Trouble with crypt(3) in pam module.

Pedro Fortuny Ayuso pfortuny at gmail.com
Sun Jun 6 09:24:50 UTC 2010


Anthony,

On Sat, Jun 5, 2010 at 9:01 PM, Anthony Iliopoulos <ailiop at lsu.edu> wrote:

> Pedro,
>
> On Wed, Jun 02, 2010 at 05:09:39PM +0200, Pedro Fortuny Ayuso wrote:
> > Hi,
> >
> > I simply do not get it... crypt(3) crashes in a PAM module,
> > raising a segfault, but it does not in a 'standalone version'
> > of the module.
> >
> > The code below (which is the minimal I have been able to squeeze
> > it into) segfaults if run as a pam module. It does not do so
> > if run standalone (adding the main() and compiling it as an executable).
> >
> > Any ideas, pointers, misunderstandings on my side?
> >
> > I can run other libraries (namely OpenSSL) without problems, although
> > BIO_free_all() also segfaulted...
> >
> > This happens in two systems at least:
> >
> > Ubuntu-9, 2.6.24-24-generic #1 SMP, x86_64
> > Fedora-13, 2.6.33.3-85.fc13.x86_64 #1 SMP
> >
> > It seems to be related to the 64bit thing, but I am not that
> > sure. I am copying the error messages:
> >
> > On the Ubuntu system:
> > Jun  2 17:06:48 jorge-desktop kernel: [109318.066314] sshd[10318]:
> segfault at 5e6775f0 rip 7ff45bb900e0 rsp 7fff6644e658 error 4
> >
> > On the Fedora system:
> > Jun  2 04:40:42 fedora13 sibyl: Entered module BOGUS
> > Jun  2 04:40:42 fedora13 sibyl: I can still log after crypt'ing
> > Jun  2 04:40:42 fedora13 kernel: sshd[1855]: segfault at ffffffffca7c4be0
> ip 00007fd8c68fb007 sp 00007fff4efb8b50 error 4 in libc-2.12.so
> [7fd8c68b3000+175000]
>
> Looks like your calling your pam module through sshd. Note that
> sshd runs pam authentication in a thread context. That might be
> attributing to the crash your are seeing when the module is not
> called as a standalone program.
>
> Some other things you might want to pay attention to is, how you
> are compiling the pam module (statically/dynamically and the various
> linker options).
>
> Also, did you try to isolate the fault ? e.g. does it still segfault
> if you remove the crypt call ? What about removing the syslog
> output of the crypt result array ? You can always make an attempt
> to see if crypt_r (the re-entrant version of crypt) would work for
> you.
>
> Regards,
> Anthony
>
>

Yes, I did isolate the fault: it is the crypt() call for sure. Most probably
it is the
sshd thread context thing you mention (it is the only way I have tried to
run it so far).
As a matter of fact I tried to use also OpenSSL's BIOs and got another
segfault when calling BIO_free() (all this in through sshd), which makes
me think the thread context is the key to the problem.

I shall try and use the crypt_r version. However, could you point me
to some place where this thread context of sshd is explained? Is there a way
to replicate crypt() using OpenSSL?

Thanks a lot,

Pedro.




> > /* notice that one cannot assume Linux has OpenPAM implemented */
> >
> > #include <pwd.h>
> > #include <stdlib.h>
> > #include <stdio.h>
> > #include <string.h>
> > #include <unistd.h>
> > #include <syslog.h>
> >
> > #include <security/pam_modules.h>
> > #include <security/pam_appl.h>
> >
> >
> > int
> > pam_sm_authenticate(pam_handle_t *pamh, int flags,
> >                   int argc, const char *argv[])
> > {
> >       FILE *log;
> >       /* options */
> >
> >       openlog( "sibyl", LOG_CONS, LOG_AUTH);
> >       void syslog(int priority, const char *format, ...);
> >
> >       syslog(LOG_NOTICE, "Entered module BOGUS");
> >         char *c = crypt("petete", "$1$cW0uis36$");
> >         syslog(LOG_NOTICE, "I can still log after crypt'ing");
> >         syslog(LOG_NOTICE, "Encrypted [%s]", c);
> >         return(PAM_AUTH_ERR);
> > }
> >
> > /* uncomment for a standalone version
> > int main(){
> >       pam_sm_authenticate(NULL, 0, 0, NULL);
> >       return(0);
> > } */
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>



-- 
Pedro Fortuny Ayuso
Dpto de Matemáticas
Escuela Univ. de Ingeniería Técnica Industrial
Campus Universitario de Gijón (Viesques)
33203 Gijón (Asturias)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20100606/54f16640/attachment.htm>


More information about the Pam-list mailing list