similar to: OpenSSH PAM "thread" buglet

From: Marco Trevisan (Trevi?o) <mail at 3v1n0.net> Makes things more readable and easier to extend --- auth-pam.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/auth-pam.c b/auth-pam.c index 5dfa69202..ba01dfb0c 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -132,11 +132,16 @@ typedef pid_t sp_pthread_t; #define pthread_join fake_pthread_join #endif

SecureComputing's PAM library doesn't pass back the correct context to the pam_conversation function, i.e. it passes back NULL. So this patch works around this fact. likely you'll only want this hack if you expect to use pam_safeword.so in your authentication check, and only if you run sshd in privilege separation (separate process) mode so that the PAM conversation is single

Hi All. Attached is a patch to perform pam_chauthtok via SSH2 keyboard-interactive. It should be simpler, but since Solaris seems to ignore the CHANGE_EXPIRED_AUTHTOK flag, it calls do_pam_account to check if it's expired. To minimise the change in behaviour, it also caches the result so pam_acct_mgmt still only gets called once. This doesn't seem to work on AIX 5.2, I don't know

Hi All. This patch calls pam_chauthtok() to change an expired password via PAM during keyboard-interactive authentication (SSHv2 only). It is tested on Redhat 8 and Solaris 8. In theory, it should have simply been a matter of calling pam_chauthtok with the PAM_CHANGE_EXPIRED_AUTHTOK flag, it'd only change the password is if it's expired, right? From the Solaris pam_chauthtok man page:

From: "Marco Trevisan" <marco at ubuntu.com> This serie of patches have been already submitted via [1], but i'm sending them again to the ML, to see if they can get some more traction. The patches are already part of Ubuntu openssh since 24.04, and they basically allow proper immediate instruction reporting to clients using PAM (as per RFC4256). This follows the approach

The following patch (relative to -current) makes PAM a proper kbd-interactive citizen. There are a few limitations (grep for todo), but the code seems to work OK for protocols 1 & 2 with and without privsep. Please have a play! auth2-pam.c is based on code from FreeBSD. Index: auth2-chall.c =================================================================== RCS file:

Hi. One thing that people seem to want to do with PAM is to deny a login immediately without interacting but return a message to the user. (Some platforms implement, eg, /etc/nologin via PAM this way.) Currently, sshd will just deny the login and the user will not be told why. Attached it a patch that return a keyboard-interactive packet with the message in the "instruction"

Hi. T2000 1.2GHz 8-core, 32GB RAM, S10U3, zil_disable=1. Command ''zpool export f3-2'' is hung for 30 minutes now and still is going. Nothing else is running on the server. I can see one CPU being 100% in SYS like: bash-3.00# mpstat 1 [...] CPU minf mjf xcal intr ithr csw icsw migr smtx srw syscl usr sys wt idl 0 0 0 67 220 110 20 0 0 0 0

Can anyone with Heimdal KrbV verify this? -------------- next part -------------- An embedded message was scrubbed... From: Dag-Erling Smorgrav <des at ofug.org> Subject: Kerberos buglet in OpenSSH-3.3p1 Date: 25 Jun 2002 14:52:10 +0200 Size: 1291 Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020626/347e123e/attachment.mht

resending to the whole mailing list .. ----- Forwarded message from kouril ----- Date: Wed, 26 Jun 2002 11:50:14 +0200 To: Damien Miller <djm at mindrot.org> Subject: Re: [Fwd: Kerberos buglet in OpenSSH-3.3p1] User-Agent: Mutt/1.2.5i In-Reply-To: <1025084114.12959.0.camel at mothra.mindrot.org>; from djm at mindrot.org on Wed, Jun 26, 2002 at 07:35:14PM +1000 On Wed, Jun 26, 2002 at

Conrad, Small buglet with the 0.9.1 liboggz release (go dude!) http://thaumas.net/~giles/xiph/elphel/clips/elphel_00017.ogg causes a float exception in oggzinfo when it tries to calculate the bitrate. It fails to measure the duration and tries to divide by zero. :) There may well be something wrong with the file, although oggz-validate doesn't complain. Also, the configure script

On Sun, Apr 10, 2005 at 01:14:14PM +1000, Conrad Parker wrote: > On Fri, Apr 08, 2005 at 12:45:08PM -0700, Ralph Giles wrote: > > Conrad, > > > > Small buglet with the 0.9.1 liboggz release (go dude!) > > > > http://thaumas.net/~giles/xiph/elphel/clips/elphel_00017.ogg causes a > > float exception in oggzinfo when it tries to calculate the bitrate. It

Looks like there is a buglet in 'installed.packages', around line 17: for (lib in lib.loc) { dest <- file.path(tempdir(), paste("libloc_", URLencode(lib,=20 TRUE), paste(fields, collapse =3D ","), ".rds", sep =3D "")) if (!noCache && file.exists(dest) && file.info(dest)$mtime >=20

Dieter Menne wrote: > Hi, Jim, > > there is a typo at the bottom of plotCI: there is an y.to.in which should be > x.to.in. > > See list for an example. > > http://article.gmane.org/gmane.comp.lang.r.general/147103 > > Should be: > nz <- (abs(ui - pmin(x + gap, ui)) * x.to.in) > 0.001 > > Dieter > > Hi Dieter, Thanks for the fix. I have

FYI This bug will prevent ''shorewall restore'' from working if you have "!<single IP address>" in the ORIGINAL DEST column. -Tom ---------- Forwarded Message ---------- Subject: [PATCH] Another iptables-save buglet Date: Wednesday 14 September 2005 15:09 From: Tom Eastep <teastep@shorewall.net> To: netfilter-devel@lists.netfilter.org The conntrack

Just a quick heads up to warn those of you using my gss-keyex patches that there's a small buglet in them which will affect interoperability. I'm building the hash incorrectly (by including a zero length string where there shouldn't be one). This will mean that when trying to interoperate with other implementations (if there are any :-) you'll get a message about the MIC not

Hello, md5_final() function contains minor buglet, it clears first 4 bytes of md5_context instead of whole structure. Patch attached. Best regards. -- Andrey Panin | Linux and UNIX system administrator pazke at donpac.ru | PGP key: wwwkeys.pgp.net -------------- next part -------------- diff -urpNX /usr/share/dontdiff dovecot-1.0-test28.vanilla/src/lib/md5.c dovecot-1.0-test28/src/lib/md5.c

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symptoms: curve with log x axis gets the wrong x limits (in 2.6.1, I believe introduced in this version). Credit goes to Mike McCoy for detecting the problem. Demonstration: x = 1:5 plot(x,5*exp(-x),xlim=c(0.1,1000),log="x") xvec = 10^seq(-1,3,length=100) lines(xvec,5*exp(-xvec)) curve(5*exp(-x),add=TRUE,col=2,lwd=3) I believe

read.matrix.csr does not close the connection: > library('SparseM') Package SparseM (0.96) loaded. > read.matrix.csr(foo) ... Warning message: closing unused connection 3 (foo) > -- Sam Steingold (http://sds.podval.org/) on Ubuntu 12.04 (precise) X 11.0.11103000 http://www.childpsy.net/ http://truepeace.org http://camera.org http://pmw.org.il http://think-israel.org

I''ve also placed the patch in: http://shorewall.net/pub/shorewall/contrib/ipset/ ftp://shorewall.net/pub/shorewall/contrib/ipset/ -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key