Victor J. Orlikowski
2001-Feb-26 18:09 UTC
2.5.1p1 on Redhat Linux 6.2 using PAM does not log closing of session
Hello all, On Redhat 6.2, the PAM_unix module logs the session opening, but not the session closing. This was logged as of 2.3.0p1. Upgrading to 2.5.1p1 makrs the start of the problem. Thanks in advance, Victor -- Victor J. Orlikowski =====================v.j.orlikowski at gte.net orlikowski at apache.org vjo at us.ibm.com
Damien Miller
2001-Feb-27 21:36 UTC
2.5.1p1 on Redhat Linux 6.2 using PAM does not log closing of session
On Tue, 27 Feb 2001, Pekka Savola wrote:> Looking at this, this looks like to be a real issue. Rather important as > well. > > in auth-pam.c, when do_pam_session (the same problem is with > do_pam_setcred), session_opened is set to 1 (tested with debugging). > > However, when the session closes, in do_pam_cleanup_proc: > > if (__pamh && session_opened) { > pam_retval = pam_close_session(__pamh, 0); > if (pam_retval != PAM_SUCCESS) > log("Cannot close PAM session[%d]: %.200s", > pam_retval, PAM_STRERROR(__pamh, pam_retval)); > } > > this check doesn't match; session_opened is still 0 and if (__pamh) is > used instead.I see - It is getting set in the child rather than the parent. I can't see how we can work around this. Basically we do a fork() pam_session() setuid() exec() If we change back to pam_session() fork() setuid() exec() Then things like pam_limits.so set limits for the ssh server process rather than the child. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer