On Sat, Jun 5, 2010 at 9:01 PM, Anthony Iliopoulos <ailiop@xxxxxxx> wrote:
Pedro,
Looks like your calling your pam module through sshd. Note that
On Wed, Jun 02, 2010 at 05:09:39PM +0200, Pedro Fortuny Ayuso wrote:
> Hi,
>
> I simply do not get it... crypt(3) crashes in a PAM module,
> raising a segfault, but it does not in a 'standalone version'
> of the module.
>
> The code below (which is the minimal I have been able to squeeze
> it into) segfaults if run as a pam module. It does not do so
> if run standalone (adding the main() and compiling it as an executable).
>
> Any ideas, pointers, misunderstandings on my side?
>
> I can run other libraries (namely OpenSSL) without problems, although
> BIO_free_all() also segfaulted...
>
> This happens in two systems at least:
>
> Ubuntu-9, 2.6.24-24-generic #1 SMP, x86_64
> Fedora-13, 2.6.33.3-85.fc13.x86_64 #1 SMP
>
> It seems to be related to the 64bit thing, but I am not that
> sure. I am copying the error messages:
>
> On the Ubuntu system:
> Jun 2 17:06:48 jorge-desktop kernel: [109318.066314] sshd[10318]: segfault at 5e6775f0 rip 7ff45bb900e0 rsp 7fff6644e658 error 4
>
> On the Fedora system:
> Jun 2 04:40:42 fedora13 sibyl: Entered module BOGUS
> Jun 2 04:40:42 fedora13 sibyl: I can still log after crypt'ing
> Jun 2 04:40:42 fedora13 kernel: sshd[1855]: segfault at ffffffffca7c4be0 ip 00007fd8c68fb007 sp 00007fff4efb8b50 error 4 in libc-2.12.so[7fd8c68b3000+175000]
sshd runs pam authentication in a thread context. That might be
attributing to the crash your are seeing when the module is not
called as a standalone program.
Some other things you might want to pay attention to is, how you
are compiling the pam module (statically/dynamically and the various
linker options).
Also, did you try to isolate the fault ? e.g. does it still segfault
if you remove the crypt call ? What about removing the syslog
output of the crypt result array ? You can always make an attempt
to see if crypt_r (the re-entrant version of crypt) would work for
you.
Regards,
Anthony
Yes, I did isolate the fault: it is the crypt() call for sure. Most probably it is the
sshd thread context thing you mention (it is the only way I have tried to run it so far).
As a matter of fact I tried to use also OpenSSL's BIOs and got another
segfault when calling BIO_free() (all this in through sshd), which makes
me think the thread context is the key to the problem.
I shall try and use the crypt_r version. However, could you point me
to some place where this thread context of sshd is explained? Is there a way
to replicate crypt() using OpenSSL?
Thanks a lot,
Pedro.
_______________________________________________> /* notice that one cannot assume Linux has OpenPAM implemented */
>
> #include <pwd.h>
> #include <stdlib.h>
> #include <stdio.h>
> #include <string.h>
> #include <unistd.h>
> #include <syslog.h>
>
> #include <security/pam_modules.h>
> #include <security/pam_appl.h>
>
>
> int
> pam_sm_authenticate(pam_handle_t *pamh, int flags,
> int argc, const char *argv[])
> {
> FILE *log;
> /* options */
>
> openlog( "sibyl", LOG_CONS, LOG_AUTH);
> void syslog(int priority, const char *format, ...);
>
> syslog(LOG_NOTICE, "Entered module BOGUS");
> char *c = crypt("petete", "$1$cW0uis36$");
> syslog(LOG_NOTICE, "I can still log after crypt'ing");
> syslog(LOG_NOTICE, "Encrypted [%s]", c);
> return(PAM_AUTH_ERR);
> }
>
> /* uncomment for a standalone version
> int main(){
> pam_sm_authenticate(NULL, 0, 0, NULL);
> return(0);
> } */
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
--
Pedro Fortuny Ayuso
Dpto de Matemáticas
Escuela Univ. de Ingeniería Técnica Industrial
Campus Universitario de Gijón (Viesques)
33203 Gijón (Asturias)
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list