Problem with pam_ruby + postgres-pr (stack level too deep)

(code attached at the end)

i am developing a pam module for blocking multiple failed attempts from
the same host. with sqlite3 i had run into database locking problem so i
am trying to switch the database to postgresql (using postgres-pr 0.4.0
driver with DBI).

the error in the auth.log is:
Jan 24 13:27:34 whirpool sshd[5771]: [pam_ruby] exception:
#<SystemStackError: stack level too deep>
Jan 24 13:27:34 whirpool sshd[5771]: [pam_ruby]
["/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:476:in ==='", "/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:476:inload_type_map’",
“/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:467:in each'", "/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:467:inload_type_map’”,
“/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:105:in initialize'", "/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:55:innew’”,
“/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:55:in connect'", "/usr/lib/ruby/1.8/dbi/dbi.rb:584:inconnect’”,
“/usr/lib/ruby/1.8/dbi/dbi.rb:384:in connect'", "/lib/security/ruby/hostblock.rb:76", "/lib/security/ruby/hostblock.rb:71:incall’”]
Jan 24 13:27:34 whirpool sshd[5771]: fatal: PAM: pam_setcred(): System
error

the :authenticate part works as it should but the :setcred part fails
consistently on DBI.connect(…).

the DBI with postgres-pr works ok from irb.

any ideas how to progress on this?

vladimir

ps: the code:

["/usr/local/lib/site_ruby/1.8",
“/usr/local/lib/site_ruby/1.8/i386-linux”, “/usr/local/lib/site_ruby”,
“/usr/lib/ruby/1.8”, “/usr/lib/ruby/1.8/i386-linux”,"."].each {|x|
$:.push(x)}

require ‘rubygems’
require ‘dbi’

how many failed attemts to tolerate

MAX_ATTEMPTS = 10

database descriptor for the “host” table - passed to DBI.connect

DATABASE = ‘DBI:pg:hostblock:localhost’

where is the system command for logging to files

LOGGER = ‘/usr/bin/logger’

PAM.dispatch(:authenticate) {|pamh, flags, args|
dbh = DBI.connect(DATABASE, ‘postgres’, ‘postgres’)
result = dbh.execute(“select * from host where name =
‘#{pamh.get_item(PAM::PAM_RHOST)}’”)

rows = result.fetch_all()

if rows.empty?
dbh.do(“insert into host values (’#{pamh.get_item(PAM::PAM_RHOST)}’,
0, 0)”)
end

dbh.do(“update host set attempt_count = attempt_count + 1 where name =
‘#{pamh.get_item(PAM::PAM_RHOST)}’”)
result = dbh.execute(“select * from host where name =
‘#{pamh.get_item(PAM::PAM_RHOST)}’”)
rows = result.fetch_all()

if rows[0][1] > MAX_ATTEMPTS
system("#{LOGGER} -p auth.debug -t hostblock.rb
#{pamh.get_item(PAM::PAM_SERVICE)} blocking: #{rows[0][0]},
#{rows[0][1]}")
dbh.disconnect()
raise PAM::PAM_AUTH_ERR
end

dbh.disconnect()

}

PAM.dispatch(:acct_mgmt) {|pamh, flags, args|
system("#{LOGGER} -p auth.debug -t hostblock.rb :acct_mgmt")
if false
raise PAM::PAM_PERM_DENIED
end
}

PAM.dispatch(:open_session){|pamh, flags, args|
system("#{LOGGER} -p auth.debug -t hostblock.rb :open_session")
# raise PAM::PAM_SESSION_ERR, “not available”
}
PAM.dispatch(:close_session){|pamh, flags, args|
raise PAM::PAM_SESSION_ERR, “not available”
}
PAM.dispatch(:chauthtok){|pamh, flags, args|
raise PAM::PAM_AUTHTOK_ERR, “not available”
}
PAM.dispatch(:setcred){|pamh, flags, args|
if flags == PAM::PAM_DELETE_CRED
return PAM::PAM_SUCCESS
end
begin
dbh = DBI.connect(DATABASE, ‘postgres’, ‘postgres’)
dbh.do(“update host set attempt_count = 0 where name =
‘#{pamh.get_item(PAM::PAM_RHOST)}’”)
rescue DBI::DatabaseError
system("#{LOGGER} -p auth.debug -t hostblock.rb :setcred
DBI::DatabaseError")
ensure
dbh.disconnect()
end
}

eof

i am developing a pam module for blocking multiple failed attempts from
the same host. with sqlite3 i had run into database locking problem so i
am trying to switch the database to postgresql (using postgres-pr 0.4.0
driver with DBI).

swapped the driver (used ruby-postgres - postgres.so C binding) and used
it without DBI.

not really sure why this one works…

vlad

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs