From: Alex Kinch [mailto:[email protected]]
Sent: Tuesday, 03 August, 2010 13:07
To: Rene Kluwen
Subject: Re: Kannel - PAM
Interesting. When I removed the pam user, and tried it using the hvg
account. It worked once, and returned unroutable. Then stopped working. If I
restart smsbox it works for one attempt then stops.
Like this:
http://109.169.28.113:13013/cgi-bin/sendsms?username=hvg
<http://109.169.28.113:13013/cgi-bin/sendsms?username=hvg&password=REMOVED&f
rom=alex&to=447838681200&text=hello>
&password=REMOVED&from=alex&to=447838681200&text=hello
I get:
Not routable. Do not try again.
.. on the first attempt, but then on the second onwards:
Authorization failed for sendsms
And if I restart smsbox, it works once, then the same again. On the first
attempt it checks via PAM (from /var/log/secure):
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - option verbose is set to
"1"
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_close_db()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_sm_authenticate()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_open_db()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_open_db()
returning 0.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_check_passwd()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_format_string()
called
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_quick_escape()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - SELECT password FROM
sms_users WHERE service = 'hvg' AND (active=1)
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_check_passwd()
returning 6.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_sql_log()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_sql_log()
returning 0.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_converse()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_open_db()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_check_passwd()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_format_string()
called
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_quick_escape()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - SELECT password FROM
sms_users WHERE service = 'hvg' AND (active=1)
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_check_passwd()
returning 0.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_sql_log()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_sql_log()
returning 0.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_sm_authenticate()
returning 0.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_release_ctx()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_destroy_ctx()
called.
Aug 3 12:02:44 intellimessage smsbox: pam_mysql - pam_mysql_close_db()
called.
Then from the second attempt onwards - nothing.
Interestingly enough, from the smsbox log (note the timestamps compared to
the above):
2010-08-03 12:02:44 [24438] [2] DEBUG: HTTP: Creating HTTPClient for
`80.3.79.173'.
2010-08-03 12:02:44 [24438] [2] DEBUG: HTTP: Created HTTPClient area
0x9d13a40.
2010-08-03 12:02:44 [24438] [3] INFO: smsbox: Got HTTP request
</cgi-bin/sendsms> from <80.3.79.173>
2010-08-03 12:02:44 [24438] [3] INFO: Starting PAM for user: hvg
2010-08-03 12:02:44 [24438] [3] INFO: sendsms used by <hvg>
2010-08-03 12:02:44 [24438] [3] INFO: sendsms sender:<kannel:hvg:alex>
(80.3.79.173) to:<447838681200> msg:<hello>
2010-08-03 12:02:44 [24438] [3] DEBUG: Stored UUID
c4f1402a-3e66-4f69-aee7-ec9f379273c2
2010-08-03 12:02:44 [24438] [3] DEBUG: message length 5, sending 1 messages
2010-08-03 12:02:44 [24438] [3] DEBUG: Status: 202 Answer: <Sent.>
2010-08-03 12:02:44 [24438] [3] DEBUG: Delayed reply - wait for bearerbox
2010-08-03 12:02:44 [24438] [0] DEBUG: Got ACK (1) of
c4f1402a-3e66-4f69-aee7-ec9f379273c2
2010-08-03 12:02:44 [24438] [0] DEBUG: HTTP: Resetting HTTPClient for
`80.3.79.173'.
2010-08-03 12:02:57 [24438] [3] INFO: smsbox: Got HTTP request
</cgi-bin/sendsms> from <80.3.79.173>
2010-08-03 12:02:57 [24438] [3] INFO: Starting PAM for user: hvg
2010-08-03 12:02:57 [24438] [3] WARNING: PAM auth failed for user: hvg
2010-08-03 12:02:57 [24438] [3] DEBUG: Status: 403 Answer: <Authorization
failed for sendsms>
2010-08-03 12:02:57 [24438] [3] DEBUG: HTTP: Resetting HTTPClient for
`80.3.79.173'.
2010-08-03 12:03:57 [24438] [1] DEBUG: Timeout for fd:24 appeares.
2010-08-03 12:03:57 [24438] [1] DEBUG: HTTP: Destroying HTTPClient area
0x9d13a40.
2010-08-03 12:03:57 [24438] [1] DEBUG: HTTP: Destroying HTTPClient for
`80.3.79.173'.
Looks like PAM on smsbox works once, then something breaks.
Alex
On 3 Aug 2010, at 11:22, Rene Kluwen wrote:
FYI
From: Alejandro Guerrieri [mailto:[email protected]]
Sent: Tuesday, 03 August, 2010 10:00
To: Rene Kluwen
Cc: Kannel list
Subject: Re: Kannel - PAM
Hrm, the patch maybe was outdated somehow?
You don't need the "pam" user anymore, perhaps that's also making noise?
Shouldn't, but try changing it for something else.
I suppose your "kannel" group in /etc/pam.d is valid, otherwise it wouldn't
work on smppbox right?
I'll give it a show myself, I suspect there's still something wrong with the
defines.
Regards,
Alex
On Tue, Aug 3, 2010 at 2:22 AM, Rene Kluwen <[email protected]> wrote:
I just stole your PAM code and used it for smppbox.
Works like a charm in smppbox. But. not in smsbox!!!
First, the configure script doesn't generate the necessary #define's. After
adding them, the pam service shows no activity at all but smsbox returns
with "authentication failure".
We tried with the simplest setup:
# pam testing
group = sendsms-user
username = pam
password = dummypassword
group = sendsms-pam-user
acl = kannel
# end pam testing
Do we miss something here?
