From nobody Tue Apr 25 17:26:16 2023 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q5TSH21rNz46T1n for ; Tue, 25 Apr 2023 17:26:23 +0000 (UTC) (envelope-from zmey20000@yahoo.com) Received: from sonic316-54.consmr.mail.gq1.yahoo.com (sonic316-54.consmr.mail.gq1.yahoo.com [98.137.69.30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q5TSG4L3nz41w8 for ; Tue, 25 Apr 2023 17:26:22 +0000 (UTC) (envelope-from zmey20000@yahoo.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yahoo.com header.s=s2048 header.b="b/u+eKQb"; spf=pass (mx1.freebsd.org: domain of zmey20000@yahoo.com designates 98.137.69.30 as permitted sender) smtp.mailfrom=zmey20000@yahoo.com; dmarc=pass (policy=reject) header.from=yahoo.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682443581; bh=D7AGyFKgu7m4c8lXv+W+bRTEaq4OhV5hT6sfmleup4E=; h=Date:To:From:Subject:References:From:Subject:Reply-To; b=b/u+eKQb8OUP41UHTzUmQArIjmxA+cJCNVIUGAK2uUz9PHHsxLi5TmdrJwxWoa1HtEYrIzwu1oryatT1ieUfjg+uyiW/FKx3WO0mq+S7rtF2ZQOrqutuOtmcXeDqm9vc9pB1ATzQtjWrIL+FfE0BaM+XaZuNUYCHPFHnMJjdAY5VxGDM3uWwQ7CeqcplitqoSiVSWVyMSjpDU4kLs6ZFqBSeM6Bv+x0DWU6UyjHvOkZLaz5HQT3WqOFgcv96tHA4ziQhaH2VmIILRkJqB3n3Q5CoPYsln6r6hi+7xIThwmdrwHF9jh5Gn3OpOKkl3IOYPWM4t0XaJSX+WRt0tU8ngQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682443581; bh=WtOHEa6lAGLycyzHQVrHGBZswjsJTbAhk+jDTVaSydN=; h=X-Sonic-MF:Date:To:From:Subject:From:Subject; b=KifCSVxj/O8AqgzK8YapHt68UHnfoti+U63ivsVpyE/TSrCzn/7OVLBPaTQZXJMzFPaFMdtW23p1QRLrwy+QuEUILuErmR3IGzDRBzm7Oi7V5n6A8mUMLLTJ3xlRdf2d4FX0BddjqQwPdpqN53575YBZkchaKUdGkTvzi+uvsuQX0iSCNfBCeYh2xG2YbOEDIhzbxxOiH2qxHumlqZcKdlFNwcN1lP3xKlASvCSnLh4WMrbrkJc7222PfBZfyefVj9oGX4y4RxYxaFe0czWW44VH/Ztpt6Bjsh0DJYsu0NzbXYt4VdCHGaExnKcELpRl/pFoUSVbEpmEqgOqq5PrVw== X-YMail-OSG: _JYWZt8VM1l8wT1JOxHZGe6pudiUPjGhsJMUiFDjs7G04HZjB_Gv3rm9EJ1eouF VUzbOWMXjKOry9OZyBmwuA3yKb18d8IgSDd5YGHom8_w7.6HhO3ij3W68yBF4Wb4TI31EWB.Fn09 NSvWg24oL3FOIdfEinsczlWLemwUGLs9bnX_6gIU6EKFfGPGbYyifODXSm7_p.6KwghG3TjrwaL1 LVybiJ6oFZczg5cB9sBgxfPKI8mmK4lozVodE4_0dtxGPVIlY4vYWQEft4jzgmzRSEvyy_jSMb.G 2AvWHu8wCekqEJQPcFfxMnUHRmZoKmi3zlpnFKaVJD9aJ7fiklW2gdzT61eFt.SevgOwmfhSU59s Nu6jGhx.iYb3CMU7BksuOv_Ubn36He1wHKO2WLmTIIZSZ7QF1Ly85iM2m2u7F31jIBw31Fg9jkNF ehwvnUzd8gPlsvBbS60a3Nd06eVUF2EeOK7arU3xKTKq961TFoeJo_ZLFXquWGH2ODvCIlFikptF lLoAk511ZgScyegOGNTunV4st2cbKbhHczlUtfh0DE_sJrcunQIpiuxRJ3RRzEMSayrPaGwRMc6J fL9F9yzYBxvfQV.d525e7dGEayw7.r5uz6Y05KMaJ38w0RASOGd6ADt4okrsGQ8Exy1Yw5qlkzKT HyT_zQd5pHuafWDQGTPUa7hOwO7W6gbzBcmUEPYJQPOzf9fv0UqpUWHZi1ZikZzoXi20CIdEN99a NICQb9Gh1RJ06P4n5n7Hz7ibWV_PrhIAEBwtT1R_pd.9XJgdzhHWP9SF8G2jik0X4t1Srxzug06L 31VSTNEdOmUd5R62ZEpS0Jt11H822NSn7XA8roroUL_X6klHptlrlEtQZDeyib7D.xteQMewe86K iWA487tN42kKMJQ0C91SLmP4Bjfx23dQs6Fr6URXR7.JRJjpNPYsdvtEnoudoXmoVMrRAGgsRqyS GCsCM_0Bv_UNgY_qgq9uBiOCSCcRpf_KlhWIHef1IHHa8PxxbCvav7p1tfC1pbEgbBQb.z_CNVWS NlMTRkKJy.RxNg4UPeb0lRcx1OfvCvmgBgrvpTP5__N6VzFdGWkeUCi9fO1R1js0Po_mivmN25kV XT83CmaqKYxLp2xT5ipoZu6dFA0n2MRhw6TeS_D_fSl3vuE2bP2lCxfLng.rRlmODzW5H10HyD_S GS76QwjGSYfkLHSek3nm22CN2wqDmElYv2xshUfLYMOsPgOfVlTCuhr2WecP_kcE_IzLqRnHg3b3 Gpg2anr8MYKo1S7LDzieZ7Fztcrtl7wOnyM07Ex6_MJz1j3dPFS8gW6X2zwlDmliHicEu0FO0wr3 LeDo2rfo_jtlgdShGY0_2125lB9cmNsRef.NwvP9ZUUWKsJ4MnQTMlhjoCZCCwIPoFU43UJ8W35P mXfvjI_RXtfmMHFBtPW.I_L6oQxloIgpCoGfcb36gKn8hr7NkGOg4daWDGymBa4gxSyMGBFjhWQH L9phKN3rEYFH6d705mZxTTMHRnbhGhalN7V09CV3ipSCK6PwzcOneYZpsOeSCoSCTizLJ4aU0Asp hrkr6zyxCI_7DaBApVkt8Ok8VjvxTcSEUcBbCFGiCQMwrTIrOTya38cuIEZ12HRPJAWRq1cBYLG5 .T2c8.amcBGZ2MU2d0sqoVt.lkquSmzIO7pKZLAq.edrmyFHbbolh0fcF..QDzmrp7_zlZvcQpTQ z6kZqF4D6xvgjbjj6UBv5q817J8IutUWbjTWmxvk4BmwQ5sml89NX38gCdW.h6dsyvXQtXizyiR0 IVu936H4aB48F8dQzoLztNtdFPyzkn7y4jRxb.UmI7Y1OGI9ADoSQC9H9uEekB6qSkGVESMARIGJ 6mk2knGVUEgvje5fBLug6BXY2al5cEJBjeCGn7icoIU993v1CkTJoSNtOSeIpve5VrpAOK.oJV6s bxvDArbQjSawZ0hGjenZ.ADDUb7YwraD1xVy3kD0kxmALqq1pkgna4_q3x.UKvSCsUOLMNrGtRp4 U8r.uFHpZh8q2IpynbcSF44ANFlPnhNDT3I1.Kw2veZ68g7RiEGR3zTXYY8kcORGElE.wQDBbQIh fYgVCd9B_5ydCQr4kkYUHTtSEOc1nAch1tl7OvoB5z_jJFuzcrv4nomu50S09OW57Mp_a8hGEUNW v4jDwKUC.d.4.lIZf7mwK3lulagwF4prIzBuUkvsVkrnp7O1ZknxKV2nR13iSnkYpYHPIA9FyMOx 9F4BnFc0Ff.xZ5YasmA-- X-Sonic-MF: X-Sonic-ID: a4b3d2b7-24c1-4fda-961a-cfc7046839f0 Received: from sonic.gate.mail.ne1.yahoo.com by sonic316.consmr.mail.gq1.yahoo.com with HTTP; Tue, 25 Apr 2023 17:26:21 +0000 Received: by hermes--production-ir2-74cd8fc864-qfvhg (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 606758c51f075585b0ccea8c86884ebd; Tue, 25 Apr 2023 17:26:17 +0000 (UTC) Message-ID: Date: Tue, 25 Apr 2023 19:26:16 +0200 List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Content-Language: en-US To: freebsd-hackers@FreeBSD.org From: Mikhail Zakharov Subject: Interacting with PAM issues Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit References: X-Mailer: WebService/1.1.21365 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-Spamd-Result: default: False [-3.11 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[yahoo.com,reject]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; R_DKIM_ALLOW(-0.20)[yahoo.com:s=s2048]; NEURAL_HAM_SHORT(-0.11)[-0.110]; MIME_GOOD(-0.10)[text/plain]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US]; MLMMJ_DEST(0.00)[freebsd-hackers@FreeBSD.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[yahoo.com]; RCVD_IN_DNSWL_NONE(0.00)[98.137.69.30:from]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FREEMAIL_FROM(0.00)[yahoo.com]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[yahoo.com:+]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DWL_DNSWL_NONE(0.00)[yahoo.com:dkim] X-Rspamd-Queue-Id: 4Q5TSG4L3nz41w8 X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N Hi, I'm trying to write a custom PAM conversation function and perform authentication (re-check password) for my already logged in user. Below is the function: int pam_conv(int n, const struct pam_message **msg, struct pam_response **resp,  void *data) {     struct pam_response *pr;     int i;     if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR;     if ((pr = calloc(n, sizeof(*pr))) == NULL) return PAM_BUF_ERR;     for (i = 0; i < n; i++) {         pr[i].resp = NULL;         pr[i].resp_retcode = 0;         switch (msg[i]->msg_style) {             case PAM_PROMPT_ECHO_OFF:             case PAM_PROMPT_ECHO_ON:                 pr[i].resp = strdup(passwd);                 break;             case PAM_ERROR_MSG:             /* Do we need this? */             case PAM_TEXT_INFO:                 fprintf(stderr, "\n\r%s\n", msg[i]->msg);                 break;             default:                 /* Clear possible passwords in responces; then free memory */                     for (i = 0; i < n; i++)                         if (pr[i].resp) {                             memset(pr[i].resp, 0, strlen(pr[i].resp));                             free(pr[i].resp);                         }                 free(pr);                 *resp = NULL;                 return PAM_CONV_ERR;         }     }     *resp = pr;     return PAM_SUCCESS; } And that's how I call it: int pam_auth(char *user) {     static pam_handle_t *pamh;     static struct pam_conv pamc;     int rval;     char *tty_name;     pamc.conv = &pam_conv;     /* Pretend we want login service */     rval = pam_start("login", user, &pamc, &pamh);     tty_name = ttyname(STDIN_FILENO);     if (rval == PAM_SUCCESS) rval = pam_set_item(pamh, PAM_TTY, tty_name);     if (rval == PAM_SUCCESS) rval = pam_authenticate(pamh, 0);     if (pam_end(pamh, rval) != PAM_SUCCESS) pamh = NULL;     return rval == PAM_SUCCESS ? 0 : 1; } Well, PAM login, allows to login as the same user without checking a password: # auth auth            sufficient      pam_self.so             no_warn auth            include         system When trying other services e.g. "system", "ssh", "other" pam_authenticate() return Authentication error, PAM error 9. What do I do wrong? Surprisingly, I do not see the same issue on Mac and Centos. Best, Mikhail Zakharov