[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: arguments passed to pam_sm_authenticate function ignore quoting/escaping rules






You might have a little more luck if you tried


[user_name='%u' and password=PASSWORD('%p') and service='web_proxy']

This is completely untested by me, right now, but if I recall correctly
it should work.

The reason this may work is actually a little bit of a side-effect of
supporting the alternative format for the control tokens, but I think I
was thinking about this exact need when I coded it N years ago.

I don't know off hand if there is a way to encode '[' or ']' in a module
argument and have the module actually see these characters, but I'd be
very happy for you to play with everything you can along these lines,
report what works/fails and I'll consider it a bug report/feature
request...

Just letting those interested know that using the '[' and ']' characters solved the problem of an argument with spaces being split. Here is my "/etc/pam.d/squid" config file:

auth required pam_mysql.so user=passwd_query passwd=mada db=eminence [query=select user_name from internet_service where user_name='%u' and password=PASSWORD('%p') and service='web_proxy']
account required pam_mysql.so user=passwd_query passwd=mada db=eminence [query="select user_name from internet_service where user_name='%u' and password=PASSWORD('%p') and service='web_proxy']


I'll probably send my patch to the pam_mysql project page on sourceforge after I've done a bit more testing. In the meantime, let me know if you want a copy.

Also, it might be worthwhile makeing the use of the square brackets a documented feature of PAM. Being able to encode the square brackets in an argument would also make sense but not having looked at the code I don't know weather it is implemented. Let me know if you would think it would be worthwhile me looking at the PAM source.

Russell Kliese





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []