Closed Jnchi closed 5 years ago
Jnchi
commented
5 years ago pamtester -v sshd jnchi authenticatepamtester: invoking pam_start(sshd, jnchi, ...)
pamtester: performing operation - authenticate
Connected
Enter the following code at https://aka.ms/devicelogin : BDNKF8HDY
Please hit enter after you have logged in.
Connected
no upn?
Segmentation fault (core dumped)See #6 for more info.
Jnchi
commented
5 years ago strace pamtester -v sshd jnchi authenticateopenat(AT_FDCWD, "/home/cyberninjas/Documents/C_aad/pam_aad/src/key.pem", O_RDONLY) = -1 ENOENT (No such file or directory)- const unsigned char *key = load_file("/home/cyberninjas/Documents/C_aad/pam_aad/src/key.pem");
Jnchi
commented
5 years ago pamtester: invoking pam_start(sshd, jnchi, ...)
pamtester: performing operation - authenticate
Connected
Enter the following code at https://aka.ms/devicelogin : B8TNPJ8LE
Please hit enter after you have logged in.
Connected
parsed
parsed
Connected
Segmentation fault (core dumped)Function Debug Trace
int poll_microsoft_for_token(char *code, char *resource_id, char *client_id, char *response_buf)int request_azure_oauth_token(char *code, char *resource_id, char *client_id, char *token_buf)static int *request_token(char *user_code, const char *resource_id, const char *client_id, const char *token_buf)request_azure_auth(pam_handle_t *pamh, int echocode, const char *resource_id, const char *client_id, const char *tenant, const char *token_buf)int parse_user_object_id(char *response_buf, char* user_object_id_buf)Note: By temporarily disabling required_group_id, the module no longer segmentation faults:
//if (azure_user_in_group(token_buf, params.required_group_id, params.tenant) == 0){
rc = PAM_SUCCESS;
//}pamtester -v sshd jnchi authenticate
pamtester: invoking pam_start(sshd, jnchi, ...)
pamtester: performing operation - authenticate
Connected
Enter the following code at https://aka.ms/devicelogin : BT9KQQNPU
Please hit enter after you have logged in.
Connected
parsed
parsed
Password:
pamtester: Authentication failurePAM Functions
pam_sm_authenticate()pam_sm_setcred()pam_sm_acct_mgmt() (missing)PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return PAM_SUCCESS;
}auth [success=2 default=ok] pam_debug.so auth=success cred=success
auth [success=2 default=ok] pam_debug.so cred=success
pamtester -v sshd jnchi authenticate
pamtester: invoking pam_start(sshd, jnchi, ...)
pamtester: performing operation - authenticate
Connected
Enter the following code at https://aka.ms/devicelogin : B9EKNA4BD
Please hit enter after you have logged in.
Connected
parsed
parsed
auth=success
pamtester: successfully authenticatedNote: Commented out aad.so line in /etc/pam.d/sshd and authentication still failed.
Nov 29 16:05:52 pam_aad pamtester: pam_unix(sshd:auth): authentication failure; logname= uid=1000 euid=1000 tty= ruser= rhost= user=jnchiPAM: Authentication failure, with valid password Switch on PAM debugging to Syslog
Nov 29 18:30:55 pam_aad unix_chkpwd[32649]: check pass; user unknown
Nov 29 18:30:55 pam_aad unix_chkpwd[32649]: password check failed for user (jnchi)
Nov 29 18:30:55 pam_aad pamtester: pam_unix(sshd:auth): authentication failure; logname= uid=1000 euid=1000 tty= ruser= rhost= user=jnchiNote: pamtester only works if testing from the same user account i.e. the user being authenticated; still cannot login via ssh.
Jnchi
commented
5 years ago /etc/ssh/sshd_config
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes
Debug Info