[courier-users] Bug#669688: courier-authlib: does not call pam_end

Mon, 23 Apr 2012 01:26:22 -0700 

Hello,

I received a Debian bug report from Russ Albery on Courier's authlib.
Maybe someone can shed a light on this, as I have very little understanding
of PAM internals and authlib.

Thanks
        Racke

--snip--
Package: courier-authlib
Version: 0.63.0-4
Severity: normal

Note that I don't use Courier myself.  I found this bug while
investigating a problem reported against libpam-krb5.

authpam.c makes for rather surreal reading.  There's a large comment
that explains a complex and thorough philosophy for how the PAM code
is supposed to work, but then all the code that implements that is
removed with #if 0 and the actual code does something much simpler.

Unfortunately, while the comment and the other code was written by
someone who understands PAM library issues and complexity, the code
that's actually run never calls pam_end.  This means that any external
resources allocated by the PAM module, such as the Kerberos ticket
cache created by pam-krb5, are never released.

The #if 0 code does the right thing, but as long as the code works the
way it does now, a call to:

     pam_end(pamh, retval);

needs to be inserted after the call to dopam() in the p == 0 block.

-- System Information:
Debian Release: wheezy/sid
   APT prefers testing
   APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.1.0-1-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages courier-authlib depends on:
ii  expect    <none>
ii  libc6     2.13-27
ii  libgdbm3  1.8.3-10
ii  libltdl7  2.4.2-1
ii  libpam0g  1.1.3-7

courier-authlib recommends no packages.

courier-authlib suggests no packages.
--snap--



-- 
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to