I've modified checkpw_cleanup in src/osdep/unix/ckp_pam.c to see if the
logout hook was being executed in the 2004a source upon POP logout.
static void checkpw_cleanup (pam_handle_t *hdl)
{
openlog("ipop3d",LOG_PID,LOG_MAIL);
syslog(LOG_WARNING, "setting logout hook\n");
closelog();
pam_setcred (hdl,PAM_DELETE_CRED);
#if 0 /* see checkpw() for why this is #if 0 */
pam_close_session (hdl,NIL); /* close session [uw]tmp */
#endif
pam_end (hdl,PAM_SUCCESS);
}
Nothing was logged to SYSLOG. Hence I'm pretty sure that the hook isn't
being called. Also, in reading the PAM API documentation I think that
pam_setcred should be called before pam_close_session which is why I
changed that also.
-----Original Message-----
From: Jason Sauve
Sent: Monday, September 13, 2004 10:16 AM
To: 'Mark Crispin'
Cc: '[EMAIL PROTECTED]'
Subject: RE: Possible IMAP Bug Causes IMAP with PAM_KRB5 to rapidly
deplete INODEs and DISK space
Mark,
I've compiled the 2004a version currently available on the website
(md5sum 34d2c66271302cd2f926094fb5e8705d), and have also tested the
development version of 2004b. As per inspection, both versions DO
contain a logout hook built into src/osdep/unix/ckp_pam.c, but still do
not cleanup pam credentials properly (in this case kerberos tickets in
/tmp). Why this is I am not sure, but this appears to be a bug in the
code still.
Jason
-----Original Message-----
From: Mark Crispin [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 11, 2004 12:45 AM
To: Jason Sauve
Subject: RE: Possible IMAP Bug Causes IMAP with PAM_KRB5 to rapidly
deplete INODEs and DISK space
On Fri, 10 Sep 2004, Jason Sauve wrote:
> The source I downloaded and compiled with to test just a few hours ago
> today was actually from ftp://ftp.cac.washington.edu/mail/imap.tar.Z
> (2004.88).
> If it was 2004a that I downloaded, then the issue doesn't appear to be
> resolved in this version as upon logout or disconnect the PAM kerberos
> ticket is still left in /tmp.
Are you certain that you were actually running the 2004a version of
imapd?
More than once, someone has said "it wasn't fixed by the new version"
when it turned out that they were still inadvertantly running the old
binary.
The routine which does the cleanup is checkpw_cleanup() in ckp_pam.c.
It is armed as the logout hook by checkpw() in the two mail_parameters()
calls near the end.
Since this is a software issue with the UW IMAP toolkit (c-client
library) instead of an IMAP protocol issue, any further discussion on
mailing lists should go to the [EMAIL PROTECTED] mailing list
instead of [EMAIL PROTECTED] Thanks.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
