(code attached at the end)

i am developing a pam module for blocking multiple failed attempts from
the same host. with sqlite3 i had run into database locking problem so i
am trying to switch the database to postgresql (using postgres-pr 0.4.0
driver with DBI).

the error in the auth.log is:
Jan 24 13:27:34 whirpool sshd[5771]: [pam_ruby] exception:
#<SystemStackError: stack level too deep>
Jan 24 13:27:34 whirpool sshd[5771]: [pam_ruby]
["/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:476:in `==='",
"/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:476:in `load_type_map'",
"/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:467:in `each'",
"/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:467:in`load_type_map'",
"/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:105:in `initialize'",
"/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:55:in `new'",
"/usr/lib/ruby/1.8/DBD/Pg/Pg.rb:55:in `connect'",
"/usr/lib/ruby/1.8/dbi/dbi.rb:584:in `connect'",
"/usr/lib/ruby/1.8/dbi/dbi.rb:384:in `connect'",
"/lib/security/ruby/hostblock.rb:76",
"/lib/security/ruby/hostblock.rb:71:in `call'"]
Jan 24 13:27:34 whirpool sshd[5771]: fatal: PAM: pam_setcred(): System
error

the :authenticate part works as it should but the :setcred part fails
consistently on DBI.connect(...).

the DBI with postgres-pr works ok from irb.

any ideas how to progress on this?

vladimir

ps: the code:

["/usr/local/lib/site_ruby/1.8",
"/usr/local/lib/site_ruby/1.8/i386-linux", "/usr/local/lib/site_ruby",
"/usr/lib/ruby/1.8", "/usr/lib/ruby/1.8/i386-linux","."].each {|x|
$:.push(x)}

require 'rubygems'
require 'dbi'

# how many failed attemts to tolerate
MAX_ATTEMPTS = 10

# database descriptor for the "host" table - passed to DBI.connect
DATABASE = 'DBI:pg:hostblock:localhost'

# where is the system command for logging to files
LOGGER = '/usr/bin/logger'

PAM.dispatch(:authenticate) {|pamh, flags, args|
  dbh = DBI.connect(DATABASE, 'postgres', 'postgres')
  result = dbh.execute("select * from host where name =
'#{pamh.get_item(PAM::PAM_RHOST)}'")

  rows = result.fetch_all()

  if rows.empty?
    dbh.do("insert into host values ('#{pamh.get_item(PAM::PAM_RHOST)}',
0, 0)")
  end

  dbh.do("update host set attempt_count = attempt_count + 1 where name =
'#{pamh.get_item(PAM::PAM_RHOST)}'")
  result = dbh.execute("select * from host where name =
'#{pamh.get_item(PAM::PAM_RHOST)}'")
  rows = result.fetch_all()

  if rows[0][1] > MAX_ATTEMPTS
    system("#{LOGGER} -p auth.debug -t hostblock.rb
#{pamh.get_item(PAM::PAM_SERVICE)} blocking: #{rows[0][0]},
#{rows[0][1]}")
    dbh.disconnect()
    raise PAM::PAM_AUTH_ERR
  end

  dbh.disconnect()

}

PAM.dispatch(:acct_mgmt) {|pamh, flags, args|
  system("#{LOGGER} -p auth.debug -t hostblock.rb :acct_mgmt")
  if false
    raise PAM::PAM_PERM_DENIED
  end
}

PAM.dispatch(:open_session){|pamh, flags, args|
  system("#{LOGGER} -p auth.debug -t hostblock.rb :open_session")
    # raise PAM::PAM_SESSION_ERR, "not available"
}
PAM.dispatch(:close_session){|pamh, flags, args|
  raise PAM::PAM_SESSION_ERR, "not available"
}
PAM.dispatch(:chauthtok){|pamh, flags, args|
  raise PAM::PAM_AUTHTOK_ERR, "not available"
}
PAM.dispatch(:setcred){|pamh, flags, args|
  if flags == PAM::PAM_DELETE_CRED
    return PAM::PAM_SUCCESS
  end
  begin
    dbh = DBI.connect(DATABASE, 'postgres', 'postgres')
    dbh.do("update host set attempt_count = 0 where name =
'#{pamh.get_item(PAM::PAM_RHOST)}'")
  rescue DBI::DatabaseError
    system("#{LOGGER} -p auth.debug -t hostblock.rb :setcred
DBI::DatabaseError")
  ensure
    dbh.disconnect()
  end
}

# eof

-- 
Posted via http://www.ruby-forum.com/.