lpalgarvio / pwauth Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/pwauth
Automatically exported from code.google.com/p/pwauth
When linking, $(LDFLAGS) should always be used. This allows for the user or the
package management system to add additional linker flags.
As an example, we are building pwauth with Poky from the Yocto Project. Poky
specifies -Wl,--hash-style=gnu in LDFLAGS and then proceeds to verify that
everything that is built actually uses the GNU hash. This causes an error for
pwauth since it currently does not use $(LDFLAGS) when linking:
ERROR: QA Issue: No GNU_HASH in the elf binary:
'tmp/work/cortexa9-vfp-neon-poky-linux-gnueabi/pwauth/2.3.11-r0/packages-split/p
wauth/usr/sbin/pwauth'
Please find attached a patch that corrects the Makefile.
Original issue reported on code.google.com by [email protected]
on 27 Nov 2014 at 11:21
Attachments:
What steps will reproduce the problem?
1. #define SHADOW_AIX in config.h
2. compile
What is the expected output? What do you see instead?
gcc -o pwauth -g main.o auth_aix.o auth_bsd.o auth_hpux.o auth_mdw.o
auth_openbsd.o auth_pam.o auth_sun.o fail_log.o lastlog.o nologin.o snooze.o
-lcrypt
ld: 0711-317 ERROR: Undefined symbol: .flock
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
collect2: ld returned 8 exit status
make: The error code from the last command is 1.
What version of the product are you using? On what operating system?
pwauth-2.3.8
AIX 6100-06-03-1048
Please provide any additional information below.
Exactly the same error in previous AIX versions as 6100-05-04-1048 or
5300-07-02-0806.
Original issue reported on code.google.com by [email protected]
on 20 Jan 2011 at 5:41
== Reproducing the Issue ==
What steps will reproduce the problem?
1. Modify config.h with the following:
Uncomment #define FAILLOG_PWAUTH
Uncomment #define MAX_FAIL_COUNT and change the value from 40 to 3.
Uncomment #define RESET_FAIL_COUNT
2. Compile with 'make'.
== Expected and Observed Results ==
What is the expected output? What do you see instead?
After giving the wrong password for a user 3 times, I should receive exit
status 7 when I enter the password correctly.
Instead, pwauth gave me exit status 0. The MAX_FAIL_COUNT was not working with
FAILLOG_PWAUTH. Based on what I saw in the code, I don't think it will work
with FAILLOG_OPENBSD either, but I did not test that configuration.
== Software Versions ==
What version of the product are you using? On what operating system?
pwauth 2.3.10
ubuntu
== Proposed Solution ==
To make it work, I did the following:
a) In main.c, change line 110 to be:
#if defined(FAILLOG_JFH) || defined(FAILLOG_OPENBSD) || defined(FAILLOG_PWAUTH)
b) In fail_log.c, change line 132 to be:
result= (flog.count < MAX_FAIL_COUNT);
c) In fail_log.c, change line 135 to be:
if (result && flog.count > 0)
Original issue reported on code.google.com by [email protected]
on 12 Feb 2012 at 2:13
steps to reproduce the problem
1. try to compile pwauth-2.3.11 for mac OS X leopard (10.5)
2. configure pwauth for PAM_OLD_OS_X authentication into config.h
3. make clean && make
when linking, le _check_auth symbol is not found by the linker.
solution :
into pam_auth.c,
replace line 36
#if defined(PAM_SOLARIS_26) || defined(PAM_SOLARIS) || defined(PAM_OS_X)
with
#if defined(PAM_SOLARIS_26) || defined(PAM_SOLARIS) || defined(PAM_OS_X) ||
defined(PAM_OLD_OS_X)
Best regards,
Patrice Fontaine
Original issue reported on code.google.com by [email protected]
on 15 Jun 2014 at 9:29
What steps will reproduce the problem?
1./etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
2. /etc/pam.d/pwauth
#%PAM-1.0
auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
password sufficient /lib/security/pam_smbpass.so
password required /lib/security/pam_winbind.so
session required pam_mkhomedir.so
session required pam_winbind.so
session required /lib/security/pam_unix.so
3. /usb/sbin/pwauth
4. Type samba users or AD domain users credentials
What is the expected output? What do you see instead?
Although it should validate the credential, it core dumps instead.
/etc/var/log/apache_error_log
[Thu Aug 15 11:02:47.867264 2013] [authnz_external:error] [pid 8374] [client
10.39.17.36:49897] External authenticator died on signal 11
[Thu Aug 15 11:02:47.867329 2013] [authnz_external:error] [pid 8374] [client
10.39.17.36:49897] AuthExtern pwauth [/usr/sbin/pwauth]: Failed (-2) for user
admin
[Thu Aug 15 11:02:47.867338 2013] [auth_basic:error] [pid 8374] [client
10.39.17.36:49897] AH01617: user admin: authentication failure for
"/webdav/Backups": Password Mismatch
/var/log/messages
Aug 15 10:49:15 vmstore kernel: [ 1361.635185] pwauth[9079]: segfault at
b75b3eb7 ip b75b3eb7 sp bfb6675c error 4 in libpthread-2.13.so[b75c8000+15000]
Aug 15 10:49:18 vmstore kernel: [ 1364.566193] pwauth[9093]: segfault at
b7561eb7 ip b7561eb7 sp bfd4ae2c error 4 in libpthread-2.13.so[b7576000+15000]
Aug 15 11:02:47 vmstore kernel: [ 2171.892085] pwauth[10695]: segfault at
b75b2eb7 ip b75b2eb7 sp bfb96d7c error 4 in libpthread-2.13.so[b75c7000+15000]
What version of the product are you using? On what operating system?
pwauth-2.3.8 (which comes with Debian Wheezy)
Please provide any additional information below.
It seems the problem arises when it finishes the job with one pam module
(pam_smbpass/pam_winbind) and tries to go to the next. Maybe pwauth corrupted
pam somehow !
no talloc stackframe at ../source3/param/loadparm.c:4842, leaking memory
Program received signal SIGSEGV, Segmentation fault.
0xb7e21eb7 in ?? ()
(gdb) bt
#0 0xb7e21eb7 in ?? ()
#1 0xb7ba16e1 in _talloc_free_internal (ptr=0x8061a90, location=0xb7ba44c7
"../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:831
#2 0xb7ba23f0 in _talloc_free_children_internal (tc=0x804c0a8, ptr=0x804c0d8,
location=0xb7ba44c7 "../lib/talloc/talloc.c:2251") at
../lib/talloc/talloc.c:1256
#3 0xb7ba1830 in _talloc_free_internal (ptr=0x804c0d8, location=0xb7ba44c7
"../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:851
#4 0xb7ba2742 in _talloc_free (ptr=0x804c0d8, location=0xb7ba44c7
"../lib/talloc/talloc.c:2251") at ../lib/talloc/talloc.c:1371
#5 0xb7ba3d82 in talloc_autofree () at ../lib/talloc/talloc.c:2251
#6 0xb7ea05e8 in __cxa_finalize () from /lib/i386-linux-gnu/libc.so.6
#7 0xb7ba0a43 in __do_global_dtors_aux () from
/usr/local/samba/lib/private/libtalloc.so.2
#8 0xb7ff4e52 in ?? () from /lib/ld-linux.so.2
#9 0xb7ff5947 in ?? () from /lib/ld-linux.so.2
#10 0xb7e6ccc4 in ?? () from /lib/i386-linux-gnu/libdl.so.2
#11 0xb7fefde6 in ?? () from /lib/ld-linux.so.2
#12 0xb7e6d0bc in ?? () from /lib/i386-linux-gnu/libdl.so.2
#13 0xb7e6ccfa in dlclose () from /lib/i386-linux-gnu/libdl.so.2
#14 0xb7fc6f8b in ?? () from /lib/i386-linux-gnu/libpam.so.0
#15 0xb7fc48ff in ?? () from /lib/i386-linux-gnu/libpam.so.0
#16 0xb7fc1da0 in pam_end () from /lib/i386-linux-gnu/libpam.so.0
#17 0x08048bff in check_auth (login=0xbffff4aa "admin", passwd=0xbffff8ab
"soho") at auth_pam.c:186
#18 0x0804898e in main (argc=1, argv=0xbffffd64) at main.c:94
Original issue reported on code.google.com by [email protected]
on 15 Aug 2013 at 6:06
What steps will reproduce the problem?
1. make
2. sudo chown root:root pwauth
3. sudo chmod 4111 pwauth
4. ./pwauth
Expect:
Program to function as described.
Actual:
Returns error code 50.
What version of the product are you using? On what operating system?
pwauth-2.3.8
Linux version 2.6.9-89.ELsmp ([email protected]) (gcc
version 3.4.6 20060404 (Red Hat 3.4.6-11)) #1 SMP Mon Apr 20 10:34:33 EDT 2009
Please provide any additional information below.
I looked into the problem and saw that main.c is using the real uid instead
of the effective uid. On our system this returns the current user, not
root, even though the SUID bit is set.
See the sample code in:
http://en.wikipedia.org/wiki/Setuid
I changed line 65 of main.c to be:
uid= geteuid(); // instead of getuid()
I re-compiled, installed, and it works great.
Original issue reported on code.google.com by [email protected]
on 7 Jan 2010 at 7:56
I set up pwauth with mod_authnz_external
and it works fine pulling id's from pam_mysql using a pretty standard setup and
restricting users to the web group.
root@marvin:~# cat /etc/pam.d/pwauth
auth required pam_succeed_if.so quiet_success user ingroup web
auth sufficient pam_mysql.so \
user=nss-shadow \
passwd=secret \
db=nss_mysql \
table=user \
usercolumn=user_name \
passwdcolumn=password \
crypt=1 \
verbose=0
auth requisite pam_deny.so
auth required pam_permit.so
account sufficient pam_mysql.so \
user=nss-shadow \
passwd=secret \
db=nss_mysql \
table=user \
usercolumn=user_name \
passwdcolumn=password \
crypt=1 \
verbose=0
account requisite pam_deny.so
account required pam_permit.so
root@marvin:~# pwauth
arjag
secret
root@marvin:~# echo $?
0
Ok, so all good.
If i adjust the file;
root@marvin:~# cat /etc/pam.d/pwauth
# group checking removed for testing
# auth required pam_succeed_if.so quiet_success user ingroup web
auth sufficient pam_mysql.so \
user=postfix \
passwd=secret \
host=localhost \
db=postfix \
table=mailbox \
usercolumn=username \
passwdcolumn=password \
crypt=1 \
md5=1 \
verbose=0
auth sufficient pam_mysql.so \
user=nss-shadow \
passwd=secret \
db=nss_mysql \
table=user \
usercolumn=user_name \
passwdcolumn=password \
crypt=1 \
verbose=0
auth requisite pam_deny.so
auth required pam_permit.so
account sufficient pam_mysql.so \
user=postfix \
passwd=secret \
host=localhost \
db=postfix \
table=mailbox \
usercolumn=username \
passwdcolumn=password \
crypt=1 \
md5=1 \
verbose=0
account sufficient pam_mysql.so \
user=nss-shadow \
passwd=secret \
db=nss_mysql \
table=user \
usercolumn=user_name \
passwdcolumn=password \
crypt=1 \
verbose=0
account requisite pam_deny.so
account required pam_permit.so
if I try any of the accounts with "@" in the username (from the postfix
database) I always get failure;
root@marvin:~# pwauth (this one is just a test to show /etc/init.d/pwauth still
works)
arjag
secret
root@marvin:~# echo $?
0
root@marvin:~# pwauth
[email protected]
secret
root@marvin:~# echo $?
1
root@marvin:~# pwauth
arjag\@y42.biz
root@marvin:~# echo $?
1
I think this should work as it does not seem to be a pam limitation as on the
same host I can do;
root@marvin:~# testsaslauthd -u arjag -p secret -f
/var/spool/postfix/var/run/saslauthd/mux -s pwauth
0: OK "Success."
root@marvin:~# testsaslauthd -u [email protected] -p secret -f
/var/spool/postfix/var/run/saslauthd/mux -s pwauth
0: OK "Success."
I have set verbose to 1 and it appears pwauth simply refuses to pass on a
username with @
Thanks for your time,
R,
Todd
Original issue reported on code.google.com by [email protected]
on 27 Apr 2012 at 8:10
What steps will reproduce the problem?
1. Enable SLEEP_LOCK
2. compile
What is the expected output? What do you see instead?
gcc -g -c snooze.c
snooze.c: In function `snooze':
snooze.c:51: error: `LOCK_EX' undeclared (first use in this function)
snooze.c:51: error: (Each undeclared identifier is reported only once
snooze.c:51: error: for each function it appears in.)
*** Error code 1
make: Fatal error: Command failed for target `snooze.o'
What version of the product are you using? On what operating system?
pwauth 2.3.8
SunOS 5.11 snv_151a i86pc i386 i86pc
Please provide any additional information below.
It looks like the LOCK_EX macro isn't defined in Solaris, and there isn't an
easy way to replace it. The code compiles just fine with SLEEP_LOCK disabled.
Original issue reported on code.google.com by [email protected]
on 9 Dec 2010 at 12:00
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.