[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_get_item() problems



I am looking for assistance using the pam_get_item() function. According to the pam module writters guide on kernel.org I should use pam_get_item() as the following:

extern int pam_get_item( const pam_handle_t *pamh,
                                             int item_type,
                                             const void **item );


As you can see in the code below it should retrieve the password entered during login and store it in the const void **password variable. But what happens is it completely crashes the display manager. I don't get it, I have looked at other people's source (pam_krb5afs.c for example) and they are calling the pam_get_item() function in much the same way and yet it isn't crashing their display. Am I missing something or over looking a compile option perhaps? Any help is greatly appreciated.


configured my pam configuration as:
/etc/pam.d/xdm & /etc/pam.d/gdm (GUI login stuff for KDE & Gnome)

auth sufficient pam_test.so try_first_pass


I have compiled the following code as:


%> gcc -fPIC -o pam_test.o -c pam_test.c

%> ld --shared -x -lc -o pam_test.so pam_test.o -lpam

%> cp -m 755 pam_test.so /lib/security;


[code snip]


/* PAM includes */

#include <security/pam_modules.h>

#include <security/_pam_macros.h>

#include <security/pam_appl.h>

/* PAM definitions */

#define PAM_SM_ACCOUNT

#define PAM_SM_AUTH

#define PAM_SM_PASSWORD

#define PAM_SM_SESSION

/* Log events to syslog */

static void _pam_log(int err, const char *format, ...)

{

va_list args;

va_start(args, format);

openlog("PAM-RemoteKRB5", LOG_PID | LOG_NDELAY, LOG_SYSLOG);

vsyslog(err, format, args);

va_end(args);

closelog();

}

PAM_EXTERN

int pam_sm_authenticate( pam_handle_t *pamh, int flags, int argc, const char **argv )

{

int retval;

udataptr myUser = &localUser;

myConfigPtr myConfig = &localConfig;

char user[15];

const void ** password;

myUser->usrname=user;

if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "pam_tester: " ) != PAM_SUCCESS ) ) {

_pam_log( LOG_ERR, "Could not obtain username" );

return 1;

} else {

_pam_log( LOG_ERR, "Obtained Username: %s", myUser->usrname );

}

// This bit is not working?!

if( pam_get_item( pamh, PAM_AUTHTOK, password ) != PAM_SUCCESS ) {

_pam_log( LOG_ERR, "Error retrieving password" );

return 1;

} else {

strcpy( *( &( myUser->password ) ), *password );

}

}


Jason Gerfen wrote:


Oops, thanks for the pointer... I will modify that. Know anything about using the pam_get_item()?

Justin F. wrote:

{
   int retval;
   udataptr myUser = &localUser;
   myConfigPtr myConfig = &localConfig;
   char user[15];
   char *password;
   myUser->usrname=user;
   char error_msg[30];

if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
login:" ) != PAM_SUCCESS ) ) {
strcpy( error_msg, "Could not obtain user name: " );
strcat( error_msg, myUser->usrname );


You do not feel having a fixed length array of 30b with a 28b messages and
strcat'ing a username into it could cause problems?
This leads you with like 1 byte usernames.





if( ( retval = pam_get_user( pamh, &( myUser->usrname ), "PAM_test
login:" ) == PAM_SUCCESS ) ) {
strcpy( error_msg, "Obtained username: " );
strcat( error_msg, myUser->usrname );



Same deal here, however you have more wiggle room.



However, I am not a pam expert, so I can't really answer your question- I
just noticed those two potential overflows.


Justin F.





--
Jason Gerfen
jason gerfen scl utah edu

"And remember... If the ladies
don't find you handsome, they
should at least find you handy..."
            ~The Red Green show

_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list





_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list






--
Jason Gerfen
jason gerfen scl utah edu

"And remember... If the ladies
don't find you handsome, they
should at least find you handy..."
            ~The Red Green show


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]