Invalid argument with crypt

[Promarl]

When using the crypt function I'm getting the following error:

pam_mysql - something went wrong when invoking crypt() - Invalid argument
pam_mysql - pam_mysql_check_passwd() returning 6.

This is the pam.d/sshd config that is being used:

auth    optional        pam_mysql.so    user=xxxx passwd=xxxx db=xxxx table=users usercolumn=users.user passwdcolumn=users.password crypt=1 blowfish=true verbose=1
account required        pam_mysql.so    user=xxxx passwd=xxxx db=xxxx table=users usercolumn=users.user passwdcolumn=users.password crypt=1 blowfish=true verbose=1

pam-mysql version v0.8.1-30-g4f76d51

[NigelCunningham]

Thanks for the report. What distro / version, please? (So I can seek to reproduce the issue).

[rawlmz]

Same issue here on CentOS 7.9.2009.

[NigelCunningham]

Thanks for the report @rawlmz. Do you see this with the current code on the master branch?

[rawlmz]

I was testing it from a rpm package (0.8.1-0.22.el7.lux). So, I don't know if it still happens with the current master branch, sorry.

[NigelCunningham]

Ok; thanks!

[lukavia]

I have the same problem in debian 10 buster and the latest code. Interesting thig is that it works fine on Ubuntu 20.04 focal.

So far I haven't been able to figure out what is the diffrence

[lukavia]

OK. So I've tried debian 11 Bullseye and there blowfish works as expected. It appears that /usr/include/crypt.h in debian 10 is part of libc6-dev package where in Ubuntu and Debian Bullseye it is part of the libcrypt-dev package. So I guess that blowfish is just not implemented in debian 10. And infact the man reads: 2a | Blowfish (not in mainline glibc; added in some Linux distributions)

So our only option would be to either implement that particular check in the code or just accept that blowfish is not available in some cases.

[alphp]

This is my working configuration in RockyLinux 9.3

• OS: RockyLinux 9.3
• pam_mysql-1.0.0~beta1-4.el9.lux.x86_64

dnf install http://repo.iotti.biz/CentOS/9/noarch/lux-release-9-2.noarch.rpm
dnf install pam_mysql

/etc/pam.d/vsftpd

#%PAM-1.0
session     optional     pam_keyinit.so     force revoke
auth    required pam_mysql.so user=user_vsftpd passwd=secretpass host=localhost db=database table=users usercolumn=username passwdcolumn=password crypt=joomla15
account required pam_mysql.so user=user_vsftpd passwd=secretpass host=localhost db=database table=users usercolumn=username passwdcolumn=password crypt=joomla15

In database password column are blowfish.

If verbose=1 login fail:

Respuesta:	'$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' v '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' (<= 'aaaaaa'). Error = 0.

If crypt=1 blowfish=yes then fail:

Respuesta:	corrupted size vs. prev_size while consolidating

With verbose=1:

Respuesta:	'$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' v '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG' (<= 'aaaaaa'). Error = 0.

[NigelCunningham]

Thanks! I'll try to reproduce that.

[NigelCunningham]

Additional steps take to reproduce (for future convenience):

dns install mysql-server
systemctl enable mysqld
systemctl start mysqld
mysql
> create database db;
> use db;
> create table users ( username varchar(60), password varchar(128) );
> insert into users (username, password) VALUES ('user', '$2y$10$u0WSFSxkUxDU4eikH6aZBeg8w5IB0.8zwsqrBOIajYPkFIZFjdsWG');
> CREATE USER 'user_vsftpd'@'localhost' IDENTIFIED BY 'password';
> grant all privileges on db.* to 'user_vsftpd'@'localhost';
>exit
dnf install vsftpd
systemctl enable vsftpd
systemctl start vsftpd
dnf config-manager --set-enabled crb
dnf clean all
dnf install git-core meson mariadb-devel pam-devel gcc
git clone https://github.com/NigelCunningham/pam-MySQL.git