| Summary: | pam handling change breaks pam_abl module | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Andy Feldt <feldt> | ||||||||
| Component: | PAM support | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||||
| Status: | CLOSED DUPLICATE | ||||||||||
| Severity: | normal | CC: | andy, dtucker | ||||||||
| Priority: | P2 | ||||||||||
| Version: | 4.6p1 | ||||||||||
| Hardware: | UltraSPARC | ||||||||||
| OS: | Solaris | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Andy Feldt
2007-04-21 05:24:20 AEST
Created attachment 1265 [details]
syslog output from sshd and pam_abl
Those cleanup messages are from pam_abl, not sshd. Have you contacted the pam_abl developers? Hi there, I'm the developer but I don't have access to Solaris to test against. If someone is able to build and test a patched version for me I can probably work out how to fix it. I am willing to attempt to test this on one of my Solaris systems. You can contact me directly via e-mail and we can work on any details. Thanks - Darren Tucker has already offered so I'm going to use his box. Created attachment 1312 [details]
Change prevents pam_end from being called with current status.
File shows problem introduced in session.c, version 1.346.
Created attachment 1314 [details] proposed patch for v. 4.6p1 This patch (based on the previous post) has corrected the problem on my Solaris 8 systems. I also still have a set of patches (based on those for 4.3p2) I apply to deal with the problem of sessions hanging at exit only for root logins. (See bug 926 - attachment from Tomas Mraz - this has not made it into the current version.) Patch id #1314 runs the risk of reintroducing the signal handler vulnerability fixed in 4.4 (CVE-2006-5051). There's a better patch in bug #1322 so I'm closing this one in favour of #1322. Please add any additional comments there. *** This bug has been marked as a duplicate of bug 1322 *** Close resolved bugs after release. |