]> granicus.if.org Git - linux-pam/commitdiff
Relevant BUGIDs: 629251, Red Hat bz 143750
authorTomas Mraz <tm@t8m.info>
Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)
committerTomas Mraz <tm@t8m.info>
Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)
Purpose of commit: bugfix

Commit summary:
---------------
libpam: don't return PAM_IGNORE if the impression is positive and
  using cached chain
pam_nologin: don't overwrite return value with return from pam_get_item

CHANGELOG
libpam/pam_dispatch.c
libpam/pam_strerror.c
modules/pam_nologin/pam_nologin.c

index bb78fde9d75638c3459161695679a63483dc2dad..9d0d6a3cfe141593e3bc18ac695dc464b0eba0ac 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -71,6 +71,10 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
 * pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
   - t8m)
 * pam_tally: major rewrite of the module (t8m)
+* libpam: don't return PAM_IGNORE for OK or JUMP actions if using
+  cached chain (Bug 629251 - t8m)
+* pam_nologin: don't overwrite return value with return from
+  pam_get_item (t8m)
 
 0.78: Do Nov 18 14:48:36 CET 2004
 
index c6fcd5f8735bf7e5440df1d8f518d431dcc88aa7..1daf0c9f758a17094101382a6c54d47485590144 100644 (file)
@@ -184,8 +184,12 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
 
            if ( impression == _PAM_UNDEF
                 || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) {
-               impression = _PAM_POSITIVE;
-               status = retval;
+                /* in case of using cached chain
+                   we could get here with PAM_IGNORE - don't return it */
+                if ( retval != PAM_IGNORE || cached_retval == retval ) {
+                   impression = _PAM_POSITIVE;
+                    status = retval;
+                }
            }
            if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) {
                goto decision_made;
@@ -227,8 +231,10 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
                    if (impression == _PAM_UNDEF
                        || (impression == _PAM_POSITIVE
                            && status == PAM_SUCCESS) ) {
-                       impression = _PAM_POSITIVE;
-                       status = retval;
+                       if ( retval != PAM_IGNORE || cached_retval == retval ) {
+                           impression = _PAM_POSITIVE;
+                           status = retval;
+                       }
                    }
                }
                
index de857fd827ed503a8196cbf839b0de8d7328f52e..b2c6775af3ecf798ceaf2fea70dc826f44974002 100644 (file)
@@ -48,7 +48,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum)
     case PAM_USER_UNKNOWN:
        return "User not known to the underlying authentication module";
     case PAM_MAXTRIES:
-       return "Have exhasted maximum number of retries for service.";
+       return "Have exhausted maximum number of retries for service.";
     case PAM_NEW_AUTHTOK_REQD:
        return "Authentication token is no longer valid; new one required.";
     case PAM_ACCT_EXPIRED:
@@ -78,7 +78,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum)
     case PAM_TRY_AGAIN:
        return "Failed preliminary check by password service";
     case PAM_IGNORE:
-       return "Please ignore underlying account module";
+       return "The return value should be ignored by PAM dispatch";
     case PAM_MODULE_UNKNOWN:
        return "Module is unknown";
     case PAM_AUTHTOK_EXPIRED:
index 433d2e119f1712975181e0c447a14f9bf6968282..bfd177535b2ba6319c4b183e22e7721e6c663e0d 100644 (file)
@@ -125,9 +125,8 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
                 * of /etc/nologin
                 */
 
-               retval = pam_get_item(pamh, PAM_CONV, 
-                               (const void **)&conversation);
-               if ((retval == PAM_SUCCESS) && (conversation)) {
+               if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation)
+                    == PAM_SUCCESS && conversation && conversation->conv) {
                        (void) conversation->conv(1, 
                                (const struct pam_message **)&pmessage,
                                &resp, conversation->appdata_ptr);