_request_receive_expect entering: type 49 debug3: PAM: sshpam_init_ctx entering debug3: mm_request_receive en...

...challenge: user=admin devs= [preauth] debug1: kbdint_alloc: devices 'pam' [preauth] debug2: auth2_challenge_start: devices pam [preauth] debug2: kbdint_next_device: devices <empty> [preauth] debug1: auth2_challenge_start: trying authentication method 'pam' [preauth] debug3: mm_sshpam_init_ctx [preauth] debug3: mm_request_send entering: type 104 [preauth] debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX [preauth] debug3: mm_request_receive_expect entering: type 105 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_...

As many of you know, OpenSSH 3.7.X, unlike previous versions, makes PAM authentication take place in a separate process or thread (launched from sshpam_init_ctx() in auth-pam.c). By default (if you don't define USE_POSIX_THREADS) the code "fork"s a separate process. Or if you define USE_POSIX_THREADS it will create a new thread (a second one, in addition to the primary thread). The default option (authenticating in a child process) has a se...

On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 19 Dec 2014, Dmt Ops wrote: > > > I added an EXPLICIT > > > > AuthenticationMethods publickey,keyboard-interactive > > + UsePam yes > > > > to sshd_config. Now, at connect attempt I get > > > > Password: > > Verification code: > >

...keyboard-interactive devs debug1: auth2_challenge: user=EXAMPLE+user1 devs= debug1: kbdint_alloc: devices 'pam' debug2: auth2_challenge_start: devices pam debug2: kbdint_next_device: devices <empty> debug1: auth2_challenge_start: trying authentication method 'pam' debug3: PAM: sshpam_init_ctx entering debug3: PAM: sshpam_query entering debug3: ssh_msg_recv entering debug3: PAM: sshpam_thread_conv entering, 1 messages debug3: ssh_msg_send: type 1 debug3: ssh_msg_recv entering debug3: send packet: type 60 Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 port 45018 ssh...

...debug1: auth2_challenge: user=EXAMPLE+user1 devs= > debug1: kbdint_alloc: devices 'pam' > debug2: auth2_challenge_start: devices pam > debug2: kbdint_next_device: devices <empty> > debug1: auth2_challenge_start: trying authentication method 'pam' > debug3: PAM: sshpam_init_ctx entering > debug3: PAM: sshpam_query entering > debug3: ssh_msg_recv entering > debug3: PAM: sshpam_thread_conv entering, 1 messages > debug3: ssh_msg_send: type 1 > debug3: ssh_msg_recv entering > debug3: send packet: type 60 > Postponed keyboard-interactive for EXAMPLE+user1...

...enge: user=EXAMPLE+user1 devs= >> debug1: kbdint_alloc: devices 'pam' >> debug2: auth2_challenge_start: devices pam >> debug2: kbdint_next_device: devices <empty> >> debug1: auth2_challenge_start: trying authentication method 'pam' >> debug3: PAM: sshpam_init_ctx entering >> debug3: PAM: sshpam_query entering >> debug3: ssh_msg_recv entering >> debug3: PAM: sshpam_thread_conv entering, 1 messages >> debug3: ssh_msg_send: type 1 >> debug3: ssh_msg_recv entering >> debug3: send packet: type 60 >> Postponed keyboard-in...