On 31 Jul, Daniel C. Sobral wrote:
>> pam_ssh isn't able to start ssh-agent if you use
>> ---snip---
>> xdm session sufficient pam_ssh.so
>> ---snip---
>> in /etc/pam.conf. With "malloc.conf -> aj" it seems to work.
>>
>> grep pam /var/log/messages:
>> ---snip---
>> Jul 30 00:54:04 Magelan -:0: unable to resolve symbol: pam_sm_chauthtok
>> Jul 30 00:54:05 Magelan -:0: pam_ssh: could not connect to agent
>> ---snip---
>>
>> Is someone else able to reproduce this?
>
> If that's the case, you have a bug. Not one easy to trace, though... :-(
I assume it's uninitialized memory, it didn't happen with "ln -sf AJZ
/etc/malloc.conf".
This reduces it to code after *alloc calls... or it's an unterminated
string. Ok, I give it a try...
It seems it isn't really something with PAM,
/usr/src/crypto/openssh/pam_ssh/pam_ssh.c:
---snip---
if (!(ac = ssh_get_authentication_connection())) {
syslog(LOG_ERR, "%s: could not connect to agent",
MODULE_NAME);
env_destroy(ssh_env);
return PAM_SESSION_ERR;
---snip---
and
/usr/src/crypto/openssh/authfd.c:
---snip---
int
ssh_get_authentication_socket()
{
const char *authsocket;
int sock;
struct sockaddr_un sunaddr;
[...]
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
[...]
if (connect(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
[...]
---snip---
and
/usr/include/sys/un.h:
---snip---
struct sockaddr_un {
u_char sun_len; /* sockaddr len including null */
u_char sun_family; /* AF_UNIX */
char sun_path[104]; /* path name (gag) */
};
---snip---
sunaddr.sun_len isn't set. If I understand the APUE, it should be:
---snip---
Index: authfd.c
===================================================================
RCS file: /big/FreeBSD-CVS/src/crypto/openssh/authfd.c,v
retrieving revision 1.4
diff -u -r1.4 authfd.c
--- authfd.c 2000/07/16 05:52:23 1.4
+++ authfd.c 2000/07/31 12:03:52
@@ -33,7 +33,7 @@
ssh_get_authentication_socket()
{
const char *authsocket;
- int sock;
+ int sock, len;
struct sockaddr_un sunaddr;
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
@@ -42,6 +42,7 @@
sunaddr.sun_family = AF_UNIX;
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
+ sunaddr.sun_len = len = SUN_LEN(&sunaddr)+1;
sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0)
@@ -52,7 +53,7 @@
close(sock);
return -1;
}
- if (connect(sock, (struct sockaddr *) & sunaddr, sizeof(sunaddr)) < 0) {
+ if (connect(sock, (struct sockaddr *) & sunaddr, len) < 0) {
close(sock);
return -1;
}
---snip---
I rebuilded libssh.a and pam_ssh.so with this patch and I didn't get the
error anymore.
I haven't rebuilded the world or anything openssh related, but I think
this should work (and because of the readability of pam_ssh.c and
authfd.c it was easy to trace only by looking at the source... it seems
using FreeBSD is the "Right Thing[TM]" :) ).
BTW.: the "pam_sm_chauthok" error isn't "xdm session" related, it's
because of "xdm account" or "xdm password" (it's not implemented in
pam_ssh).
Bye,
Alexander.
--
Loose bits sink chips.
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = 7423 F3E6 3A7E B334 A9CC B10A 1F5F 130A A638 6E7E
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
