On Fri, Sep 05, 2014 at 07:24:31AM +0000, Tomáš Mráz wrote:
[...]
I've discovered an inconsistency in the way how grantor is initialized:
--- a/libpam/pam_dispatch.c
+++ b/libpam/pam_dispatch.c
@@ -217,8 +217,14 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct
handler *h,
status = retval;
}
}
- if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) {
- goto decision_made;
+ if ( impression == _PAM_POSITIVE ) {
+ if ( retval == PAM_SUCCESS ) {
+ h->grantor = 1;
+ }
+
+ if ( action == _PAM_ACTION_DONE ) {
+ goto decision_made;
+ }
}
break;
Here grantor is being set every time retval is PAM_SUCCESS and
impression is _PAM_POSITIVE, ...
@@ -262,6 +268,9 @@ static int _pam_dispatch_aux(pam_handle_t *pamh,
int flags, struct handler *h,
|| (impression == _PAM_POSITIVE
&& status == PAM_SUCCESS) ) {
if ( retval != PAM_IGNORE || cached_retval == retval ) {
+ if ( impression == _PAM_UNDEF && retval == PAM_SUCCESS ) {
+ h->grantor = 1;
+ }
impression = _PAM_POSITIVE;
status = retval;
while here grantor is set only if retval is PAM_SUCCESS and
impression is not yet _PAM_POSITIVE, so if impression is already
_PAM_POSITIVE, grantor will not be set.
--
ldv