* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
- t8m)
* pam_tally: major rewrite of the module (t8m)
+* libpam: don't return PAM_IGNORE for OK or JUMP actions if using
+ cached chain (Bug 629251 - t8m)
+* pam_nologin: don't overwrite return value with return from
+ pam_get_item (t8m)
0.78: Do Nov 18 14:48:36 CET 2004
if ( impression == _PAM_UNDEF
|| (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) {
- impression = _PAM_POSITIVE;
- status = retval;
+ /* in case of using cached chain
+ we could get here with PAM_IGNORE - don't return it */
+ if ( retval != PAM_IGNORE || cached_retval == retval ) {
+ impression = _PAM_POSITIVE;
+ status = retval;
+ }
}
if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) {
goto decision_made;
if (impression == _PAM_UNDEF
|| (impression == _PAM_POSITIVE
&& status == PAM_SUCCESS) ) {
- impression = _PAM_POSITIVE;
- status = retval;
+ if ( retval != PAM_IGNORE || cached_retval == retval ) {
+ impression = _PAM_POSITIVE;
+ status = retval;
+ }
}
}
case PAM_USER_UNKNOWN:
return "User not known to the underlying authentication module";
case PAM_MAXTRIES:
- return "Have exhasted maximum number of retries for service.";
+ return "Have exhausted maximum number of retries for service.";
case PAM_NEW_AUTHTOK_REQD:
return "Authentication token is no longer valid; new one required.";
case PAM_ACCT_EXPIRED:
case PAM_TRY_AGAIN:
return "Failed preliminary check by password service";
case PAM_IGNORE:
- return "Please ignore underlying account module";
+ return "The return value should be ignored by PAM dispatch";
case PAM_MODULE_UNKNOWN:
return "Module is unknown";
case PAM_AUTHTOK_EXPIRED:
* of /etc/nologin
*/
- retval = pam_get_item(pamh, PAM_CONV,
- (const void **)&conversation);
- if ((retval == PAM_SUCCESS) && (conversation)) {
+ if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation)
+ == PAM_SUCCESS && conversation && conversation->conv) {
(void) conversation->conv(1,
(const struct pam_message **)&pmessage,
&resp, conversation->appdata_ptr);