pam_open_session returns PAM_SUCCESS but no pam session?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi guys,

I have been puzzling with this all day, and I can't figure out why
this doesn't work.
I compiled "xsh.c" from the examples, and created the appropriate
config file. However, I do get a shell, but from the same user that is
logged in.
I even tried to modify the system call to just a simple "touch
test.txt", but this command is executed as the same user.
So I guess my problem is somewhere in the config file, but I don't
know what to modify. I used the "login" and "passwd", and I even tried
my own, where I just call pam_permit.so for every action, and even
though I am authenticated without a problem, the xsh script still
creates the file with the same user.

So instead of the regular source, I did (line 142 from examples/xsh.c):
          /* this is always a really bad thing for security! */
          retcode = system("touch /home/henk/test.txt");
          if(retcode != PAM_SUCCESS) {
                printf("Error code: %d\n", retcode);
          }

After calling "./a.out henk" as root, this is the response:
==> called pam_start()
  got: `Success'
==> called pam_set_item(PAM_RUSER)()
  got: `Success'
==> called pam_set_item(PAM_RHOST)()
  got: `Success'
==> called pam_set_item(PAM_RHOST)()
  got: `Success'
Password:
==> called pam_authenticate()
  got: `Success'
==> called pam_acct_mgmt()
  got: `Success'
==> called pam_setcred()
  got: `Success'
==> called pam_open_session()
  got: `Success'
The user [henk] has been authenticated and `logged in'
==> called pam_close_session()
  got: `Success'
==> called pam_setcred()
  got: `Success'
==> called pam_end()
  got: `Success'

However, the file is created as root.
This is my config script (from /etc/pam.d/passwd):

#%PAM-1.0
auth    required        pam_env.so
auth    required        pam_unix2.so
account required        pam_unix2.so
password        requisite       pam_pwcheck.so  cracklib
password        optional        pam_gnome_keyring.so    use_authtok
password        required        pam_unix2.so    use_authtok
session required        pam_limits.so
session required        pam_unix2.so
session optional        pam_apparmor.so
session optional        pam_umask.so
session optional        pam_gnome_keyring.so    auto_start only_if=gdm,lxdm

Can anyone help me out? What am I doing wrong?

With kind regards,
Henk te Sligte

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux