Relevant BUGIDs: 629251, Red Hat bz 143750

author Tomas Mraz <tm@t8m.info>

Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)

committer Tomas Mraz <tm@t8m.info>

Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)
author Tomas Mraz <tm@t8m.info>
Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)
committer Tomas Mraz <tm@t8m.info>
Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)
diff --git a/CHANGELOG b/CHANGELOG

index bb78fde9d75638c3459161695679a63483dc2dad..9d0d6a3cfe141593e3bc18ac695dc464b0eba0ac 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -71,6 +71,10 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
  * pam_limits: support for new Linux kernel 2.6 limits (from toby cabot
    - t8m)
  * pam_tally: major rewrite of the module (t8m)
+* libpam: don't return PAM_IGNORE for OK or JUMP actions if using
+  cached chain (Bug 629251 - t8m)
+* pam_nologin: don't overwrite return value with return from
+  pam_get_item (t8m)
  
  0.78: Do Nov 18 14:48:36 CET 2004
  
diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c

index c6fcd5f8735bf7e5440df1d8f518d431dcc88aa7..1daf0c9f758a17094101382a6c54d47485590144 100644 (file)
--- a/libpam/pam_dispatch.c
+++ b/libpam/pam_dispatch.c
@@ -184,8 +184,12 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
  
             if ( impression == _PAM_UNDEF
                  || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) {
-               impression = _PAM_POSITIVE;
-               status = retval;
+                /* in case of using cached chain
+                   we could get here with PAM_IGNORE - don't return it */
+                if ( retval != PAM_IGNORE || cached_retval == retval ) {
+                   impression = _PAM_POSITIVE;
+                    status = retval;
+                }
             }
             if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) {
                 goto decision_made;
@@ -227,8 +231,10 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h,
                     if (impression == _PAM_UNDEF
                         || (impression == _PAM_POSITIVE
                             && status == PAM_SUCCESS) ) {
-                       impression = _PAM_POSITIVE;
-                       status = retval;
+                       if ( retval != PAM_IGNORE || cached_retval == retval ) {
+                           impression = _PAM_POSITIVE;
+                           status = retval;
+                       }
                     }
                 }
                 
diff --git a/libpam/pam_strerror.c b/libpam/pam_strerror.c

index de857fd827ed503a8196cbf839b0de8d7328f52e..b2c6775af3ecf798ceaf2fea70dc826f44974002 100644 (file)
--- a/libpam/pam_strerror.c
+++ b/libpam/pam_strerror.c
@@ -48,7 +48,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum)
      case PAM_USER_UNKNOWN:
         return "User not known to the underlying authentication module";
      case PAM_MAXTRIES:
-       return "Have exhasted maximum number of retries for service.";
+       return "Have exhausted maximum number of retries for service.";
      case PAM_NEW_AUTHTOK_REQD:
         return "Authentication token is no longer valid; new one required.";
      case PAM_ACCT_EXPIRED:
@@ -78,7 +78,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum)
      case PAM_TRY_AGAIN:
         return "Failed preliminary check by password service";
      case PAM_IGNORE:
-       return "Please ignore underlying account module";
+       return "The return value should be ignored by PAM dispatch";
      case PAM_MODULE_UNKNOWN:
         return "Module is unknown";
      case PAM_AUTHTOK_EXPIRED:
diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c

index 433d2e119f1712975181e0c447a14f9bf6968282..bfd177535b2ba6319c4b183e22e7721e6c663e0d 100644 (file)
--- a/modules/pam_nologin/pam_nologin.c
+++ b/modules/pam_nologin/pam_nologin.c
@@ -125,9 +125,8 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts)
                  * of /etc/nologin
                  */
  
-               retval = pam_get_item(pamh, PAM_CONV, 
-                               (const void **)&conversation);
-               if ((retval == PAM_SUCCESS) && (conversation)) {
+               if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation)
+                    == PAM_SUCCESS && conversation && conversation->conv) {
                         (void) conversation->conv(1, 
                                 (const struct pam_message **)&pmessage,
                                 &resp, conversation->appdata_ptr);
author	Tomas Mraz <tm@t8m.info>
	Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)
committer	Tomas Mraz <tm@t8m.info>
	Fri, 7 Jan 2005 15:31:26 +0000 (15:31 +0000)
CHANGELOG		patch \| blob \| history
libpam/pam_dispatch.c		patch \| blob \| history
libpam/pam_strerror.c		patch \| blob \| history
modules/pam_nologin/pam_nologin.c		patch \| blob \| history