Displaying 20 results from an estimated 21 matches for "sshpam_query".
2004 Jun 01
1
Sending immediate PAM auth failure messages via kbd-int
Hi.
One thing that people seem to want to do with PAM is to deny a login
immediately without interacting but return a message to the user. (Some
platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd
will just deny the login and the user will not be told why.
Attached it a patch that return a keyboard-interactive packet with the
message in the "instruction"
2010 Jul 13
5
[Bug 1795] New: An integer variable "num" in mm_answer_pam_query() is not initialized before used
...++i) {
buffer_put_cstring(m, prompts[i]); <== fail here!
xfree(prompts[i]);
buffer_put_int(m, echo_on[i]);
}
------- sshd debug log -----------
debug3: PAM: sshpam_init_ctx entering
debug3: mm_request_send entering: type 49
debug3: mm_sshpam_query
debug3: mm_request_send entering: type 50
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_request_receive_expect entering: type 51
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 50
debug3: mm_answer_pam_query
debu...
2014 Dec 23
2
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Tue, 23 Dec 2014, Dmt Ops wrote:
> testing goole-authenticator's standalone functionality, it
>
> > cd google-authenticator/libpam/
> > ./demo
> Verification code: 123456
> Login failed
> Invalid verification code
> >
>
> fails with an INVALID code, and
>
> > ./demo
> Verification code:
2002 Jul 02
3
New PAM kbd-int diff
...etdtablesize(); ++i)
+ if (i != ctxt->sock)
+ close(i);
+ sshpam_child(ctxt);
+ /* not reached */
+ exit(1);
+ }
+ ctxt->sock = socks[0];
+ close(socks[1]);
+ return (ctxt);
+}
- nresp = packet_get_int(); /* Number of responses. */
- debug("got %d responses", nresp);
+int
+sshpam_query(void *ctx, char **name, char **info,
+ u_int *num, char ***prompts, u_int **echo_on)
+{
+ struct sshpam_ctxt *ctxt = ctx;
+ char *msg;
+ debug3("PAM kbd-int query");
- if (nresp != context_pam2.num_expected)
- fatal("%s: Received incorrect number of responses "
- &q...
2004 Nov 09
1
Solaris + PAM/LDAP + pubkey failing?
...: sshpam_thread_conv entering, 1 messages
Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: ssh_msg_send: type 1
Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: ssh_msg_recv entering
Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: PAM: sshpam_query entering
Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: ssh_msg_recv entering
Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.info] Postponed keyboard-interactive for testuser from 1.2.3.4 port 33457 ssh2
Nov 9 10:00:52 sshserver sshd[27976]: [ID 800047 auth.debug] de...
2002 Jun 25
4
PAM kbd-int with privsep
...for (i = 0; i < getdtablesize(); ++i)
+ if (i != ctxt->sock)
+ close(i);
+ sshpam_child(ctxt);
+ /* not reached */
+ exit(1);
+ }
+ ctxt->sock = socks[0];
+ close(socks[1]);
+ return (ctxt);
}
-void
-input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
+int
+sshpam_query(void *ctx, char **name, char **info,
+ u_int *num, char ***prompts, u_int **echo_on)
{
- Authctxt *authctxt = ctxt;
- unsigned int nresp = 0, rlen = 0, i = 0;
- char *resp;
+ struct sshpam_ctxt *ctxt = ctx;
+ char *msg;
- if (authctxt == NULL)
- fatal("input_userauth_info_response_pam:...
2004 Feb 27
1
Minor Thread Bug In OpenSSH 3.8p1
...I have chosen to comment out the guts of routine import_environments() if
USE_POSIX_PTHREADS is not defined as a solution, reasoning that this will
also work if that routine a called by other parts of the code in some later
version. I could have just commented out the single call to that routine in
sshpam_query() as an alternative. Either way will work.
diff -r -c old/auth-pam.c new/auth-pam.c
*** old/auth-pam.c Tue Feb 17 05:20:08 2004
--- new/auth-pam.c Thu Feb 26 23:18:05 2004
***************
*** 201,206 ****
--- 201,207 ----
debug3("PAM: %s entering", __func__);
+ #ifndef USE_POSIX...
2018 Jun 12
16
[Bug 2876] New: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not honoured during PAM authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2876
Bug ID: 2876
Summary: PAM_TEXT_INFO and PAM_ERROR_MSG conversation not
honoured during PAM authentication
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2003 Nov 13
0
[PATCH] Make PAM chauthtok_conv function into tty_conv
...c 13 Nov 2003 08:52:31 -0000 1.78
+++ auth-pam.c 13 Nov 2003 09:35:56 -0000
@@ -52,6 +52,8 @@ RCSID("$Id: auth-pam.c,v 1.78 2003/11/13
#include "auth-options.h"
extern ServerOptions options;
+extern Buffer loginmsg;
+extern int compat20;
#define __unused
@@ -421,13 +423,9 @@ sshpam_query(void *ctx, char **name, cha
case PAM_AUTH_ERR:
if (**prompts != NULL) {
/* drain any accumulated messages */
-#if 0 /* XXX - not compatible with privsep */
- packet_start(SSH2_MSG_USERAUTH_BANNER);
- packet_put_cstring(**prompts);
- packet_put_cstring("");
- packet...
2003 Feb 26
0
PAM merge from FreeBSD
...ting the authentication (client sends USERAUTH_REQUEST
> instead of USERAUTH_INFO_RESPONSE)?
>
> In auth-pam.c:sshpam_thread_conv(), line 148, the two cases ECHO_OFF and
> ECHO_ON should be combined into a single case, as should the ERROR_MSG
> and TEXT_INFO cases; just as you do in sshpam_query().
>
> The code as a whole /is/ far cleaner than what exists currently, so that
> is a big plus.
>
> I dislike that kbdint is run via auth2_challenge() and all the refs
> to "challenge". It's not necessarily a challenge.
>
> /fc
2004 May 27
1
Solaris/PAM/AFS: can't make it work
...entering
debug3: monitor_read: checking request 52
debug3: mm_answer_pam_respond
debug2: PAM: sshpam_respond entering, 1 responses
debug3: ssh_msg_send: type 6
debug3: mm_request_send entering: type 53
debug3: mm_request_receive entering
debug3: mm_sshpam_respond: pam_respond returned 1
debug3: mm_sshpam_query
debug3: mm_request_send entering: type 50
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_request_receive_expect entering: type 51
debug3: mm_request_receive entering
debug3: monitor_read: checking request 50
debug3: mm_answer_pam_query
debug3: PAM: sshpam_query entering
debug...
2006 Aug 15
1
OpenSSH_4.3p2 fails to create a pty session
...NIT_CTX
debug3: mm_answer_pam_init_ctx
debug3: mm_request_receive_expect entering: type 49
debug3: PAM: sshpam_init_ctx entering
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 49
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: mm_sshpam_query
debug3: ssh_msg_recv entering
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 50
debug3: monitor_read: checking request 50
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_answer_pam_query
debug3: mm_request_receive_expect entering: type 51
debug3: PA...
2015 Apr 07
2
OpenSSH 6.6.x sends invalid SSH_MSG_USERAUTH_INFO_REQUEST
..._answer_authserv: service=ssh-connection, style=
debug2: monitor_read: 4 used once, disabling now
debug3: mm_request_receive entering
debug3: monitor_read: checking request 104
debug3: mm_answer_pam_init_ctx
debug3: PAM: sshpam_init_ctx entering
debug3: mm_request_send entering: type 105
debug3: mm_sshpam_query [preauth]
debug3: mm_request_send entering: type 106 [preauth]
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY [preauth]
debug3: mm_request_receive_expect entering: type 107 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read:...
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
Hi All.
This patch calls pam_chauthtok() to change an expired password via PAM
during keyboard-interactive authentication (SSHv2 only). It is tested on
Redhat 8 and Solaris 8.
In theory, it should have simply been a matter of calling pam_chauthtok
with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is
if it's expired, right? From the Solaris pam_chauthtok man page:
2003 May 10
4
New PAM code landing (at last)
Hello all,
The long-mooted PAM merge from FreeBSD is starting _now_. This replaces
the PAM password auth kludge that we have used until now with a discrete
challenge-response module. This module is invoked via
keyboard-interactive for protocol 2 or TIS auth for protocol 1.
Warning: this is a large change and will probably break things. It has
only been tested with basic password auth modules and
2003 Sep 17
5
openssh-3.7.1p1 segfaults
...nd entering: type 46
debug3: monitor_read: checking request 46
debug3: mm_answer_pam_init_ctx
debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX
debug3: mm_request_receive_expect entering: type 47
debug3: mm_request_receive entering
debug3: mm_request_send entering: type 47
debug3: mm_sshpam_query
debug3: mm_request_send entering: type 48
debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY
debug3: mm_request_receive_expect entering: type 49
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 48
debug3: mm_answer_pam_query
debu...
2004 Oct 02
12
[Bug 938] "AllowGroups" option and secondary user's groups limit
...=[<unknown>]
rhost=[127.0.0.1]
Oct 2 20:06:35 linux sshd[8860]: debug3: PAM: sshpam_thread_conv
entering, 1 messages
Oct 2 20:06:35 linux sshd[8860]: debug3: ssh_msg_send: type 1
Oct 2 20:06:35 linux sshd[8860]: debug3: ssh_msg_recv entering
Oct 2 20:06:35 linux sshd[8856]: debug3: PAM: sshpam_query entering
Oct 2 20:06:35 linux sshd[8856]: debug3: ssh_msg_recv entering
Oct 2 20:06:35 linux sshd[8856]: Postponed keyboard-interactive for
invalid user john from 127.0.0.1 port 32986 ssh2
Oct 2 20:06:35 linux sshd[8856]: debug2: auth2_challenge_start: devices
<empty>Oct 2 20:06:35 linu...
2014 Dec 23
3
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote:
> On Fri, 19 Dec 2014, Dmt Ops wrote:
>
> > I added an EXPLICIT
> >
> > AuthenticationMethods publickey,keyboard-interactive
> > + UsePam yes
> >
> > to sshd_config. Now, at connect attempt I get
> >
> > Password:
> > Verification code:
> >
2017 Nov 01
2
Winbind, Kerberos, SSH and Single Sign On
...2_challenge: user=EXAMPLE+user1 devs=
debug1: kbdint_alloc: devices 'pam'
debug2: auth2_challenge_start: devices pam
debug2: kbdint_next_device: devices <empty>
debug1: auth2_challenge_start: trying authentication method 'pam'
debug3: PAM: sshpam_init_ctx entering
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
debug3: PAM: sshpam_thread_conv entering, 1 messages
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug3: send packet: type 60
Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114
port 45018 ssh2
smb.conf:
[global]
netbi...
2017 Nov 01
0
Winbind, Kerberos, SSH and Single Sign On
...1 devs=
> debug1: kbdint_alloc: devices 'pam'
> debug2: auth2_challenge_start: devices pam
> debug2: kbdint_next_device: devices <empty>
> debug1: auth2_challenge_start: trying authentication method 'pam'
> debug3: PAM: sshpam_init_ctx entering
> debug3: PAM: sshpam_query entering
> debug3: ssh_msg_recv entering
> debug3: PAM: sshpam_thread_conv entering, 1 messages
> debug3: ssh_msg_send: type 1
> debug3: ssh_msg_recv entering
> debug3: send packet: type 60
> Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114
> port 45018 ssh...