From owner-freebsd-security@FreeBSD.ORG Fri Feb 27 16:10:43 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7CE41065670 for ; Fri, 27 Feb 2009 16:10:43 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: from yx-out-2324.google.com (yx-out-2324.google.com [74.125.44.30]) by mx1.freebsd.org (Postfix) with ESMTP id 60B978FC15 for ; Fri, 27 Feb 2009 16:10:42 +0000 (UTC) (envelope-from ivangrvr299@gmail.com) Received: by yx-out-2324.google.com with SMTP id 31so781949yxl.13 for ; Fri, 27 Feb 2009 08:10:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=Lc2xW1Zgo5bkaJGTI8OSUV/l5HmpOWxh2Lfb94NEESA=; b=prVO2oT+r6FUSGZwT+8WkS0p7O29/u4/3+PmcOiRM7Zrxi40aTqGUL/y0j+bGPnNXU 83feJdxUt8pQT/o9qvb70vnF3muLaaqql0go8jr8SYnD9KreYwN/GUCA2P/IgtkRKEbH na3+vojDJiQCW/c1ywdzZsgojSOeolMRCKRSM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Q2r3vHXqktYy46Qo7Aqn1IxZ1H7JHXUG4P5HC3mftezcR1D0xL7VBH/+S/URrk+hN4 cwJ/b02evO3Dt++s7FWzY0xkyVXIRYreWI4qm1cWY1kTY2O/e5ZmdTpoZ+Xst1TfWhqq DToB7HilMNqdov9n3rg86RQy4xeqWAC4pwTbs= MIME-Version: 1.0 Received: by 10.231.19.204 with SMTP id c12mr2380500ibb.39.1235751042173; Fri, 27 Feb 2009 08:10:42 -0800 (PST) In-Reply-To: <670f29e20902270618m23eed4acg15a8a3e7b43fe327@mail.gmail.com> References: <670f29e20902240717m49f53bfx67166c151c01384b@mail.gmail.com> <86eixnfwr2.fsf@ds4.des.no> <670f29e20902270618m23eed4acg15a8a3e7b43fe327@mail.gmail.com> Date: Fri, 27 Feb 2009 21:40:42 +0530 Message-ID: <670f29e20902270810h22adc102rd9500d74208b1f11@mail.gmail.com> From: Ivan Grover To: =?ISO-8859-1?Q?Dag=2DErling_Sm=F8rgrav?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: PAM rules inside pam.d X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2009 16:10:44 -0000 I debugged pam_unix aswell, it looks like crypt function is giving different strings for telnet and my application with same passwd string and salt. So i think the issue could be with crypt library linked telnet and my application. please let me know your thoughts crypt(plaintext_ptr, salt); On Fri, Feb 27, 2009 at 7:48 PM, Ivan Grover wrote: > Hi, > Iam sorry my observation was wrong. > > I debugged the problem, it looks strange, these are my findings : > > I have my PAM rules for my service as > > auth required /lib/security/pam_securetty.so > auth required pam_stack.so service=3Dsystem-auth > auth required /lib/security/pam_nologin.so > > The pam_unix module returns authentication failure from pam_unix.so from > pam_stack.so , hence the control reaches pam_nologin.so. > > The same rules work well with telnet/ftp , but fails for my service > > I have checked the username, password passed to PAM module by changing th= e > sources of pam_nologin.so, they are proper. I didnt had sources for > pam_unix, so iam not able to detect the exact problem. > > My suspect is that my application using my PAM service might have done so= me > fd leaks or any other problem. But the max fds open by my application are > 185 which is still below max limit(OPEN_MAX) > > Restarting the application resolves the problem and iam able to > authenticate user > > > can anyone help me what could be the problem. > > > Thanks and Best Regards, > > > > On Wed, Feb 25, 2009 at 1:11 AM, Dag-Erling Sm=F8rgrav wrote= : > >> Ivan Grover writes: >> > Now, after upgrading PAM modules (pam_unix.so, pam_stack.so..) and >> > library [...] >> >> Upgrading from what to what? >> >> Have you tried the standard debugging procedure? >> >> DES >> -- >> Dag-Erling Sm=F8rgrav - des@des.no >> > >