The Hermit Hacker writes: > Resent-Date: 31 Aug 1998 17:04:33 -0000 > Resent-Cc: recipient list not shown: ; > Resent-Message-ID: <"pVWzU3.0.fL2.UUjwr"@mail2.redhat.com> > Resent-From: pam-list@redhat.com > Resent-Sender: pam-list-request@redhat.com > Date: Mon, 31 Aug 1998 10:32:36 -0400 (EDT) > From: The Hermit Hacker > To: pam-list@redhat.com > Subject: Cyrus IMAPd pwcheck + PAM - possible solution... > Reply-To: pam-list@redhat.com > > > Morning... > > Last week, one of the subscribers to the Cyrus IMAPd mailing list > sent in a patch for using PAM inside of pwcheck. The patch, I think, > looks good, except that after running for a short period of time, it > 'crashes' with a 'too many open files' error message. > > I cleaned up the pwcheck() function that calls the pam_start/etc > functions, but beyond that, I'm kinda lost...can someone tell me whether > there are any obvious errors in the PAM_conv code? The person that wrote > this is running it, if I understand correctly, on a 'quiet' system, so I'm > sort of figuring that the bug only exhibits itself on my system as it > being hit multiple times per second :( > > I'm running Solaris 2.6... > > Thanks... > > > ---------- Forwarded message ---------- > Date: Mon, 31 Aug 1998 11:28:12 -0300 (ADT) > From: Marc G. Fournier > To: scrappy@hub.org > Subject: PAM > > #include > #include > #include > #include > > /* Static variables used to communicate between the conversation function > * and the server_login function > */ > static char *PAM_username; > static char *PAM_password; > > /* PAM conversation function > */ > static int PAM_conv (int num_msg, > const struct pam_message **msg, > struct pam_response **resp, > void *appdata_ptr) { > int replies = 0; > struct pam_response *reply = NULL; > > #define COPY_STRING(s) (s) ? strdup(s) : NULL > > reply = malloc(sizeof(struct pam_response) * num_msg); > if (!reply) return PAM_CONV_ERR; > > for (replies = 0; replies < num_msg; replies++) { > switch (msg[replies]->msg_style) { > case PAM_PROMPT_ECHO_ON: > reply[replies].resp_retcode = PAM_SUCCESS; > reply[replies].resp = COPY_STRING(PAM_username); > /* PAM frees resp */ > break; > case PAM_PROMPT_ECHO_OFF: > reply[replies].resp_retcode = PAM_SUCCESS; > reply[replies].resp = COPY_STRING(PAM_password); > /* PAM frees resp */ > break; > case PAM_TEXT_INFO: > /* fall through */ > case PAM_ERROR_MSG: > /* ignore it, but pam still wants a NULL response... */ > reply[replies].resp_retcode = PAM_SUCCESS; > reply[replies].resp = NULL; > break; > default: > /* Must be an error of some sort... */ > free (reply); > return PAM_CONV_ERR; > } > } > *resp = reply; > return PAM_SUCCESS; > } > > static struct pam_conv PAM_conversation = { > PAM_conv, > NULL > }; > > /* Server log in > * Accepts: user name string > * password string > * Returns: "OK" if password validated, error message otherwise > */ > > char *pwcheck(char *username, char *password) > { > pam_handle_t *pamh; > int pam_error; > > /* PAM only handles authentication, not user information. */ > if ( !(username && password && strlen(username) && strlen(password)) ) > return "Incorrect username"; > > /* validate password */ > > PAM_password = password; > PAM_username = username; > fprintf(stderr, "checking %s\n", username); > pam_error = pam_start("cyrus", username, &PAM_conversation, &pamh); > if (pam_error == PAM_SUCCESS) > pam_error = pam_authenticate(pamh, 0); > > if (pam_error == PAM_SUCCESS) > pam_error = pam_acct_mgmt(pamh, 0); > > if ( pam_error == PAM_SUCCESS) > fprintf(stderr, "\tauthenticated %s\n", username); > else > fprintf(stderr, "\tfailed to authenticate %s\n", username); > > if(pam_end(pamh, pam_error) != PAM_SUCCESS) { > pamh = NULL; > fprintf(stderr, "pwcheck: failed to release authenticator\n"); > exit(1); > } > return ( pam_error == PAM_SUCCESS ? "OK" : "Incorrect passwd" ); > } > > -- > To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null -- To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null