[Bug 1396] New: When pam-authentication thread ends, it doesn' t call the function pam_end

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 7 01:45:45 EST 2007


https://bugzilla.mindrot.org/show_bug.cgi?id=1396

           Summary: When pam-authentication thread ends, it doesn't call the
                    function pam_end
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 4.7p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Keywords: patch
          Severity: normal
          Priority: P2
         Component: PAM support
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: opensshbug at centrum.sk


Created an attachment (id=1386)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1386)
missing call of pam_end at the end of the authenticating thread

I tried to use pam_abl module to avoid brute force dictionary attacks.
It didn't work as I expected (but only for my ssh server).
After some research I found out that the main thread in openssh creates
another thread to authenticate the user. At the beginning of this
thread the pam_abl module sets its own pam data with function
pam_set_data. This module counts on that at the end of authentication
those data are freed with given callback function. If the
authentication was not successful, host and user are recorded in the
database.
However at the end of the thread which authenticates the user, the pam
data are not explicitly freed (by example with function pam_end). I
created the patch to fix it.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list