Date: Wed, 13 Nov 2002 13:04:26 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Jacques Vidrine <nectar@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_krb5 pam_krb5.c Message-ID: <Pine.NEB.3.96L.1021113130347.91561H-100000@fledge.watson.org> In-Reply-To: <200211131746.gADHkF68049244@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Does this fix the 5.0 interaction problems with Kerberos5 PAM, or are there still issues left? I've been setting up a box locally to see if I could figure out the problems, but I can give up if you think things re fixed :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories On Wed, 13 Nov 2002, Jacques Vidrine wrote: > nectar 2002/11/13 09:46:15 PST > > Modified files: > lib/libpam/modules/pam_krb5 pam_krb5.c > Log: > The pam_krb5 module stored a reference to a krb5_ccache structure as > PAM module state (created in pam_sm_authenticate and referenced later > in pam_sm_setcred and pam_sm_acct_mgmt). However, the krb5_ccache > structure shares some data members with the krb5_context structure > that was used in its creation. Since a new krb5_context is created > and destroyed at each PAM entry point, this inevitably caused the > krb5_ccache structure to reference free'd memory. > > Now instead of storing a pointer to the krb5_ccache structure, > we store the name of the cache (e.g. `MEMORY:0x123CACHE') in > pam_sm_authenticate, and resolve the name in the other entry points. > > This bug was uncovered by phkmalloc's free'd memory scrubbing. > > Approved by: re (jhb) > > Revision Changes Path > 1.11 +42 -20 src/lib/libpam/modules/pam_krb5/pam_krb5.c > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1021113130347.91561H-100000>