#2: pam_access: group names with brackets
---------------------+-------------------------------
Reporter: mmoeller | Owner: pam-developers@…
Type: defect | Status: closed
Priority: major | Component: library
Version: | Resolution: wontfix
Keywords: | Blocked By:
Blocking: |
---------------------+-------------------------------
Changes (by kukuk):
* status: new => closed
* resolution: => wontfix
Comment:
Decission was made to not support this usecase, since the group names are
not really POSIX conform.
--
Ticket URL: <https://fedorahosted.org/linux-pam/ticket/2#comment:5>
linux-pam <http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project
Hi,
https://fedorahosted.org/linux-pam/ticket/17
beside pam_unix, all other modules use alrady the while loop
for waitpid.
Ok to commit this patch to fix the last three appearance?
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 4a362f8..7f8250c 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -142,7 +142,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
if (child > 0) {
char buf[32];
int rc=0;
- rc=waitpid(child, &retval, 0); /* wait for helper to complete */
+ /* wait for helper to complete: */
+ while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
if (rc<0) {
pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc);
retval = PAM_AUTH_ERR;
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 94bc3ec..9bc1cd9 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -254,7 +254,8 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
- rc=waitpid(child, &retval, 0); /* wait for helper to complete */
+ /* wait for helper to complete: */
+ while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
if (rc<0) {
pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
retval = PAM_AUTHTOK_ERR;
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index f36786e..d8f4a6f 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -621,7 +621,8 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
}
close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
- rc=waitpid(child, &retval, 0); /* wait for helper to complete */
+ /* wait for helper to complete: */
+ while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR);
if (rc<0) {
pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc);
retval = PAM_AUTH_ERR;
--
Thorsten Kukuk, Senior Architect SLES & Common Code Base
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
There was a patch submitted to have pam_tty_audit not log passwords when
entered in a monitored session. What version will that go out in and
approximately what timeframe?
The pam_sepermit exclusive locking will now lock xguest sessions when
screensaver is started. That should have been prevented by the check for
euid==0 but the screensaver is now handled through gdm which runs with
euid==0. On the other hand the loginuid will be set to the user uid and
not to -1 in the gdm screensaver so we can check for this.
OK to commit?
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
* misc_conv.c:213:13: warning: the address of ‘line’ will always
evaluate as ‘true’ [-Waddress]
* misc_conv.c:325:6: warning: the address of ‘binary_prompt’ will
always evaluate as ‘true’ [-Waddress]