Relevant BUGIDs: 111035

Purpose of commit: bugfix to pam_unix_auth

Commit summary:
---------------
Fix for 'likeauth' handling in the pam_unix_auth module.  If pam_setcred
needs to return the same value as returned by pam_authenticate, malloc()
space for this return value and pass its address to pam_set_data().
Also, changes pam_sm_setcred() so that it reads this value properly.

diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index 3c301df0761a3ed6a347e1d0df1c760f99c1e73d..a16118d683c2845c044bd6a16ed2b4f5fb584bdc 100644 (file)
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -85,11 +85,12 @@
 
 #define AUTH_RETURN                                            \
 {                                                              \
-       if (on(UNIX_LIKE_AUTH, ctrl)) {                         \
+       if (on(UNIX_LIKE_AUTH, ctrl) && ret_data) {             \
                D(("recording return code for next time [%d]",  \
                                        retval));               \
+               *ret_data = retval;                             \
                pam_set_data(pamh, "unix_setcred_return",       \
-                               (void *) &retval, NULL);        \
+                               (void *) ret_data, NULL);       \
        }                                                       \
        D(("done. [%s]", pam_strerror(pamh, retval)));          \
        return retval;                                          \
@@ -99,13 +100,17 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
                                   ,int argc, const char **argv)
 {
        unsigned int ctrl;
-       int retval;
+       int retval, *ret_data = NULL;
        const char *name, *p;
 
        D(("called."));
 
        ctrl = _set_ctrl(flags, NULL, argc, argv);
 
+       /* Get a few bytes so we can pass our return value to
+          pam_sm_setcred(). */
+       ret_data = malloc(sizeof(int));
+
        /* get the user'name' */
 
        retval = pam_get_user(pamh, &name, "login: ");
@@ -197,12 +202,16 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
        retval = PAM_SUCCESS;
 
        if (on(UNIX_LIKE_AUTH, ctrl)) {
-               int *pretval = &retval;
+               int *pretval = NULL;
 
                D(("recovering return code from auth call"));
                pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval);
                pam_set_data(pamh, "unix_setcred_return", NULL, NULL);
-               D(("recovered data indicates that old retval was %d", retval));
+               if(pretval) {
+                       retval = *pretval;
+                       free(pretval);
+                       D(("recovered data indicates that old retval was %d", retval));
+               }
        }
        return retval;
 }