search for: sshpam_tty_conv

Hi, I am facing issues with couple of cases during authentication using pam for openssh Case 1: When we get challenge response from pam radius module with Echo prompt ON or OFF, its not getting displayed in ssh prompt because currently * sshpam_tty_conv* do not support the display of plain text. Case 2: When any INFO or ERROR message is passed to *sshpam_tty_conv *from underlying pam module before authentication is successful, those messages are also not getting displayed since stdio is not connected. Can anyone please provide suggestions on th...

...drot.org Reporter: wp02855 at gmail.com Created attachment 2784 --> https://bugzilla.mindrot.org/attachment.cgi?id=2784&action=edit Patch file for this bug report Hello All, In reviewing code in OpenSSH-7.1p2, it would appear in file 'auth-pam.c', function 'sshpam_tty_conv()', there is a call to read_passphrase() which is not checked for a return value of NULL, indicating failure. The patch file below should address/correct this issue: --- auth-pam.c.orig 2016-02-13 09:44:14.656582235 -0800 +++ auth-pam.c 2016-02-13 09:46:14.583824370 -0800 @@ -982,6 +982,...

...h.c). But this function doesn't have implemented the PAM_PROMPT_ECHO_ON flavor, and returns the PAM_CONV_ERROR :-( It should be possible to implement the PAM_PROMPT_ECHO_ON conversation either with read()/write() or with fdopen()/fprintf()/fgets()/fclose() (as is done similary for stdin in sshpam_tty_conv()), but we need the socket. The only way to pass the information into the pam module is by Authctxt structure. So we need to add the "int socket" field into the Convctxt structure and then use it (if not set to -1) for challenge-response authentication. Sounds possible? Best regar...

...mail to this list with: Subject: PATCH: Public key authentication defeats passwd age warning. that sounds like it is closely related from Sep. 2004, but applying the patch found there hasn't helped my situation. I tried forcing the use of various conversation functions, (sshpam_store_conv, sshpam_tty_conv, sshpam_passwd_conv) but can't get anything to print to the users terminal. I've seen other posts which suggest that using posix_threads may work, but only if all other modules are thread-safe, and that this is not the preferred workaround. I'm running out of things to try, hence this...

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));