Giter VIP home page Giter VIP logo

pam_af's People

Contributors

stass avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

Forkers

rhialto

pam_af's Issues

pam_af_tool hangs

I was attempting to periodically unlock old blocks and restore locks on startup using following crontab entries:

*/5    *       *       *       *       root    /usr/local/sbin/pam_af_tool unlock > /dev/null 2>&1
@reboot                                root    /usr/local/sbin/pam_af_tool lock

Unfortunately sometimes it will hang in the resolver and I think block db thus blocking further invocations. For some reason it will also eat 100% of cpu and hang like that forever.

Maybe host stats should include ip address to avoid using resolver for above operations (in addition to fixing whatever causes it to hang) ?

Does not work with OpenSSH

It should be noted in documentation that it doesn't work with sshd as one would expect.

OpenSSH will not invoke PAM if a user does not exist, see openssh-portable/1215. Also it won't be invoked for disallowed and password-less authentication schemes.

An option could be added to sshd to invoke pam_authenticate with invalid/empty password in case of earlier failure.

pam_af_tool unlock crashes

When compiled with default flags on FreeBSD (-O2) it will crash while unlocking this list: https://gist.github.com/1378993.

# env LD_PRELOAD=/home/obj/usr/src/lib/libc/libc.so.7 pam_af_tool/pam_af_tool unlock
Segmentation fault (core dumped)
# gdb73.1 pam_af_tool/pam_af_tool pam_af_tool.core
GNU gdb (GDB) 7.3.1 [GDB v7.3.1 for FreeBSD]
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-portbld-freebsd8.2".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/pub/freebsd/ports.build/ghost/usr/ports/security/pam_af/work/pam_af-1.0.2/pam_af_tool/pam_af_tool...done.
[New process 100106]
Core was generated by `pam_af_tool'.
Program terminated with signal 11, Segmentation fault.
#0  0x281107c6 in arena_run_reg_dalloc (run=0x2822b000, bin=0x804dc00, ptr=0x2822b050, size=0) at /usr/src/lib/libc/stdlib/malloc.c:2544
2544            run->regs_mask[elm] |= (1U << bit);
(gdb) bt full
#0  0x281107c6 in arena_run_reg_dalloc (run=0x2822b000, bin=0x804dc00, ptr=0x2822b050, size=0) at /usr/src/lib/libc/stdlib/malloc.c:2544
        diff = 4160431152
        regind = 4160431152
        elm = 130013473
        bit = 16
        log2_table = "\000\001\000\002\000\000\000\003\000\000\000\000\000\000\000\004", '\000' <repeats 15 times>, "\005", '\000' <repeats 31 times>, "\006", '\000' <repeats 63 times>, "\a"
        qsize_invs = {43691, 32769, 26215, 21846, 18725}
        csize_invs = {10923, 8193, 6554, 5462, 4682}
        ssize_invs = {2731, 2049, 1639, 1366, 1171, 1025, 911, 820, 745, 683, 631, 586, 547}
#1  0x28110486 in arena_dalloc_small (arena=0x804dbf0, chunk=0x28200000, ptr=0x2822b050, mapelm=0x28200214) at /usr/src/lib/libc/stdlib/malloc.c:3625
        run = 0x2822b000
        bin = 0x804dc00
        size = 0
#2  0x28111351 in arena_dalloc (arena=0x804dbf0, chunk=0x28200000, ptr=0x2822b050) at /usr/src/lib/libc/stdlib/malloc.c:3872
        pageind = 43
        mapelm = 0x28200214
#3  0x28111207 in idalloc (ptr=0x2822b050) at /usr/src/lib/libc/stdlib/malloc.c:3890
        chunk = 0x28200000
#4  0x28114065 in free (ptr=0x2822b050) at /usr/src/lib/libc/stdlib/malloc.c:5479
No locals.
#5  0x0804ac27 in handle_unlock (argc=1, argv=0xbfbfe9a0) at ./pam_af_tool/pam_af_tool.c:1170
        host = 0x0
        flags = 0
        ret = <optimized out>
        ch = <optimized out>
        hosts = 0x2822b058
        hosts0 = 0x2822b050
        hstp = <optimized out>
#6  0x0804b2da in main (argc=1, argv=0xbfbfe99c) at ./pam_af_tool/pam_af_tool.c:170
No locals.
(gdb) up 5
#5  0x0804ac27 in handle_unlock (argc=1, argv=0xbfbfe9a0) at ./pam_af_tool/pam_af_tool.c:1170
1170                    free(hosts0);
(gdb) p hosts0
$1 = (struct host_list *) 0x2822b050
(gdb) p *hosts0
$2 = {host = 0x28229bb0 "2002:4e08:934d:0:dddd:6f1d:c9dc:459a", next = 0x2822b058}

With -O it works fine.
BTW. your makefile has hardcoded cflags and ignores whatever is passed by ports.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.