bug-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: problems trying to use both PAM and CVSROOT/passwd]

From: Brian Murphy
Subject: Re: [Fwd: problems trying to use both PAM and CVSROOT/passwd]
Date: Sun, 16 Jan 2005 22:05:58 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031107 Debian/1.5-3 
Derek Price wrote:
I've created Issue #230 in the issuezilla: <https://ccvs.cvshome.org/issues/show_bug.cgi?id=230>. Brian Murphy has been dealing with the PAM issues. I've cc'd him. 

Thanks for the report.

Derek

------------------------------------------------------------------------

Subject:
problems trying to use both PAM and CVSROOT/passwd
From:
"Neil B. Morley" <nmorley@entertainment.com>
Date:
Fri, 14 Jan 2005 11:05:12 -0800
To:
info-cvs@gnu.org



Dear cvs users,
I am trying to use the pam authentication in 1.12.11 with and ldap database. But I want to transition my users slowly to make sure they have no problems and downtime. However, if I have pam enabled, I can't seem to get access for users still in the passwd file. It allows login, but any checkout operations give me the error: 

PAM open session error: System error




cvs [checkout aborted]: recv() from server cvsdns2: EOF
Does anyone have any idea if this is fixable. I see a bug report about this behavior at http://bugs.gentoo.org/show_bug.cgi?id=72251 
but not sure if this is a bug or some setup issue.


This is a bug. When CVSROOT/passwd is used for authentication then the PAM
library is not initialized. When the pam_* functions are called in switch_to_user 
they fail because pam_start has not been called.

Solution:

split out pam initialization to a seperate function which is always called.

patch attached.

Please review and give your OK to submit.

/Brian

Index: server.c
===================================================================
RCS file: /cvs/ccvs/src/server.c,v
retrieving revision 1.410
diff -u -r1.410 server.c
--- server.c    9 Dec 2004 19:33:51 -0000       1.410
+++ server.c    16 Jan 2005 20:59:44 -0000
@@ -6755,7 +6755,7 @@
 }
 
 static int
-check_pam_password (char **username, char *password)
+pam_initialize (char **username, char *password)
 {
     int retval, err;
     struct cvs_pam_userinfo ui = { *username, password };
@@ -6770,10 +6770,16 @@
         retval = pam_set_item(pamh, PAM_TTY, PAM_SERVICE_NAME);
     }
 
-    if (retval == PAM_SUCCESS) {
-       pam_stage = "authenticate";
-       retval = pam_authenticate(pamh, 0);
-    }
+    return retval == PAM_SUCCESS;       /* indicate success */
+}
+
+static int
+check_pam_password ()
+{
+    int retval, err;
+    char *pam_stage = "authenticate";
+
+    retval = pam_authenticate(pamh, 0);
 
     if (retval == PAM_SUCCESS) {
        pam_stage = "account";
@@ -6866,6 +6872,14 @@
     int rc;
     char *host_user = NULL;
 
+#ifdef HAVE_PAM
+    if (!pam_initialize(&username, password)) {
+        printf ("error 0 pam initialization failed\n");
+
+        exit (EXIT_FAILURE);
+    }
+#endif
+
     /* First we see if this user has a password in the CVS-specific
        password file.  If so, that's enough to authenticate with.  If
        not, we'll check /etc/passwd or maybe whatever is configured via PAM. */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]