https://bugzilla.novell.com/show_bug.cgi?id=222473 jreuter@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Major Status|RESOLVED |REOPENED Resolution|WONTFIX | ------- Comment #2 from jreuter@novell.com 2006-11-19 11:45 MST ------- Hmm, but couldn't this have security implications for PAM modules that rely on the cleanup() function being called to remove private data? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=222473 ------- Comment #3 from nobs@tigress.com 2006-11-20 01:03 MST ------- Bug is still in Suse 10.1 I don't have spare systems for teting beta OS, sorry. I agree with Joerg. I don't think it is a good idea to postpone fixes in authorization software to updates. This is not a feature request or something like that; its a real bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=222473 kukuk@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Info Provider|nobs@tigress.com | Resolution| |WORKSFORME ------- Comment #5 from kukuk@novell.com 2006-11-26 02:10 MST ------- Works fine for me: Nov 26 10:03:52 rubicon2 pam_abl[18973]: PAM_RHOST is NULL Nov 26 10:03:52 rubicon2 pam_abl[18973]: Checking user test0 Nov 26 10:03:52 rubicon2 pam_abl[18973]: In cleanup, err is 00000007 Nov 26 10:03:52 rubicon2 pam_abl[18973]: Recording failed attempt Nov 26 10:03:52 rubicon2 pam_abl[18973]: PAM_RHOST is NULL # pam_abl Failed users: test0 (1) Not blocking Failed hosts: -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=222473#c7 Thorsten Kukuk <kukuk@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Major |Normal Status|REOPENED |NEEDINFO Info Provider| |richard.n.l.green@btinternet.com --- Comment #7 from Thorsten Kukuk <kukuk@novell.com> 2007-07-23 07:52:01 MST --- (In reply to comment #6 from Richard Green)

It seems I'm suffering from the same bug, or at least the same symptoms. Trying to get pam_abl to work on Suse 10.2; have installed pre-requisite Berkeley database 4.3 and added tons of debug entries to the source for pam_abl (http://sourceforge.net/projects/pam-abl) and the only way pam_abl can function is if cleanup gets called, but it doesn't seem to.

Comment #5 proves that it is working fine on openSUSE 10.2. Please provide anything more with which somebody can work, only complaining that it does not work does not help to solve your problem. But since only reports about pam_abl are coming, and we don't ship that, I guess it is more a configuration/compiling problem of pam_abl itself. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=222473#c9 --- Comment #9 from Richard Green <richard.n.l.green@btinternet.com> 2007-07-25 12:32:05 MST --- (In reply to comment #0 from Emil Obermayr)

A pam module that uses pam_set_data() to give a reference to a cleanup() function does not work. cleanup() is not called. Bug was found with pam_abl().

Sorry Thorsten, didn't want to appear to be complaining, and I didn't honestly expect the bug to be reopened. Thanks for checking it again, odd that it works for you and not me (or Emil); I've got a shiny new 10.2 install and it simply doesn't call the cleanup routine for pam_abl, although I don't know what to provide to show that. On further investigation it doesn't seem to be just OpenSUSE that is affected so I guess it must be a pam_abl problem, and the developer doesn't seem to have the time to support it anymore. Shame. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=222473#c11 --- Comment #11 from Thorsten Kukuk <kukuk@novell.com> 2007-07-25 12:40:25 MST --- Run pam_abl in debug mode and check the logs (maybe attach the relevant parts here). If you compile pam_abl, check for compiler warnings. My assumption is that some malloced data is free()'d to early or something similar, but for this somebody needs to review the code. Or that some code construct is miscompiled with newer gcc versions. Here I don't mean that gcc has a bug (which could be, of course), but that pam_abl uses a code construct which is not well defined in C or has some bad side effects. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.