On Thu, Sep 12, 2002 at 11:43:15PM +0200, Thomas Werschlein wrote:
> I am not sure if this is a mod_auth_pam or a Solaris pam problem. If
> the process goes crazy nothing is logged at all, neither by
> mod_auth_pam nor by pam_unix.so.1.
No username is a fairly normal condition, e.g., it can happen when the
user terminates the browsers password dialog. I get it during testing
(on Linux) regularly and the web-server didn't crash so I would be
surprised if its a mod_auth_pam problem.
Looking at the trace from the crashed server, I can only make a few
guesses" "pam.conf" is opened and "pam_unix.so.1" is opened
afterwards, so that means that the basic PAM initialization worked.
After that, "libcmd.so.1" is opened. Do you know what that library
does? From the name, I would assume it has something to do with
running commands. Are you using /etc/shadow? In that case,
Solaris-PAM is probably running some helper application to check the
passwords. Maybe that helper has problems checking an 'empty'
username?
Could you trace some other application (preferably one not running as
root) and compare the results? I would really like to find out what
kind of problem that is. Did you check Suns erratas already?
Anyway, an empty username is not really usefull (whereas an empty
password could be) so I implemented a small change that checks wether
the username is empty before proceeding and refuses the request
completely in case it is. Please try it to see wether it helps.
regards
--
http://fargonauten.de/ingo
PGP: 3187 4DEC 47E6 1B1E 6F4F 57D4 CD90 C164 34AD CE5B
Index: mod_auth_pam.c
===================================================================
RCS file: /cvsroot/pam/applications/mod_auth_pam/mod_auth_pam.c,v
retrieving revision 1.3
diff -u -u -r1.3 mod_auth_pam.c
--- mod_auth_pam.c 1 Sep 2002 10:55:22 -0000 1.3
+++ mod_auth_pam.c 13 Sep 2002 10:02:24 -0000
@@ -27,7 +27,7 @@
*/
/*
- * v 1.1.2 from 01. September 2002
+ * v 1.1.2b from 13. September 2002
*
* mod_auth_pam:
* basic authentication against pluggable authentication module lib
@@ -47,6 +47,7 @@
* provided invaluable development help and ideas.
*
* Changes:
+ * 13-Sep-02: Refusing empty username before asking PAM at all
* 01-Sep-02: Log messages improved (back from 2.0 port)
* 08-Aug-02: bugfix, supplemental groups are now checked
* against correctly. Thanks to Will Holcomb for
@@ -146,7 +147,7 @@
/* change this to 0 on RedHat 4.x */
#define PAM_STRE_NEEDS_PAMH 1
-#define VERSION "1.1.2"
+#define VERSION "1.1.2b"
module pam_auth_module;
@@ -341,6 +342,11 @@
/* this is only set after get_basic_auth_pw was called */
userinfo.name = r->connection->user;
+ if(userinfo.name == NULL || strlen(userinfo.name) == 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
+ "PAM: no username, refusing request");
+ return AUTH_REQUIRED;
+ }
/* initialize pam */
if((res = pam_start(pam_servicename,
