pam-MySQL
pam-MySQL copied to clipboard
NigelCunningham
Invalid argument with crypt
When using the crypt function I'm getting the following error:
pam_mysql - something went wrong when invoking crypt() - Invalid argument
pam_mysql - pam_mysql_check_passwd() returning 6.
This is the pam.d/sshd config that is being used:
auth optional pam_mysql.so user=xxxx passwd=xxxx db=xxxx table=users usercolumn=users.user passwdcolumn=users.password crypt=1 blowfish=true verbose=1
account required pam_mysql.so user=xxxx passwd=xxxx db=xxxx table=users usercolumn=users.user passwdcolumn=users.password crypt=1 blowfish=true verbose=1
pam-mysql version v0.8.1-30-g4f76d51
Thanks for the report. What distro / version, please? (So I can seek to reproduce the issue).
Thanks for the report @rawlmz. Do you see this with the current code on the master branch?
I was testing it from a rpm package (0.8.1-0.22.el7.lux). So, I don't know if it still happens with the current master branch, sorry.
I have the same problem in debian 10 buster and the latest code. Interesting thig is that it works fine on Ubuntu 20.04 focal.
So far I haven't been able to figure out what is the diffrence
OK. So I've tried debian 11 Bullseye and there blowfish works as expected. It appears that /usr/include/crypt.h in debian 10 is part of libc6-dev package where in Ubuntu and Debian Bullseye it is part of the libcrypt-dev package. So I guess that blowfish is just not implemented in debian 10. And infact the man reads: 2a | Blowfish (not in mainline glibc; added in some Linux distributions)
So our only option would be to either implement that particular check in the code or just accept that blowfish is not available in some cases.
This is my working configuration in RockyLinux 9.3
- OS: RockyLinux 9.3
- pam_mysql-1.0.0~beta1-4.el9.lux.x86_64
dnf install http://repo.iotti.biz/CentOS/9/noarch/lux-release-9-2.noarch.rpm
dnf install pam_mysql
/etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_mysql.so user=user_vsftpd passwd=secretpass host=localhost db=database table=users usercolumn=username passwdcolumn=password crypt=joomla15
account required pam_mysql.so user=user_vsftpd passwd=secretpass host=localhost db=database table=users usercolumn=username passwdcolumn=password crypt=joomla15
In database password column are blowfish.
If verbose=1 login fail:
Respuesta: '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' v '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' (<= 'aaaaaa'). Error = 0.
If crypt=1 blowfish=yes then fail:
Respuesta: corrupted size vs. prev_size while consolidating
With verbose=1:
Respuesta: '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' v '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' (<= 'aaaaaa'). Error = 0.
Additional steps take to reproduce (for future convenience):
dns install mysql-server
systemctl enable mysqld
systemctl start mysqld
mysql
> create database db;
> use db;
> create table users ( username varchar(60), password varchar(128) );
> insert into users (username, password) VALUES ('user', '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG');
> CREATE USER 'user_vsftpd'@'localhost' IDENTIFIED BY 'password';
> grant all privileges on db.* to 'user_vsftpd'@'localhost';
>exit
dnf install vsftpd
systemctl enable vsftpd
systemctl start vsftpd
dnf config-manager --set-enabled crb
dnf clean all
dnf install git-core meson mariadb-devel pam-devel gcc
git clone https://github.com/NigelCunningham/pam-MySQL.git