[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Cyrus IMAPd pwcheck + PAM - possible solution...



what version of the kernel or you running?

If it is a modern (~ 2.1.70+) one, you'll be able to see what
file is being left open by 'ls -l /proc/<pid>/fd'.  This
might give you a hint at why things are going wrong.

I'd be very interested to hear if there is something PAM related that
is not getting closed.

Cheers

Andrew

The Hermit Hacker writes:
> Resent-Date: 31 Aug 1998 17:04:33 -0000
> Resent-Cc: recipient list not shown: ;
> Resent-Message-ID: <"pVWzU3.0.fL2.UUjwr"@mail2.redhat.com>
> Resent-From: pam-list@redhat.com
> Resent-Sender: pam-list-request@redhat.com
> Date: Mon, 31 Aug 1998 10:32:36 -0400 (EDT)
> From: The Hermit Hacker <scrappy@hub.org>
> To: pam-list@redhat.com
> Subject: Cyrus IMAPd pwcheck + PAM - possible solution...
> Reply-To: pam-list@redhat.com
> 
> 
> Morning...
> 
> 	Last week, one of the subscribers to the Cyrus IMAPd mailing list
> sent in a patch for using PAM inside of pwcheck.  The patch, I think,
> looks good, except that after running for a short period of time, it
> 'crashes' with a 'too many open files' error message.
> 
> 	I cleaned up the pwcheck() function that calls the pam_start/etc
> functions, but beyond that, I'm kinda lost...can someone tell me whether
> there are any obvious errors in the PAM_conv code?  The person that wrote
> this is running it, if I understand correctly, on a 'quiet' system, so I'm
> sort of figuring that the bug only exhibits itself on my system as it
> being hit multiple times per second :(
> 
> 	I'm running Solaris 2.6...
> 
> Thanks...
> 
> 
> ---------- Forwarded message ----------
> Date: Mon, 31 Aug 1998 11:28:12 -0300 (ADT)
> From: Marc G. Fournier <marc.fournier@acadiau.ca>
> To: scrappy@hub.org
> Subject: PAM
> 
> #include <security/pam_appl.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> 
> /* Static variables used to communicate between the conversation function
>  * and the server_login function
>  */
> static char *PAM_username;
> static char *PAM_password;
> 
> /* PAM conversation function
>  */
> static int PAM_conv (int num_msg,
>                      const struct pam_message **msg,
> 		     struct pam_response **resp,
> 		     void *appdata_ptr) {
>   int replies = 0;
>   struct pam_response *reply = NULL;
> 
>   #define COPY_STRING(s) (s) ? strdup(s) : NULL
> 
>   reply = malloc(sizeof(struct pam_response) * num_msg);
>   if (!reply) return PAM_CONV_ERR;
> 
>   for (replies = 0; replies < num_msg; replies++) {
>     switch (msg[replies]->msg_style) {
>       case PAM_PROMPT_ECHO_ON:
>         reply[replies].resp_retcode = PAM_SUCCESS;
> 	reply[replies].resp = COPY_STRING(PAM_username);
>           /* PAM frees resp */
>         break;
>       case PAM_PROMPT_ECHO_OFF:
>         reply[replies].resp_retcode = PAM_SUCCESS;
> 	reply[replies].resp = COPY_STRING(PAM_password);
>           /* PAM frees resp */
>         break;
>       case PAM_TEXT_INFO:
>         /* fall through */
>       case PAM_ERROR_MSG:
>         /* ignore it, but pam still wants a NULL response... */
>         reply[replies].resp_retcode = PAM_SUCCESS;
> 	reply[replies].resp = NULL;
>         break;
>       default:
>         /* Must be an error of some sort... */
>         free (reply);
>         return PAM_CONV_ERR;
>     }
>   }
>   *resp = reply;
>   return PAM_SUCCESS;
> }
> 
> static struct pam_conv PAM_conversation = {
>     PAM_conv,
>     NULL
> };
> 
> /* Server log in
>  * Accepts: user name string
>  *	    password string
>  * Returns: "OK" if password validated, error message otherwise
>  */ 
>  
> char *pwcheck(char *username, char *password)
> {
>   pam_handle_t *pamh;
>   int pam_error;
> 
>   /* PAM only handles authentication, not user information. */
>   if ( !(username && password && strlen(username) && strlen(password)) )
>       return "Incorrect username";
> 
>   /* validate password */
> 
>   PAM_password = password;
>   PAM_username = username;
>   fprintf(stderr, "checking %s\n", username);
>   pam_error = pam_start("cyrus", username, &PAM_conversation, &pamh);
>   if (pam_error == PAM_SUCCESS) 
>     pam_error = pam_authenticate(pamh, 0);
>     
>   if (pam_error == PAM_SUCCESS) 
>     pam_error = pam_acct_mgmt(pamh, 0);
> 
>   if ( pam_error == PAM_SUCCESS) 
>     fprintf(stderr, "\tauthenticated %s\n", username);
>   else
>     fprintf(stderr, "\tfailed to authenticate %s\n", username);
>   
>   if(pam_end(pamh, pam_error) != PAM_SUCCESS) {
>     pamh = NULL;
>     fprintf(stderr, "pwcheck: failed to release authenticator\n");
>     exit(1);
>   }
>   return ( pam_error == PAM_SUCCESS ? "OK" : "Incorrect passwd" );
> }
> 
> -- 
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []