[s-x86] Re: OpenSSH 1.2pre14 fails on pam_open_session() ...

Ben Taylor bent at clark.net
Tue Nov 30 10:12:22 EST 1999


On Mon, 29 Nov 1999 patrick.novak at po.state.ct.us wrote:

> On Mon, 22 Nov 1999, Philip Brown wrote:
> 
> > [ Marc G. Fournier writes ]
> > >   debug("PAM_retval(open_session) about to run");
> > >   pam_retval = pam_open_session((pam_handle_t *)pamh, 0);
> >
> > >
> > > ===========================================
> > >
> > > so, its looking like I'm authenticated properly, but when trying to set up
> > > the whole environment, its failing...?  anyone know how I should go about
> > > debugging this?
> >
> > well its obviously blowing up on pam_open_session, so you need to
> validate
> > your "pamh" handle somehow.
> 
> thank you, and how would one do this?  considering that my 'pamh' handle
> is being used three times prior to that, in:
> 
>     pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RHOST,
> remote_host);
>     pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_RUSER,
> remote_user);
>     pam_retval = pam_acct_mgmt((pam_handle_t *)pamh, 0);
> 
> all in the same function, I would have thought that this would have been
> okay...all of the above go through successfully...

I did a whole lot of reading on PAM, on how Sun managed to ignore the DCE
standard for PAM (see the error message as an example), the configuration
files, the libraries, the works.  Got some really funky cores when I
handed the config file a line about 10 lines long.  I'm pretty comfortable
about what the issue is, and it's Sun.  

I don't think anything is using the session manager, but they are using
auth, account and password. The fact that the code is so similar and
executed the same way indicates a problem in the library. I tried using
some of the other libraries and did not get a seg fault, so it has to be
pam_open_session in pam_unix.so.1.  I opened a support call with Sun
today, and boy wasn't that fun.  I finally told the support guy all I
wanted was a debug version of pam_unix.so.1.  I'll see what they do with
that.

Anyone know how to get sshd to actually produce a core file?  I know
it's not supposed to, but it should probably do so during a debug session.

> my only real "reference" for PAM is wu-ftpd, in which the pam
> authentication stuff all works, but the pam_* functions that wu-ftpd uses
> doesn't appear to be even close to what is used in sshd.c :(

The difference is the session management.  It's not properly being
handled.  Did anyone notice that pam_close_session is a null function,
at least according to Sun's documentation.

Ben






More information about the openssh-unix-dev mailing list