Serious Bug Report: OpenSSH

Ben Taylor bent at shell.clark.net
Wed Dec 8 02:25:54 EST 1999


On Tue, 7 Dec 1999, Damien Miller wrote:

Actually, while debugging another problem, I realized that the 
do_pam_accounting_and_session was getting called multiple times
until the authorization finally succeeded.  Since I'm in the middle
of a work around for the PAM bug in Solaris, and have split functionality
for do_pam_account and do_pam_session, I was able to move the code
to call do_pam_account into the segment [ if (authenticated) { return; } ]
around line 1277 in sshd.c.  The effect is that do_pam_account is called
only after the user has been authenticated.

Does this make sense?  I didn't think that calling
do_pam_account_and_session several times until the authentication had
taken place made sense.

I've got patches for Solaris in the works to use PTMX, utmpx instead of
utmp, and a fix to the PAM library to prevent the segfault.  It all
works and I'm in the middle of cleaning up the patch.  Solaris for
some reason ends up printing MOTD twice, but I think I can just
turn off MOTD in the config file.

Ben







More information about the openssh-unix-dev mailing list