PAM radius module and "Prompt" attribute.
ugengia-reg at yahoo.it
ugengia-reg at yahoo.it
Wed Oct 29 11:28:24 CET 2008
Here is the details about the core dump of a patched version of pam_radius_auth.so when an access challenge with Prompt=No Echo is received.
patch url: http://bugs.freeradius.org/show_bug.cgi?id=609
RADIUS Server: RSA authentication manager 7.1
RADIUS client host: sun ultra 45 solaris 10
pam_radius_auth.so compiler: /usr/sfw/bin/gcc
/usr/sfw/bin/gcc -v
Reading specs from /usr/sfw/lib/gcc/sparc-sun-solaris2.10/3.4.3/specs
Configured with: /gates/sfw10/builds/sfw10-gate/usr/src/cmd/gcc/gcc-3.4.3/configure --prefix=/usr/sfw --with-as=/usr/sfw/bin/gas --with-gnu-as --with-ld=/usr/ccs/bin/ld --without-gnu-ld --enable-languages=c,c++ --enable-shared
Thread model: posix
gcc version 3.4.3 (csl-sol210-3_4-branch+sol_rpath)
Regards,
Cesare
Script started on Wed Oct 29 10:07:11 2008
bash-2.05b# ls -l
total 11440
-rwxr-xr-x 1 root root 14732 Oct 29 09:58 check_user
-rw------- 1 root root 5840475 Oct 29 09:59 core
bash-2.05b# uname -X
System = SunOS
Release = 5.10
KernelID = Generic_118833-03
Machine = sun4u
BusType = <unknown>
Serial = <unknown>
Users = <unknown>
OEM# = 0
Origin# = 1
NumCPU = 2
bash-2.05b# pstack core
core 'core' of 17327: ./check_user SysAdmin 1
fecf45b8 pam_sm_authenticate (214e8, 0, 2, 21f50, fecf3964, 60) + c54
ff382c00 run_stack (214e8, 0, 22680, 9, 1, ff396ba4) + c8
ff382ea4 pam_authenticate (214e8, 0, 0, 13180, 21184, ff396000) + 30
00010a30 main (3, ffbfead4, ffbfeae4, 214d8, ff240100, ff240140) + 13c
0001078c _start (0, 0, 0, 0, 0, 0) + 5c
bash-2.05b#
bash-2.05b# gdb check_user core
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.10"...
Reading symbols from /lib/libpam.so.1...done.
Loaded symbols for /lib/libpam.so.1
Reading symbols from /lib/libc.so.1...done.
Loaded symbols for /lib/libc.so.1
Reading symbols from /lib/libcmd.so.1...done.
Loaded symbols for /lib/libcmd.so.1
Reading symbols from /platform/SUNW,A70/lib/libc_psr.so.1...done.
Loaded symbols for /platform/SUNW,A70/lib/libc_psr.so.1
Reading symbols from /usr/lib/security/pam_authtok_get.so.1...done.
Loaded symbols for /usr/lib/security/pam_authtok_get.so.1
Reading symbols from /usr/lib/passwdutil.so.1...done.
Loaded symbols for /usr/lib/passwdutil.so.1
Reading symbols from /usr/lib/libsldap.so.1...done.
Loaded symbols for /usr/lib/libsldap.so.1
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libldap.so.5...done.
Loaded symbols for /usr/lib/libldap.so.5
Reading symbols from /lib/libdoor.so.1...done.
Loaded symbols for /lib/libdoor.so.1
Reading symbols from /usr/lib/libsasl.so.1...done.
Loaded symbols for /usr/lib/libsasl.so.1
Reading symbols from /lib/libsocket.so.1...done.
Loaded symbols for /lib/libsocket.so.1
Reading symbols from /lib/libmd5.so.1...done.
Loaded symbols for /lib/libmd5.so.1
Reading symbols from /usr/lib/mps/libnspr4.so...done.
Loaded symbols for /usr/lib/mps/libnspr4.so
Reading symbols from /usr/lib/mps/libplc4.so...done.
Loaded symbols for /usr/lib/mps/libplc4.so
Reading symbols from /usr/lib/mps/libnss3.so...done.
Loaded symbols for /usr/lib/mps/libnss3.so
Reading symbols from /usr/lib/mps/libssl3.so...done.
Loaded symbols for /usr/lib/mps/libssl3.so
Reading symbols from /lib/libpthread.so.1...
warning: Lowest section in /lib/libpthread.so.1 is .dynamic at 00000074
done.
Loaded symbols for /lib/libpthread.so.1
Reading symbols from /lib/libthread.so.1...
warning: Lowest section in /lib/libthread.so.1 is .dynamic at 00000074
done.
Loaded symbols for /lib/libthread.so.1
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /lib/libdl.so.1...
warning: Lowest section in /lib/libdl.so.1 is .dynamic at 00000094
done.
Loaded symbols for /lib/libdl.so.1
Reading symbols from /usr/lib/mps/libsoftokn3.so...done.
Loaded symbols for /usr/lib/mps/libsoftokn3.so
Reading symbols from /usr/lib/mps/libplds4.so...done.
Loaded symbols for /usr/lib/mps/libplds4.so
Reading symbols from /lib/libaio.so.1...done.
Loaded symbols for /lib/libaio.so.1
Reading symbols from /platform/SUNW,A70/lib/libmd5_psr.so.1...done.
Loaded symbols for /platform/SUNW,A70/lib/libmd5_psr.so.1
Reading symbols from /usr/lib/mps/cpu/sparcv8plus/libnspr_flt4.so...done.
Loaded symbols for /usr/lib/mps/cpu/sparcv8plus/libnspr_flt4.so
Reading symbols from /usr/lib/security/pam_radius_auth.so.1...done.
Loaded symbols for /usr/lib/security/pam_radius_auth.so.1
Reading symbols from /usr/sfw/lib/libgcc_s.so.1...done.
Loaded symbols for /usr/sfw/lib/libgcc_s.so.1
Reading symbols from /lib/nss_nisplus.so.1...done.
Loaded symbols for /lib/nss_nisplus.so.1
Reading symbols from /lib/ld.so.1...done.
Loaded symbols for /lib/ld.so.1
Core was generated by `./check_user SysAdmin 1'.
Program terminated with signal 10, Bus error.
#0 0xfecf45b8 in pam_sm_authenticate () from /usr/lib/security/pam_radius_auth.so.1
(cisco-6.6.0-gdb) bt
#0 0xfecf45b8 in pam_sm_authenticate () from /usr/lib/security/pam_radius_auth.so.1
#1 0xff382c08 in run_stack () from /lib/libpam.so.1
#2 0xff382eac in pam_authenticate () from /lib/libpam.so.1
#3 0x00010a38 in main (argc=3, argv=0xffbfead4) at check_user.c:39
(cisco-6.6.0-gdb) quit
No active breakpoints to delete
bash-2.05b# exit
exit
script done on Wed Oct 29 10:08:58 2008
--- Mar 28/10/08, tnt at kalik.net <tnt at kalik.net> ha scritto:
> Da: tnt at kalik.net <tnt at kalik.net>
> Oggetto: Re: PAM radius module and "Prompt" attribute.
> A: freeradius-users at lists.freeradius.org
> Data: Martedì 28 ottobre 2008, 17:21
> Instructions what to do with segmentation faults are in
> doc/bugs.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 28/10/2008, "ugengia-reg at yahoo.it"
> <ugengia-reg at yahoo.it> piše:
>
> >Hi All,
> >I tried the patch but unfortunately the library
> sigfaults.
> >
> >Program received signal SIGSEGV, Segmentation fault.
> >0xfecf45b8 in pam_sm_authenticate () from
> /usr/lib/security/pam_radius_auth.so.1
> >
> >Any suggestion?
> >
> >Regards,
> >Cesare
> >
> >--- Mer 22/10/08, Alan DeKok
> <aland at deployingradius.com> ha scritto:
> >
> >> Da: Alan DeKok <aland at deployingradius.com>
> >> Oggetto: Re: PAM radius module and
> "Prompt" attribute.
> >> A: ugengia-reg at yahoo.it, "FreeRadius users
> mailing list"
> <freeradius-users at lists.freeradius.org>
> >> Data: Mercoledě 22 ottobre 2008, 18:40
> >> ugengia-reg at yahoo.it wrote:
> >> > All is working well, but I found a problem
> when the
> >> PAM module receives an Access-Challenge.
> >> >
> >> > Here is the problem: even if the RADIUS
> server sends a
> >> Prompt="No Echo" attribute, my PAM
> conversation
> >> function receives a PAM_PROMPT_ECHO_ON msg_style
> instead of
> >> a PAM_PROMPT_ECHO_OFF.
> >>
> >> See:
> http://bugs.freeradius.org/show_bug.cgi?id=609
> >>
> >> > As far as I know the Prompt attribute is not
> mandatory
> >> for RFC 2865 compliance, in fact this attribute is
> specified
> >> into RFC 2869 - Radius Extensions.
> >> >
> >> > The question is: will the Prompt attribute be
> >> supported in a future release of the PAM service
> module?
> >>
> >> Possibly, yes.
> >>
> >> Alan DeKok.
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
Unisciti alla community di Io fotografo e video, il nuovo corso di fotografia di Gazzetta dello sport:
http://www.flickr.com/groups/iofotografoevideo
More information about the Freeradius-Users
mailing list