Patchwork [0/1] quagga: add pam support for vtysh

login
register
mail settings
Submitter Hongxu Jia
Date Nov. 8, 2013, 4:32 a.m.
Message ID <cover.1383884700.git.hongxu.jia@windriver.com>
Download mbox
Permalink /patch/61311/
State New, archived
Headers show

Pull-request

git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam

Comments

Hongxu Jia - Nov. 8, 2013, 4:32 a.m.
Test Case:
1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
   quagga.

2. On target:
1) cat /etc/pam.d/guagga
#
# The PAM configuration file for the quagga `vtysh' service
#

# This allows root to change user infomation without being
# prompted for a password
auth		sufficient	pam_rootok.so

# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth       include      common-auth

2) add option debug to pam_rootok.so
 auth	    sufficient	pam_rootok.so debug

3) pam_rootok.so
run command vtysh as root, enter qemu0#:
root@qemu0:~# vtysh 

Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

qemu0# 
log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded

4) pam_unix.so
the content of common-auth are shown at section "Common configure files"
comment the configure file quagga pam_rootok.so line, because it will make pam return success:
 #auth		sufficient	pam_rootok.so
and modify the pam_unix.so line in common-auth to remove nullok_secure:
 auth	[success=1 default=ignore]	pam_unix.so debug

5) run commands with invalid password:
root@qemu0:~# vtysh 
Password: 
root@qemu0:~# 
log in /var/log/message(or /var/log/auth.log):
2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost=  user=root

//Hongxu


The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:

  dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)

are available in the git repository at:

  git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam

Hongxu Jia (1):
  quagga: add pam support for vtysh

 meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
 meta-networking/recipes-protocols/quagga/quagga.inc       | 13 ++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
Hongxu Jia - Nov. 8, 2013, 8:34 a.m.
On 11/08/2013 12:32 PM, Hongxu Jia wrote:
> Test Case:
> 1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
>     quagga.
>
> 2. On target:
> 1) cat /etc/pam.d/guagga

s/guagga/quagga/

//Hongxu

> #
> # The PAM configuration file for the quagga `vtysh' service
> #
>
> # This allows root to change user infomation without being
> # prompted for a password
> auth		sufficient	pam_rootok.so
>
> # The standard Unix authentication modules, used with
> # NIS (man nsswitch) as well as normal /etc/passwd and
> # /etc/shadow entries.
> auth       include      common-auth
>
> 2) add option debug to pam_rootok.so
>   auth	    sufficient	pam_rootok.so debug
>
> 3) pam_rootok.so
> run command vtysh as root, enter qemu0#:
> root@qemu0:~# vtysh
>
> Hello, this is Quagga (version 0.99.21).
> Copyright 1996-2005 Kunihiro Ishiguro, et al.
>
> qemu0#
> log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
> 2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded
>
> 4) pam_unix.so
> the content of common-auth are shown at section "Common configure files"
> comment the configure file quagga pam_rootok.so line, because it will make pam return success:
>   #auth		sufficient	pam_rootok.so
> and modify the pam_unix.so line in common-auth to remove nullok_secure:
>   auth	[success=1 default=ignore]	pam_unix.so debug
>
> 5) run commands with invalid password:
> root@qemu0:~# vtysh
> Password:
> root@qemu0:~#
> log in /var/log/message(or /var/log/auth.log):
> 2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost=  user=root
>
> //Hongxu
>
>
> The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:
>
>    dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)
>
> are available in the git repository at:
>
>    git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
>
> Hongxu Jia (1):
>    quagga: add pam support for vtysh
>
>   meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
>   meta-networking/recipes-protocols/quagga/quagga.inc       | 13 ++++++++++++-
>   2 files changed, 25 insertions(+), 1 deletion(-)
>   create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
>
Joe MacDonald - Nov. 26, 2013, 4:23 p.m.
The latest (and slightly tweaked to resolve a trivial conflict) version
merged.  Thanks.
-J.

[[oe] [PATCH 0/1] quagga: add pam support for vtysh] On 13.11.08 (Fri 12:32) Hongxu Jia wrote:

> Test Case:
> 1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
>    quagga.
> 
> 2. On target:
> 1) cat /etc/pam.d/guagga
> #
> # The PAM configuration file for the quagga `vtysh' service
> #
> 
> # This allows root to change user infomation without being
> # prompted for a password
> auth		sufficient	pam_rootok.so
> 
> # The standard Unix authentication modules, used with
> # NIS (man nsswitch) as well as normal /etc/passwd and
> # /etc/shadow entries.
> auth       include      common-auth
> 
> 2) add option debug to pam_rootok.so
>  auth	    sufficient	pam_rootok.so debug
> 
> 3) pam_rootok.so
> run command vtysh as root, enter qemu0#:
> root@qemu0:~# vtysh 
> 
> Hello, this is Quagga (version 0.99.21).
> Copyright 1996-2005 Kunihiro Ishiguro, et al.
> 
> qemu0# 
> log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
> 2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded
> 
> 4) pam_unix.so
> the content of common-auth are shown at section "Common configure files"
> comment the configure file quagga pam_rootok.so line, because it will make pam return success:
>  #auth		sufficient	pam_rootok.so
> and modify the pam_unix.so line in common-auth to remove nullok_secure:
>  auth	[success=1 default=ignore]	pam_unix.so debug
> 
> 5) run commands with invalid password:
> root@qemu0:~# vtysh 
> Password: 
> root@qemu0:~# 
> log in /var/log/message(or /var/log/auth.log):
> 2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost=  user=root
> 
> //Hongxu
> 
> 
> The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:
> 
>   dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)
> 
> are available in the git repository at:
> 
>   git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
>   http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
> 
> Hongxu Jia (1):
>   quagga: add pam support for vtysh
> 
>  meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
>  meta-networking/recipes-protocols/quagga/quagga.inc       | 13 ++++++++++++-
>  2 files changed, 25 insertions(+), 1 deletion(-)
>  create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
>