search for: sshpam_thread_conv

http://bugzilla.mindrot.org/show_bug.cgi?id=676 Summary: auth-pam.c trashes stack in sshpam_thread_conv() with more than one message Product: Portable OpenSSH Version: 3.7p1 Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: PAM support AssignedTo:...

http://bugzilla.mindrot.org/show_bug.cgi?id=423 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional

...id *); /* @@ -142,6 +145,10 @@ *resp = NULL; ctxt = data; + if ( ctxt == NULL ) + { + ctxt = sshpam_ctxt; + } if (n <= 0 || n > PAM_MAX_NUM_MSG) return (PAM_CONV_ERR); @@ -221,6 +228,7 @@ sshpam_conv.conv = sshpam_thread_conv; sshpam_conv.appdata_ptr = ctxt; + sshpam_ctxt = ctxt; buffer_init(&buffer); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, --- contrib/solaris/buildpkg.sh 2004/02/26 19:35:55 1.1.1.1 +++ contrib/solaris/buildpkg.sh 2004/02/27 00:27:00 @@ -18,14 +18,1...

...ere's > another way to do this. I mean, you're still stuck in the conv. > function until the info response comes back, anyway. How do (will) > you handle restarting the authentication (client sends USERAUTH_REQUEST > instead of USERAUTH_INFO_RESPONSE)? > > In auth-pam.c:sshpam_thread_conv(), line 148, the two cases ECHO_OFF and > ECHO_ON should be combined into a single case, as should the ERROR_MSG > and TEXT_INFO cases; just as you do in sshpam_query(). > > The code as a whole /is/ far cleaner than what exists currently, so that > is a big plus. > > I dislik...

...c in read () (gdb) bt #0 0x90013bcc in read () #1 0x0002b5ec in atomicio (f=0x90013bc0 <read>, fd=8, _s=0xf0080ac0, n=4) at /tmp/OpenSSH.roots/OpenSSH/openssh/atomicio.c:45 #2 0x000491fc in ssh_msg_recv (fd=8, m=0xf0080b20) at /tmp/OpenSSH.roots/OpenSSH/openssh/msg.c:63 #3 0x00028514 in sshpam_thread_conv (n=1, msg=0xf0080bb4, resp=0xf0080bb8, data=0x403830) at /tmp/OpenSSH.roots/OpenSSH/openssh/auth-pam.c:272 #4 0x96798918 in _pam_system_log () #5 0x967989f4 in pam_get_pass () #6 0x0018a930 in pam_sm_authenticate () #7 0x967961c4 in pam_fail_delay () #8 0x96796514 in _pam_dispatch () #9 0x9...

https://bugzilla.mindrot.org/show_bug.cgi?id=1795 Summary: An integer variable "num" in mm_answer_pam_query() is not initialized before used Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: PAM support

...tion from DEBUG : Jul 13 17:05:31 tatiana sshd[25599]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt() Jul 13 17:05:31 tatiana sshd[25599]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(n113839), flags = 0 Jul 13 17:05:31 tatiana sshd[25599]: [ID 800047 auth.debug] debug3: PAM: sshpam_thread_conv entering, 1 messages Jul 13 17:05:31 tatiana sshd[25599]: [ID 800047 auth.debug] debug3: ssh_msg_send: type 4 Jul 13 17:05:31 tatiana sshd[25597]: [ID 800047 auth.debug] debug3: ssh_msg_recv entering Jul 13 17:05:31 tatiana sshd[25599]: [ID 800047 auth.debug] debug3: PAM: do_pam_account pam_acct_mg...

On Tue, 23 Dec 2014, Dmt Ops wrote: > testing goole-authenticator's standalone functionality, it > > > cd google-authenticator/libpam/ > > ./demo > Verification code: 123456 > Login failed > Invalid verification code > > > > fails with an INVALID code, and > > > ./demo > Verification code:

...07 sshserver sshd[27977]: [ID 258498 auth.debug] PAM[27977]: load_function: successful load of pam_sm_authenticate Nov 9 10:00:07 sshserver sshd[27977]: [ID 334087 auth.debug] PAM[27977]: pam_get_user(7f6e8, 61746500, NULL) Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: PAM: sshpam_thread_conv entering, 1 messages Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: ssh_msg_send: type 1 Nov 9 10:00:07 sshserver sshd[27977]: [ID 800047 auth.debug] debug3: ssh_msg_recv entering Nov 9 10:00:07 sshserver sshd[27976]: [ID 800047 auth.debug] debug3: PAM: sshpam_query enterin...

...tion method 'pam' Oct 2 20:06:35 linux sshd[8856]: debug3: PAM: sshpam_init_ctx entering Oct 2 20:06:35 linux PAM-warn[8860]: function=[pam_sm_authenticate] service=[sshd] terminal=[ssh] user=[john] ruser=[<unknown>] rhost=[127.0.0.1] Oct 2 20:06:35 linux sshd[8860]: debug3: PAM: sshpam_thread_conv entering, 1 messages Oct 2 20:06:35 linux sshd[8860]: debug3: ssh_msg_send: type 1 Oct 2 20:06:35 linux sshd[8860]: debug3: ssh_msg_recv entering Oct 2 20:06:35 linux sshd[8856]: debug3: PAM: sshpam_query entering Oct 2 20:06:35 linux sshd[8856]: debug3: ssh_msg_recv entering Oct 2 20:06:35 l...

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

...d: checking request 48 debug3: mm_sshpam_init_ctx: waiting for MONITOR_ANS_PAM_INIT_CTX debug3: mm_answer_pam_init_ctx debug3: mm_request_receive_expect entering: type 49 debug3: PAM: sshpam_init_ctx entering debug3: mm_request_receive entering debug3: mm_request_send entering: type 49 debug3: PAM: sshpam_thread_conv entering, 1 messages debug3: ssh_msg_send: type 1 debug3: mm_sshpam_query debug3: ssh_msg_recv entering debug3: mm_request_receive entering debug3: mm_request_send entering: type 50 debug3: monitor_read: checking request 50 debug3: mm_sshpam_query: waiting for MONITOR_ANS_PAM_QUERY debug3: mm_answe...

...auth] debug3: mm_request_receive_expect entering: type 107 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 106 debug3: mm_answer_pam_query debug3: PAM: sshpam_query entering debug3: ssh_msg_recv entering debug3: PAM: sshpam_thread_conv entering, 1 messages debug3: ssh_msg_send: type 1 debug3: ssh_msg_recv entering debug3: mm_request_send entering: type 107 debug3: mm_sshpam_query: pam_query returned 0 [preauth] Postponed keyboard-interactive for admin from ::1 port 50860 ssh2 [preauth] debug3: mm_sshpam_respond [preauth] debug3:...

On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote: > On Fri, 19 Dec 2014, Dmt Ops wrote: > > > I added an EXPLICIT > > > > AuthenticationMethods publickey,keyboard-interactive > > + UsePam yes > > > > to sshd_config. Now, at connect attempt I get > > > > Password: > > Verification code: > >

...es 'pam' debug2: auth2_challenge_start: devices pam debug2: kbdint_next_device: devices <empty> debug1: auth2_challenge_start: trying authentication method 'pam' debug3: PAM: sshpam_init_ctx entering debug3: PAM: sshpam_query entering debug3: ssh_msg_recv entering debug3: PAM: sshpam_thread_conv entering, 1 messages debug3: ssh_msg_send: type 1 debug3: ssh_msg_recv entering debug3: send packet: type 60 Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 port 45018 ssh2 smb.conf: [global]     netbios name = computer1     security = ADS     workgroup = SUBDOM2     r...

..._challenge_start: devices pam > debug2: kbdint_next_device: devices <empty> > debug1: auth2_challenge_start: trying authentication method 'pam' > debug3: PAM: sshpam_init_ctx entering > debug3: PAM: sshpam_query entering > debug3: ssh_msg_recv entering > debug3: PAM: sshpam_thread_conv entering, 1 messages > debug3: ssh_msg_send: type 1 > debug3: ssh_msg_recv entering > debug3: send packet: type 60 > Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 > port 45018 ssh2 > > > smb.conf: > > [global] > >     netbios name = c...

...s pam >> debug2: kbdint_next_device: devices <empty> >> debug1: auth2_challenge_start: trying authentication method 'pam' >> debug3: PAM: sshpam_init_ctx entering >> debug3: PAM: sshpam_query entering >> debug3: ssh_msg_recv entering >> debug3: PAM: sshpam_thread_conv entering, 1 messages >> debug3: ssh_msg_send: type 1 >> debug3: ssh_msg_recv entering >> debug3: send packet: type 60 >> Postponed keyboard-interactive for EXAMPLE+user1 from 141.30.156.114 >> port 45018 ssh2 >> >> >> smb.conf: >> >> [glob...