From: jan@unixpapa.com Date: Wed, 5 Oct 2011 13:25:15 +0000 (+0000) Subject: Convert to using fcntl() locking instead of flock() for improved portability. X-Git-Tag: pwauth-2.3.10~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dce19be887430496498124f3020658f7a70e5580;p=pwauth Convert to using fcntl() locking instead of flock() for improved portability. --- diff --git a/pwauth/CHANGES b/pwauth/CHANGES index 88240ce..281add6 100644 --- a/pwauth/CHANGES +++ b/pwauth/CHANGES @@ -1,6 +1,13 @@ Pwauth Change Log ================= +VERSION 2.3.10 - Oct 5, 2011 + - Changed the serialized sleep code in snooze.c to use fcntl() locking + instead of flock() locking. Fcntl() locking is a POSIX standard and + is likely to work better on more systems, notably including Solaris + which doesn't seem to support flock() at all any more. + - Minor fixes to typos in various documentation. + VERSION 2.3.9 - May 2, 2011 - Add AUTHENTICATE_AIX option for authenticating via AIX's authentication configuration system. Thanks to Hans Dieter Petersen of the University diff --git a/pwauth/INSTALL b/pwauth/INSTALL index 0fe0f6b..ecb8d64 100644 --- a/pwauth/INSTALL +++ b/pwauth/INSTALL @@ -72,12 +72,12 @@ with other forms of authentication. that root access isn't required, you should be able to use mod_auth_pam instead of mod_auth_external and pwauth and get faster authentications. - (6) Test the pwauth program. As root, you can just run the thing, type + (7) Test the pwauth program. As root, you can just run the thing, type in a login (hit return) and a password (hit return), and then check the exit code (in csh: "echo $status" in sh: "echo $?"). It should be 0 for correct login/password pairs and 1 otherwise. - (7) Install it in some sensible place (say, /usr/local/libexec/pwauth). + (8) Install it in some sensible place (say, /usr/local/libexec/pwauth). Unless you are doing SHADOW_NONE, it should be suid-root, so that it has the necessary access to read the shadow file. That is, the file should be owned by root, and you should do "chmod u+s pwauth" on diff --git a/pwauth/README b/pwauth/README index 6a982a5..6c453e4 100644 --- a/pwauth/README +++ b/pwauth/README @@ -1,4 +1,4 @@ - pwauth 2.3.9 + pwauth 2.3.10 Author: Jan Wolter diff --git a/pwauth/config.h b/pwauth/config.h index ddcdd3f..6f8e1b6 100644 --- a/pwauth/config.h +++ b/pwauth/config.h @@ -112,10 +112,10 @@ * * - AUTHENTICATE_AIX: AIX has it's own system for configuring authentication * via various files in the /etc/security directory. This can be used to - * configure special authenication parameters on a per-user basis including + * configure special authentication parameters on a per-user basis including * things like authenticating via kerberos and ldap and such like. We can * tie into this interface via the authenticate() system call. The module - * to suppor this was contributed by a user and has not been tested by + * to support this was contributed by a user and has not been tested by * the author. */ @@ -139,13 +139,13 @@ /* #define AUTHENTICATE_AIX /* AIX authenticate() function */ -/* There is also limited support for two failure logging systems (the database - * that informs you that "there have been 3426 unsuccessful attempts to log - * into your account since your last login" and which may disable accounts - * with too many failed logins). +/* There is also limited support for three failure logging systems (the + * database that informs you that "there have been 3426 unsuccessful attempts + * to log into your account since your last login" and which may disable + * accounts with too many failed logins). * * If a FAILLOG option is enabled, pwauth will increment the failure count - * each time there is a failed attempt to login. Depending on the the + * each time there is a failed attempt to login. Depending on the * configuration, it may also deny logins to users who have had too many * bad login attempts. * @@ -164,7 +164,7 @@ * in faillog.h. * * - FAILLOG_OPENBSD: OpenBSD has a faillog, although it does not disable - * logins if any maximum exceeded. Failure counts are kept in + * logins if any maximum is exceeded. Failure counts are kept in * /var/log/failedlogin. There is no system header file that defines the * format of this file, however. Instead the definition for the file * format is embedded in the "login" source code. Bad things will happen @@ -278,7 +278,7 @@ * to change the uid list. */ -#define SERVER_UIDS 72 /* user "nobody" */ +#define SERVER_UIDS 30 /* user "wwwrun" on the author's system */ /* If MIN_UNIX_UID is defined to an integer, logins with uid numbers less than @@ -296,6 +296,7 @@ /* If IGNORE_CASE is defined, the login given is checked in two different * ways. First without any changes and then with all letters converted to * lower case. This is useful for users accustomed to the Windows environment. + * This ignores the case of the login name only, not the password. */ /* #define IGNORE_CASE /**/ @@ -303,7 +304,7 @@ /* If DOMAIN_AWARE is enabled, then we we check login names to see if they * contain a backslash, and discard anything up to and including the backslash. - * This is for use in environments where there are windows users accustomed + * This is for use in environments where there are Windows users accustomed * to login names formed like "domain\username". */ diff --git a/pwauth/snooze.c b/pwauth/snooze.c index 4257abd..4f8a8a0 100644 --- a/pwauth/snooze.c +++ b/pwauth/snooze.c @@ -45,15 +45,21 @@ snooze(int seconds) { int slfd; + struct flock lock; + lock.l_type= F_WRLCK; + lock.l_whence= SEEK_SET; + lock.l_start= 0; + lock.l_len= 0; /* Lock the sleep-lock file to serialize our sleeps */ - if ((slfd= open(SLEEP_LOCK,O_CREAT|O_RDONLY,0644)) >= 0) - flock(slfd,LOCK_EX); + + if ((slfd= open(SLEEP_LOCK,O_CREAT|O_RDWR,0644)) >= 0) + fcntl(slfd,F_SETLKW,&lock); sleep(seconds); /* Release sleep-lock file */ - /*flock(slfd,LOCK_UN);*/ + /*lock.l_type= F_UNLCK; fcntl(slfd,F_SETLK,&lock);*/ close(slfd); }