[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_radius + saslauthd + cyrus imapd



Perfect. Okay, we've got an endless loop somewhere in the code, but it isn't re-looping on the "Unable to open socket23: %s" line - I'm starting to suspect that the while loop :

while (!feof(fserver) &&
	 (fgets (buffer, sizeof(buffer), fserver) != (char*) NULL) &&
	 (!ferror(fserver))) {

May not be functioning properly in your initialize() function. One more test (and be ready for a flood of messages into your syslog). After the while loop starts, the line number is incremented, p is set to buffer, and then the line is told to ignore certain characters. Then, if the line is found to start with a '#' or an empty character, "continue" :

    /*
     *  Nothing, or just a comment.  Ignore the line.
     */
    if ((!*p) || (*p == '#')) {

Put a
_pam_log(LOG_ERR, "Not handling blank line: %s\n",buffer);
inside that, right before "continue". Here's what I think is occuring - the while loops tests are not telling the loop that it is okay to exit the loop, but fgets() is not getting anything out of the file because we're at the end of it. If you get a flood of logs, stating that it won't handle blank line: [whatever], that is presicely what is occuring. Something to try would be to throw some blank lines after your ip address in the server configuration file, just to see what happens. Good luck!


Joe

Fatemeh Taj wrote:
Dear Joe I did what you said before and I just wrote the last
errors for you, here I have attached the code and log
with more error tags.


file: /etc/raddb/server

When the file is empty (just a commented line)
Jun  5 15:02:09 test saslauthd[5377]: rel_accept_lock
: released accept lock
Jun  5 15:02:09 test saslauthd[5378]: get_accept_lock
: acquired accept lock
Jun  5 15:02:09 test saslauthd[5377]: pam_radius_auth:
Got user name jh
Jun  5 15:02:09 test saslauthd[5377]: pam_radius_auth:
Unable to open socket5: Success
Jun  5 15:02:09 test saslauthd[5377]: pam_radius_auth:
Unable to open socketAAA: Success

When I have an IP in /etc/raddb/server:

Jun  5 15:03:48 test saslauthd[5378]: rel_accept_lock
: released accept lock
Jun  5 15:03:48 test saslauthd[5379]: get_accept_lock
: acquired accept lock
Jun  5 15:03:48 test saslauthd[5378]: pam_radius_auth:
Got user name radius
Jun  5 15:03:48 test saslauthd[5378]: pam_radius_auth:
Unable to open socket5: Success
Jun  5 15:03:48 test saslauthd[5378]: pam_radius_auth:
Unable to open socket7: Success
Jun  5 15:03:48 test saslauthd[5378]: pam_radius_auth:
ERROR reading /etc/raddb/server, line 2: Could not
read hostname or secret

IP and key in /etc/raddb/server :

Jun 5 15:03:48 test saslauthd[5378]: pam_radius_auth:
Unable to open socket7: Success Jun 5 15:03:48 test saslauthd[5378]: pam_radius_auth:
ERROR reading /etc/raddb/server, line 2: Could not
read hostname or secret Jun 5 15:09:25 test saslauthd[5379]: rel_accept_lock
: released accept lock
Jun 5 15:09:25 test saslauthd[5380]: get_accept_lock
: acquired accept lock
Jun 5 15:09:25 test saslauthd[5379]: pam_radius_auth:
Got user name ff
Jun 5 15:09:25 test saslauthd[5379]: pam_radius_auth:
Unable to open socket5: Success Jun 5 15:09:25 test saslauthd[5379]: pam_radius_auth:
Unable to open socket8: Success Jun 5 15:09:25 test saslauthd[5379]: pam_radius_auth:
Unable to open socket10: Success Jun 5 15:09:25 test saslauthd[5379]: pam_radius_auth:
Unable to open socket12: Success Jun 5 15:09:25 test saslauthd[5379]: pam_radius_auth:
Unable to open socket23: Success


Ip and key and timeout in /etc/raddb/server:

Jun 5 15:10:27 test saslauthd[5380]: rel_accept_lock
: released accept lock
Jun 5 15:10:27 test saslauthd[5376]: get_accept_lock
: acquired accept lock
Jun 5 15:10:27 test saslauthd[5380]: pam_radius_auth:
Got user name ffff
Jun 5 15:10:27 test saslauthd[5380]: pam_radius_auth:
Unable to open socket5: Success Jun 5 15:10:27 test saslauthd[5380]: pam_radius_auth:
Unable to open socket8: Success Jun 5 15:10:27 test saslauthd[5380]: pam_radius_auth:
Unable to open socket10: Success Jun 5 15:10:27 test saslauthd[5380]: pam_radius_auth:
Unable to open socket12: Success Jun 5 15:10:27 test saslauthd[5380]: pam_radius_auth:
Unable to open socket23: Success


Attached you can find the initialiaze part of code.
Thanks in advance
Fatemeh











__________________________________
Do you Yahoo!?
Friends. Fun. Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/



------------------------------------------------------------------------


static int
initialize(radius_conf_t *conf, int accounting)
{
struct sockaddr salocal;
u_short local_port;
char hostname[BUFFER_SIZE];
char secret[BUFFER_SIZE];
char buffer[BUFFER_SIZE];
char *p;
FILE *fserver;
radius_server_t *server = NULL;
struct sockaddr_in * s_in;
int timeout;
int line = 0;


  /* the first time around, read the configuration file */
  if ((fserver = fopen (conf_file, "r")) == (FILE*)NULL) {
    _pam_log(LOG_ERR, "Could not open configuration file %s: %s\n",
	    conf_file, strerror(errno));
    return PAM_ABORT;
  }
  while (!feof(fserver) &&
	 (fgets (buffer, sizeof(buffer), fserver) != (char*) NULL) &&
	 (!ferror(fserver))) {
    line++;
    p = buffer;

/*
* Skip blank lines and whitespace
*/
while (*p &&
((*p == ' ') || (*p == '\t') ||
(*p == '\r') || (*p == '\n'))) p++;
/*
* Nothing, or just a comment. Ignore the line.
*/
if ((!*p) || (*p == '#')) {
continue;
}
timeout = 3;
if (sscanf(p, "%s %s %d", hostname, secret, &timeout) < 2) {
_pam_log(LOG_ERR, "Unable to open socket7: %s\n", strerror(errno));
_pam_log(LOG_ERR, "ERROR reading %s, line %d: Could not read hostname or secret\n",
conf_file, line);
continue; /* invalid line */
} else { /* read it in and save the data */
_pam_log(LOG_ERR, "Unable to open socket8: %s\n", strerror(errno));
radius_server_t *tmp;
tmp = malloc(sizeof(radius_server_t));
if (server) {
_pam_log(LOG_ERR, "Unable to open socket9: %s\n", strerror(errno));
server->next = tmp;
server = server->next;
} else {
_pam_log(LOG_ERR, "Unable to open socket10: %s\n", strerror(errno));
conf->server = tmp;
server= tmp; /* first time */
}
/* sometime later do memory checks here */
server->hostname = strdup(hostname);
server->secret = strdup(secret);
server->accounting = accounting;
server->port = 0;


if ((timeout < 1) || (timeout > 60)) {
_pam_log(LOG_ERR, "Unable to open socket11: %s\n", strerror(errno));
server->timeout = 3;
} else {
_pam_log(LOG_ERR, "Unable to open socket12: %s\n", strerror(errno));
server->timeout = timeout;
}
server->next = NULL;
}
_pam_log(LOG_ERR, "Unable to open socket23: %s\n", strerror(errno));
}
_pam_log(LOG_ERR, "Unable to open socketAAA: %s\n", strerror(errno));
fclose(fserver);
if (!server) { /* no server found, die a horrible death */
_pam_log(LOG_ERR, "No RADIUS server found in configuration file %s\n",
conf_file);
return PAM_AUTHINFO_UNAVAIL;
}
/* open a socket. Dies if it fails */
conf->sockfd = socket(AF_INET, SOCK_DGRAM, 0);
if (conf->sockfd < 0) {
_pam_log(LOG_ERR, "Failed to open RADIUS socket: %s\n", strerror(errno));
return PAM_AUTHINFO_UNAVAIL;
}


  /* set up the local end of the socket communications */
  s_in = (struct sockaddr_in *) &salocal;
  memset ((char *) s_in, '\0', sizeof(struct sockaddr));
  s_in->sin_family = AF_INET;
  s_in->sin_addr.s_addr = INADDR_ANY;

/*
* Use our process ID as a local port for RADIUS.
*/
local_port = (getpid() & 0x7fff) + 1024;
do {
local_port++;
s_in->sin_port = htons(local_port);
} while ((bind(conf->sockfd, &salocal, sizeof (struct sockaddr_in)) < 0) && (local_port < 64000));
if (local_port >= 64000) {
close(conf->sockfd);
_pam_log(LOG_ERR, "No open port we could bind to.");
return PAM_AUTHINFO_UNAVAIL;
}


   _pam_log(LOG_ERR, "Unable to open socket6: %s\n", strerror(errno));
  return PAM_SUCCESS;
   _pam_log(LOG_ERR, "Unable to open socket11: %s\n", strerror(errno));
}

/*
 * Helper function for building a radius packet.
 * It initializes *some* of the header, and adds common attributes.
 */




FROM MAIN: DPRINT(LOG_DEBUG, "Got user name %s", user);


  /*
   * Get the IP address of the authentication server
   * Then, open a socket, and bind it to a port
   */
   _pam_log(LOG_ERR, "Unable to open socket5: %s\n", strerror(errno));
  retval = initialize(&config, FALSE);
   _pam_log(LOG_ERR, "Unable to open socket3: %s\n", strerror(errno));
  PAM_FAIL_CHECK;
   _pam_log(LOG_ERR, "Unable to open socket33: %s\n", strerror(errno));


------------------------------------------------------------------------


_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]