1396 – When pam-authentication thread ends, it doesn't call the function pam_end

Bug 1396 - When pam-authentication thread ends, it doesn't call the function pam_end

Summary: When pam-authentication thread ends, it doesn't call the function pam_end

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	PAM support (show other bugs)
Version:	4.7p1
Hardware:	All Windows 7

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:	patch

Depends on:
Blocks:

Reported:	2007-12-07 01:45 AEDT by eMBecka
Modified:	2018-10-22 19:39 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
missing call of pam_end at the end of the authenticating thread (731 bytes, patch) 2007-12-07 01:45 AEDT, eMBecka	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description eMBecka 2007-12-07 01:45:42 AEDT

Created attachment 1386 [details]
missing call of pam_end at the end of the authenticating thread

I tried to use pam_abl module to avoid brute force dictionary attacks. It didn't work as I expected (but only for my ssh server).
After some research I found out that the main thread in openssh creates another thread to authenticate the user. At the beginning of this thread the pam_abl module sets its own pam data with function pam_set_data. This module counts on that at the end of authentication those data are freed with given callback function. If the authentication was not successful, host and user are recorded in the database.
However at the end of the thread which authenticates the user, the pam data are not explicitly freed (by example with function pam_end). I created the patch to fix it.