Displaying 11 results from an estimated 11 matches for "sshpam_thread".
2004 Jun 28
1
is sshpam_thread() dead code?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I wondered what part sshpam_thread() (in auth-pam.c) is playing wrt. PAM
authentication.
It seems to be never called from any other ssh code (judging from CVS
as of 27.6.2004).
I noticed this because the current openssh package in Debian unstable
(3.8.1p1) is not calling the pam_authenticate() function at all,
regardless of my conf...
2007 May 24
2
[RFC][PATCH] Detect and handle PAM changing user name
...patch, how do I go about
submitting the patch for formal review?
Third, regardless of interest by the openssh community, is there
anyone willing to review this code for me?
PS I've tested the code path going through sshpam_auth_passwd(),
but do know how to test the code path that goes through sshpam_thread().
<patch against 4.6p1 (portable) attached>
--
James R. Leu
jleu at inoc.com
INOC -> http://inoc.com/
DELIVERING UPTIME
-------------- next part --------------
diff -uNr openssh-4.6p1/auth-pam.c openssh-4.6p1.jleu/auth-pam.c
--- openssh-4.6p1/auth-pam.c 2006-09-16 20:57:47.000000000 -05...
2006 Sep 12
3
Weird TZ Behavior in 4.1p1 and 4.3p2 on AIX
Hi,
I am using PAM authentication on 3.8p1. In my PAM auth module I can
turn on debug logging that includes a timestamp in the form "mm/dd/yy
hh:mm:ss". Life is good.
I want to upgrade from 3.8p1 so I can use PAM for PasswordAuthentication
in addition to keyboard-interactive. I have compiled both 4.1p1 and
4.3p2 and the PAM authentication for both methods works fine in both
2003 Oct 12
4
[PATCH]: Call pam_chauthtok from keyboard-interactive.
...ne __unused
@@ -117,6 +119,7 @@ static int sshpam_authenticated = 0;
static int sshpam_new_authtok_reqd = 0;
static int sshpam_session_open = 0;
static int sshpam_cred_established = 0;
+static int sshpam_account_status = -1;
struct pam_ctxt {
sp_pthread_t pam_thread;
@@ -231,6 +234,15 @@ sshpam_thread(void *ctxtp)
sshpam_err = pam_authenticate(sshpam_handle, 0);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
+ if (compat20) {
+ if (do_pam_account() && sshpam_new_authtok_reqd) {
+ sshpam_err = pam_chauthtok(sshpam_handle,
+ PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (sshpam_err !...
2004 Jul 01
1
[Bug 705] Compiler warnings in auth-pam.c
...-pam.c match the prototypes defined by the PAM specs for
the conversation function and get_pam_item. See OSF RFC 86.0[1] (A.1 and
appendix B) and and XSS0[2] (ss 5.1.2 and ch 6).
It will cause warnings similar to the following on platforms that don't match
the specs:
auth-pam.c: In function `sshpam_thread':
auth-pam.c:365: warning: passing arg 3 of `pam_get_item' from incompatible
pointer type
auth-pam.c:370: warning: assignment from incompatible pointer type
auth-pam.c: At top level:
auth-pam.c:460: warning: initialization from incompatible pointer type
auth-pam.c: In function `sshpam_init&...
2004 Feb 27
1
Minor Thread Bug In OpenSSH 3.8p1
There is a minor problem with the PAM support in OpenSSH 3.8p1. If you use
POSIX threads (as specified by defining USE_POSIX_THREADS) in auth-pam.c,
PAM authentication will fail in routine import_environments(). The purpose
of this routine is to import variables returned by do_pam_account() in
sshpam_thread(). However, those variable are only exported if USE_POSIX_THREADS
is NOT set. Consequently, import_environments() get upset when there's nothing
in the buffer when that macro IS set.
I have chosen to comment out the guts of routine import_environments() if
USE_POSIX_PTHREADS is not defined as...
2003 Dec 07
0
[PATCH] Do PAM chauthtok via keyboard-interactive.
...= buffer_get_int(b);
+ sshpam_new_authtok_reqd = buffer_get_int(b);
+
+ if (sshpam_new_authtok_reqd == 1)
+ pam_password_change_required(1);
+
/* Import environment from subprocess */
num_env = buffer_get_int(b);
sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env));
@@ -290,9 +314,28 @@ sshpam_thread(void *ctxtp)
sshpam_err = pam_authenticate(sshpam_handle, 0);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
+
+ if (compat20) {
+ if (do_pam_account()) {
+ if (sshpam_new_authtok_reqd) {
+ sshpam_err = pam_chauthtok(sshpam_handle,
+ PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (s...
2003 Nov 13
0
[PATCH] Perform do_pam_chauthtok via SSH2 keyboard-interactive.
...ne __unused
@@ -117,6 +119,7 @@ static int sshpam_authenticated = 0;
static int sshpam_new_authtok_reqd = 0;
static int sshpam_session_open = 0;
static int sshpam_cred_established = 0;
+static int sshpam_account_status = -1;
struct pam_ctxt {
sp_pthread_t pam_thread;
@@ -231,6 +234,17 @@ sshpam_thread(void *ctxtp)
sshpam_err = pam_authenticate(sshpam_handle, 0);
if (sshpam_err != PAM_SUCCESS)
goto auth_fail;
+#ifndef DISABLE_KBDINT_CHAUTHTOK
+ if (compat20) {
+ if (do_pam_account() && sshpam_new_authtok_reqd) {
+ sshpam_err = pam_chauthtok(sshpam_handle,
+ PAM_CHANGE_EXPI...
2005 Mar 16
1
openssh-3.8.1p1, with pthreads enabled, hung in pthread_join.
...tate:
Attaching to program: `/private/tmp/OpenSSH.roots/OpenSSH~obj/sshd',
process 26589.
Reading symbols for shared libraries ...................... done
0x9002cf88 in semaphore_wait_trap ()
(gdb) bt
#0 0x9002cf88 in semaphore_wait_trap ()
#1 0x9006153c in pthread_join ()
#2 0x00028a50 in sshpam_thread_cleanup () at
/tmp/OpenSSH.roots/OpenSSH/openssh/auth-pam.c:417
#3 0x00017110 in do_cleanup (authctxt=0x4034e0) at
/tmp/OpenSSH.roots/OpenSSH/openssh/session.c:2273
#4 0x00007044 in cleanup_exit (i=255) at
/tmp/OpenSSH.roots/OpenSSH/openssh/sshd.c:1923
#5 0x00035bb0 in fatal (fmt=0x547d0 &quo...
2010 Jul 13
5
[Bug 1795] New: An integer variable "num" in mm_answer_pam_query() is not initialized before used
...: type 51
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 50
debug3: mm_answer_pam_query
debug3: PAM: sshpam_query entering
debug3: ssh_msg_recv entering
buffer_put_cstring: s == NULL
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
2005 Feb 01
3
Feature request: FAIL_DELAY-support for sshd
...login attempts. It may
help a bit against cracking attempts, but it doesn't use delays. Because
OpenSSH checks the usernames before PAM-authentication, this feature
will not help against testing usernames.
I played a bit with OpenSSH's source code to enable a FAIL_DELAY:
In auth-pam.c: sshpam_thread I inserted
pam_fail_delay(sshpam_handle, 10000000 /* micro-seconds */ );
before
sshpam_err = pam_authenticate(sshpam_handle, flags);
This results in a 10 seconds delay after an login attempt with an
existing user, but a wrong password.
Unfortunately this introduces new problems, becau...