Bug 235903 - [pam] ssh-agent is not killed at terminating session
Summary: [pam] ssh-agent is not killed at terminating session
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.0-STABLE
Hardware: Any Any
: --- Affects Only Me
Assignee: Dag-Erling Smørgrav
URL:
Keywords: patch, patch-ready
Depends on:
Blocks:
 
Reported: 2019-02-21 00:30 UTC by Kan Sasaki
Modified: 2019-03-07 14:22 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kan Sasaki 2019-02-21 00:30:37 UTC
Enabling pam_ssh with want_agent in /etc/pam.d/xdm, ssh-agent is started at login but is not killed at logout.

I added debug option to the session line and got the following logs on both 11.2-STABLE and 12.0-STABLE.

[11.2-STABLE]
Feb 18 09:24:50 XXX xdm[7352]: in pam_getenv(): entering: 'SSH_AGENT_PID'
Feb 18 09:24:50 XXX xdm[7352]: in openpam_findenv(): entering
Feb 18 09:24:50 XXX xdm[7352]: in openpam_findenv(): returning 1
Feb 18 09:24:50 XXX xdm[7352]: in pam_getenv(): returning '7364'
Feb 18 09:24:50 XXX xdm[7352]: in pam_sm_close_session(): killing ssh agent 7364

[12.0-STABLE]
Feb 18 09:14:04 XXX xdm[4425]: in pam_getenv(): entering: 'SSH_AGENT_PID'
Feb 18 09:14:04 XXX xdm[4425]: in openpam_findenv(): entering
Feb 18 09:14:04 XXX xdm[4425]: in openpam_findenv(): returning 1
Feb 18 09:14:04 XXX xdm[4425]: in pam_getenv(): returning '=4437'
Feb 18 09:14:04 XXX xdm[4425]: in pam_sm_close_session(): invalid ssh agent pid

Comparing the both version of /usr/src/contrib/openpam/lib/libpam/pam_getenv.c, I suspect that 12.0-STABLE's pam_getenv() is wrong.
Comment 1 Conrad Meyer freebsd_committer 2019-02-21 00:54:34 UTC
--- a/contrib/openpam/lib/libpam/pam_getenv.c
+++ b/contrib/openpam/lib/libpam/pam_getenv.c
@@ -70,7 +70,7 @@ pam_getenv(pam_handle_t *pamh,
                RETURNS(NULL);
        if ((str = strchr(pamh->env[i], '=')) == NULL)
                RETURNS("");
-       RETURNS(str);
+       RETURNS(str + 1);
 }

 /**


Should fix the issue.

Seems like it came in with "Vendor import of OpenPAM Radula".
Comment 2 Dag-Erling Smørgrav freebsd_committer 2019-02-22 14:00:35 UTC
This was independently reported and fixed upstream.  I will probably import the patched version sometime next week.
Comment 3 Dag-Erling Smørgrav freebsd_committer 2019-02-24 21:36:18 UTC
See https://www.openpam.org/wiki/Releases/Tabebuia which I will merge into head shortly.
Comment 4 Conrad Meyer freebsd_committer 2019-02-25 19:07:42 UTC
Committed in r344533.