pam_get_item() problems
Jason Gerfen
jason.gerfen at scl.utah.edu
Wed Nov 17 15:43:47 UTC 2004
I am looking for assistance using the pam_get_item() function.
According to the pam module writters guide on kernel.org I should use
pam_get_item() as the following:
extern int pam_get_item( const pam_handle_t *pamh,
int item_type,
const void **item );
As you can see in the code below it should retrieve the password entered
during login and store it in the const void **password variable. But
what happens is it completely crashes the display manager. I don't get
it, I have looked at other people's source (pam_krb5afs.c for example)
and they are calling the pam_get_item() function in much the same way
and yet it isn't crashing their display. Am I missing something or over
looking a compile option perhaps? Any help is greatly appreciated.
configured my pam configuration as:
/etc/pam.d/xdm & /etc/pam.d/gdm (GUI login stuff for KDE & Gnome)
auth sufficient pam_test.so try_first_pass
I have compiled the following code as:
%> gcc -fPIC -o pam_test.o -c pam_test.c
%> ld --shared -x -lc -o pam_test.so pam_test.o -lpam
%> cp -m 755 pam_test.so /lib/security;
[code snip]
/* PAM includes */
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_appl.h>
/* PAM definitions */
#define PAM_SM_ACCOUNT
#define PAM_SM_AUTH
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION
/* Log events to syslog */
static void _pam_log(int err, const char *format, ...)
{
va_list args;
va_start(args, format);
openlog("PAM-RemoteKRB5", LOG_PID | LOG_NDELAY, LOG_SYSLOG);
vsyslog(err, format, args);
va_end(args);
closelog();
}
PAM_EXTERN
int pam_sm_authenticate( pam_handle_t *pamh, int flags, int argc, const char **argv )
{
int retval;
udataptr myUser = &localUser;
myConfigPtr myConfig = &localConfig;
char user[15];
const void ** password;
myUser->usrname=user;
if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "pam_tester: " ) != PAM_SUCCESS ) ) {
_pam_log( LOG_ERR, "Could not obtain username" );
return 1;
} else {
_pam_log( LOG_ERR, "Obtained Username: %s", myUser->usrname );
}
// This bit is not working?!
if( pam_get_item( pamh, PAM_AUTHTOK, password ) != PAM_SUCCESS ) {
_pam_log( LOG_ERR, "Error retrieving password" );
return 1;
} else {
strcpy( *( &( myUser->password ) ), *password );
}
}
Jason Gerfen wrote:
> Oops, thanks for the pointer... I will modify that. Know anything
> about using the pam_get_item()?
>
> Justin F. wrote:
>
>>> {
>>> int retval;
>>> udataptr myUser = &localUser;
>>> myConfigPtr myConfig = &localConfig;
>>> char user[15];
>>> char *password;
>>> myUser->usrname=user;
>>> char error_msg[30];
>>>
>>> if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
>>> login:" ) != PAM_SUCCESS ) ) {
>>> strcpy( error_msg, "Could not obtain user name: " );
>>> strcat( error_msg, myUser->usrname );
>>>
>>
>>
>> You do not feel having a fixed length array of 30b with a 28b
>> messages and
>> strcat'ing a username into it could cause problems?
>> This leads you with like 1 byte usernames.
>>
>>
>>
>>
>>> if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
>>> login:" ) == PAM_SUCCESS ) ) {
>>> strcpy( error_msg, "Obtained username: " );
>>> strcat( error_msg, myUser->usrname );
>>>
>>
>>
>>
>> Same deal here, however you have more wiggle room.
>>
>>
>> However, I am not a pam expert, so I can't really answer your
>> question- I
>> just noticed those two potential overflows.
>>
>> Justin F.
>>
>>
>>
>>
>>
>>> --
>>> Jason Gerfen
>>> jason.gerfen at scl.utah.edu
>>>
>>> "And remember... If the ladies
>>> don't find you handsome, they
>>> should at least find you handy..."
>>> ~The Red Green show
>>>
>>> _______________________________________________
>>> Pam-list mailing list
>>> Pam-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pam-list
>>>
>>>
>>>
>>
>>
>>
>> _______________________________________________
>> Pam-list mailing list
>> Pam-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pam-list
>>
>>
>
>
--
Jason Gerfen
jason.gerfen at scl.utah.edu
"And remember... If the ladies
don't find you handsome, they
should at least find you handy..."
~The Red Green show
More information about the Pam-list
mailing list