Package: libpam-openafs-session
Version: 1.0-5.1
Severity: normal
In pam_sm_close_session() in pam_openafs-krb5_sess.c, one finds the test
if (!pam_get_data (pamh, "aklog_run", &data) ) {
DLOG ("pam_close_session", "Aklog never run so not running unlog");
return PAM_SUCCESS;
}
However, pam_get_data() returns PAM_SUCCESS (a.k.a. 0) when the data is found,
which means that this test does the opposite of what was intended.
For example, a users su:ing to a user without a Kerberos password, will find
his tokens removed upon exit from su.
The test should be written
if (pam_get_data (pamh, "aklog_run", &data) != PAM_SUCCESS) {
In pam_sm_open_session() one finds
if ( pam_get_data (pamh, "aklog_run", &test_data) == 0) {
DLOG ("pM_open_session", "aklog already run");
return PAM_SUCCESS;
}
This test does come out right, but 0 should be replaced by PAM_SUCCESS
for clarity.
Thanks
Arne
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libpam-openafs-session depends on:
ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries
ii libpam-krb5 2.5-1 PAM module for MIT Kerberos
ii openafs-client 1.4.2-2 AFS distributed filesystem client
ii openafs-krb5 1.4.2-2 AFS distributed filesystem Kerbero
libpam-openafs-session recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
