From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 Description of problem: When an application is linked against libcrypto and uses pam for authentication the application will slip into an endless loop after a failed authentication attempt against kerberos if there has been a previous authentication (successful or un) So the first authentication attempt will not cause the loop, and any subsequent successful attempts will not cause the loop but as soon as an attempt (as long as it is not the first attempt) fails the application will slip into an endless loop at error_message() provided libcom_err (from e2fsprogs). sample program. ------------------------------------------------------------- #include <stdio.h> #include <security/pam_appl.h> static int _ar_pam_conversation(int nmsg, const struct pam_message **msg, struct pam_response **res, void *arg) { int i; struct pam_response *reply; if(nmsg <= 0) return PAM_CONV_ERR; reply = (struct pam_response *) malloc( sizeof( struct pam_response ) * ( nmsg + 1 ) ); memset(reply, 0, sizeof(struct pam_response) * nmsg); for(i = 0; i < nmsg; i++) { if(msg[i]->msg_style == PAM_PROMPT_ECHO_OFF || msg[i]->msg_style == PAM_PROMPT_ECHO_ON) { reply[i].resp = strdup((char *) arg); reply[i].resp_retcode = 0; } } *res = reply; return PAM_SUCCESS; } int main(int argc, char **argv) { struct pam_conv conv; pam_handle_t *pam; char * password; char * username; int ret; char buffer[1024]; while (1) { printf("Enter username: "); fgets(buffer, 1024, stdin); buffer[(strlen(buffer)-1)] = 0; username = malloc(strlen(buffer)+1); if ( username ) { strcpy(username, buffer); } else { return 1; } memset(buffer, 0, 1024); printf("Enter password: "); fgets(buffer, 1024, stdin); buffer[(strlen(buffer)-1)] = 0; password = malloc(strlen(buffer)+1); if ( username ) { strcpy(password, buffer); } else { free(username); return 1; } memset(buffer, 0, 1024); conv.conv = _ar_pam_conversation; conv.appdata_ptr = password; ret = pam_start("pamtest", username, &conv, &pam); if(ret != PAM_SUCCESS) { printf("There was a problem in pam_start()\n"); free(username); free(password); return 1; } ret = pam_authenticate(pam, 0); if(ret != PAM_SUCCESS) { printf("Pam authentication failed\n"); } if(ret == PAM_SUCCESS) { printf("Pam authentication succeeded\n"); } pam_end(pam, ret); free(username); free(password); } return 0; } ---------------------------------------------------------- if the above program is compiled with the command gcc -lpam -o outfile source.c and then outfile is executed then everything will work fine for repeated authentication attempts. if however it is compiled with the command gcc -lpam -lcrypto -o outfile source.c then the observerd bug will show up. This bahaviour has been replicated in RHEL 4 test2. Version-Release number of selected component (if applicable): pam_krb5-2.1.2-1 How reproducible: Always Steps to Reproduce: 1.Link application against libcrypto 2.attempt to login first time (successfully or not) 3.attempt to login a second time during the same app run (but after a pam_end ... pam_start) 4. only happens when kerberos authentication occurs Actual Results: endless loop Expected Results: should have timed out and failed gracefully with the appropriate error message. Additional info: Reproducable in RHEL 4 test2!!!
Created attachment 110237 [details] source file for sample application
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
Fedora Core 3 is not maintained anymore. Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the current Fedora release please reopen this bug.