search for: sshpam_thread_conv

http://bugzilla.mindrot.org/show_bug.cgi?id=676 Summary: auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Product: Portable OpenSSH Version: 3.7p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: PAM support AssignedTo:...

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

From: Marco Trevisan (Trevi?o) <mail at 3v1n0.net> --- auth-pam.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/auth-pam.c b/auth-pam.c index ba01dfb0c..932c7e1e2 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -446,6 +446,9 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: + debug3("PAM: Got message of type %d: %s", + PAM_MSG_MEMBER(msg, i, msg_style), + PAM_MSG_MEMBER(msg, i, msg)); if ((r = sshbuf_put_cstring(buffer, PAM_M...

...id *); /* @@ -142,6 +145,10 @@ *resp = NULL; ctxt = data; + if ( ctxt == NULL ) + { + ctxt = sshpam_ctxt; + } if (n <= 0 || n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); @@ -221,6 +228,7 @@ sshpam_conv.conv = sshpam_thread_conv; sshpam_conv.appdata_ptr = ctxt; + sshpam_ctxt = ctxt; buffer_init(&buffer); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, --- contrib/solaris/buildpkg.sh 2004/02/26 19:35:55 1.1.1.1 +++ contrib/solaris/buildpkg.sh 2004/02/27 00:27:00 @@ -18,14 +18,1...

...on. See also: https://github.com/util-linux/util-linux/pull/3206 --- auth-pam.c | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/auth-pam.c b/auth-pam.c index 13c0a792e..f45e61675 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -467,6 +467,28 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, return (PAM_CONV_ERR); } +static int +check_pam_user(Authctxt *authctxt) +{ + const char *pam_user; + + if (authctxt == NULL || authctxt->user == NULL) + fatal("%s: PAM authctxt user not initialized", __func__); + + sshpam_err = pam_g...

...ere's > another way to do this. I mean, you're still stuck in the conv. > function until the info response comes back, anyway. How do (will) > you handle restarting the authentication (client sends USERAUTH_REQUEST > instead of USERAUTH_INFO_RESPONSE)? > > In auth-pam.c:sshpam_thread_conv(), line 148, the two cases ECHO_OFF and > ECHO_ON should be combined into a single case, as should the ERROR_MSG > and TEXT_INFO cases; just as you do in sshpam_query(). > > The code as a whole /is/ far cleaner than what exists currently, so that > is a big plus. > > I dislik...

...c in read () (gdb) bt #0 0x90013bcc in read () #1 0x0002b5ec in atomicio (f=0x90013bc0 <read>, fd=8, _s=0xf0080ac0, n=4) at /tmp/OpenSSH.roots/OpenSSH/openssh/atomicio.c:45 #2 0x000491fc in ssh_msg_recv (fd=8, m=0xf0080b20) at /tmp/OpenSSH.roots/OpenSSH/openssh/msg.c:63 #3 0x00028514 in sshpam_thread_conv (n=1, msg=0xf0080bb4, resp=0xf0080bb8, data=0x403830) at /tmp/OpenSSH.roots/OpenSSH/openssh/auth-pam.c:272 #4 0x96798918 in _pam_system_log () #5 0x967989f4 in pam_get_pass () #6 0x0018a930 in pam_sm_authenticate () #7 0x967961c4 in pam_fail_delay () #8 0x96796514 in _pam_dispatch () #9 0x9...

https://bugzilla.mindrot.org/show_bug.cgi?id=1795 Summary: An integer variable "num" in mm_answer_pam_query() is not initialized before used Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support

...tion from DEBUG : Jul 13 17:05:31 tatiana sshd[25599]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt() Jul 13 17:05:31 tatiana sshd[25599]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(n113839), flags = 0 Jul 13 17:05:31 tatiana sshd[25599]: [ID 800047 auth.debug] debug3: PAM: sshpam_thread_conv entering, 1 messages Jul 13 17:05:31 tatiana sshd[25599]: [ID 800047 auth.debug] debug3: ssh_msg_send: type 4 Jul 13 17:05:31 tatiana sshd[25597]: [ID 800047 auth.debug] debug3: ssh_msg_recv entering Jul 13 17:05:31 tatiana sshd[25599]: [ID 800047 auth.debug] debug3: PAM: do_pam_account pam_acct_mg...

From: "Marco Trevisan" <marco at ubuntu.com> This serie of patches have been already submitted via [1], but i'm sending them again to the ML, to see if they can get some more traction. The patches are already part of Ubuntu openssh since 24.04, and they basically allow proper immediate instruction reporting to clients using PAM (as per RFC4256). This follows the approach

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:

...07 sshserver sshd[27977]: [ID 258498 auth.debug] PAM[27977]: load_function: successful load of pam_sm_authenticate Nov 9 10:00:07 sshserver sshd[27977]: [ID 334087 auth.debug] PAM[27977]: pam_get_user(7f6e8, 61746500, NULL) Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: PAM: sshpam_thread_conv entering, 1 messages Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: ssh_msg_send: type 1 Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: ssh_msg_recv entering Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: PAM: sshpam_query enterin...

...tion method 'pam' Oct 2 20:06:35 linux sshd[8856]: debug3: PAM: sshpam_init_ctx entering Oct 2 20:06:35 linux PAM-warn[8860]: function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[john] ruser=[<unknown>] rhost=[127.0.0.1] Oct 2 20:06:35 linux sshd[8860]: debug3: PAM: sshpam_thread_conv entering, 1 messages Oct 2 20:06:35 linux sshd[8860]: debug3: ssh_msg_send: type 1 Oct 2 20:06:35 linux sshd[8860]: debug3: ssh_msg_recv entering Oct 2 20:06:35 linux sshd[8856]: debug3: PAM: sshpam_query entering Oct 2 20:06:35 linux sshd[8856]: debug3: ssh_msg_recv entering Oct 2 20:06:35 l...

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

...d: checking request 48 debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX debug3: mm_answer_pam_init_ctx debug3: mm_request_receive_expect entering: type 49 debug3: PAM: sshpam_init_ctx entering debug3: mm_request_receive entering debug3: mm_request_send entering: type 49 debug3: PAM: sshpam_thread_conv entering, 1 messages debug3: ssh_msg_send: type 1 debug3: mm_sshpam_query debug3: ssh_msg_recv entering debug3: mm_request_receive entering debug3: mm_request_send entering: type 50 debug3: monitor_read: checking request 50 debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_answe...

...auth] debug3: mm_request_receive_expect entering: type 107 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 106 debug3: mm_answer_pam_query debug3: PAM: sshpam_query entering debug3: ssh_msg_recv entering debug3: PAM: sshpam_thread_conv entering, 1 messages debug3: ssh_msg_send: type 1 debug3: ssh_msg_recv entering debug3: mm_request_send entering: type 107 debug3: mm_sshpam_query: pam_query returned 0 [preauth] Postponed keyboard-interactive for admin from ::1 port 50860 ssh2 [preauth] debug3: mm_sshpam_respond [preauth] debug3:...

On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 19 Dec 2014, Dmt Ops wrote: > > > I added an EXPLICIT > > > > AuthenticationMethods publickey,keyboard-interactive > > + UsePam yes > > > > to sshd_config. Now, at connect attempt I get > > > > Password: > > Verification code: > >

...es 'pam' debug2: auth2_challenge_start: devices pam debug2: kbdint_next_device: devices <empty> debug1: auth2_challenge_start: trying authentication method 'pam' debug3: PAM: sshpam_init_ctx entering debug3: PAM: sshpam_query entering debug3: ssh_msg_recv entering debug3: PAM: sshpam_thread_conv entering, 1 messages debug3: ssh_msg_send: type 1 debug3: ssh_msg_recv entering debug3: send packet: type 60 Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 port 45018 ssh2 smb.conf: [global]     netbios name = computer1     security = ADS     workgroup = SUBDOM2     r...

..._challenge_start: devices pam > debug2: kbdint_next_device: devices <empty> > debug1: auth2_challenge_start: trying authentication method 'pam' > debug3: PAM: sshpam_init_ctx entering > debug3: PAM: sshpam_query entering > debug3: ssh_msg_recv entering > debug3: PAM: sshpam_thread_conv entering, 1 messages > debug3: ssh_msg_send: type 1 > debug3: ssh_msg_recv entering > debug3: send packet: type 60 > Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 > port 45018 ssh2 > > > smb.conf: > > [global] > >     netbios name = c...

...s pam >> debug2: kbdint_next_device: devices <empty> >> debug1: auth2_challenge_start: trying authentication method 'pam' >> debug3: PAM: sshpam_init_ctx entering >> debug3: PAM: sshpam_query entering >> debug3: ssh_msg_recv entering >> debug3: PAM: sshpam_thread_conv entering, 1 messages >> debug3: ssh_msg_send: type 1 >> debug3: ssh_msg_recv entering >> debug3: send packet: type 60 >> Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 >> port 45018 ssh2 >> >> >> smb.conf: >> >> [glob...