Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2009-04-03  Dmitry V. Levin  <ldv@altlinux.org>

	* libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
	in child process with call to _exit(2).
	* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
	* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
	Likewise.
	* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
	Likewise.
	* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
	* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
	* modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
	exit(3) in child process with calls to _exit(2).
	* modules/pam_filter/pam_filter.c (set_filter): Likewise.
	* modules/pam_namespace/pam_namespace.c (inst_init,
	cleanup_tmpdirs): Likewise.

10 files changed, 47 insertions, 33 deletions

diff --git a/ChangeLog b/ChangeLog
index b7667616..ad9f630e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2009-04-03  Dmitry V. Levin  <ldv@altlinux.org>
+
+	* libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3)
+	in child process with call to _exit(2).
+	* modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise.
+	* modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary):
+	Likewise.
+	* modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary):
+	Likewise.
+	* modules/pam_unix/support.c (_unix_run_helper_binary): Likewise.
+	* modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise.
+	* modules/pam_exec/pam_exec.c (call_exec): Replace all calls to
+	exit(3) in child process with calls to _exit(2).
+	* modules/pam_filter/pam_filter.c (set_filter): Likewise.
+	* modules/pam_namespace/pam_namespace.c (inst_init,
+	cleanup_tmpdirs): Likewise.
+
 2009-03-27  Thorsten Kukuk  <kukuk@thkukuk.de>
 
 	* modules/pam_unix/support.c (_unix_run_helper_binary): Don't
diff --git a/libpamc/pamc_load.c b/libpamc/pamc_load.c
index b3c0b5d5..dbbfbd59 100644
--- a/libpamc/pamc_load.c
+++ b/libpamc/pamc_load.c
@@ -121,7 +121,7 @@ static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent)
 	execle(full_path, "pam-agent", NULL, NULL);
 
 	D(("exec failed"));
-	exit(1);
+	_exit(1);
 
     }
 
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 47e1d5bb..7b2e402c 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -252,7 +252,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	    {
 	      int err = errno;
 	      pam_syslog (pamh, LOG_ERR, "dup2 of STDIN failed: %m");
-	      exit (err);
+	      _exit (err);
 	    }
 
 	  for (i = 0; i < sysconf (_SC_OPEN_MAX); i++)
@@ -271,7 +271,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	    {
 	      int err = errno;
 	      pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m");
-	      exit (err);
+	      _exit (err);
 	    }
 	}
 
@@ -287,7 +287,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	      int err = errno;
 	      pam_syslog (pamh, LOG_ERR, "open of %s failed: %m",
 			  logfile);
-	      exit (err);
+	      _exit (err);
 	    }
 	  if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0)
 	    {
@@ -302,7 +302,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	    {
 	      int err = errno;
 	      pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m");
-	      exit (err);
+	      _exit (err);
 	    }
 	}
 
@@ -310,7 +310,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	{
 	  int err = errno;
 	  pam_syslog (pamh, LOG_ERR, "dup failed: %m");
-	  exit (err);
+	  _exit (err);
 	}
 
       if (call_setuid)
@@ -319,19 +319,19 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
 	    int err = errno;
 	    pam_syslog (pamh, LOG_ERR, "setuid(%lu) failed: %m",
 			(unsigned long) geteuid ());
-	    exit (err);
+	    _exit (err);
 	  }
 
       if (setsid () == -1)
 	{
 	  int err = errno;
 	  pam_syslog (pamh, LOG_ERR, "setsid failed: %m");
-	  exit (err);
+	  _exit (err);
 	}
 
       arggv = calloc (argc + 4, sizeof (char *));
       if (arggv == NULL)
-	exit (ENOMEM);
+	_exit (ENOMEM);
 
       for (i = 0; i < (argc - optargc); i++)
 	arggv[i] = strdup(argv[i+optargc]);
@@ -351,7 +351,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
       {
         free(envlist);
         pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m");
-        exit (ENOMEM);
+        _exit (ENOMEM);
       }
       envlist = tmp;
       for (i = 0; i < nitems; ++i)
@@ -364,7 +364,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
         {
           free(envlist);
           pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m");
-          exit (ENOMEM);
+          _exit (ENOMEM);
         }
         envlist[envlen++] = envstr;
         envlist[envlen] = NULL;
@@ -374,7 +374,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
         {
           free(envlist);
           pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m");
-          exit (ENOMEM);
+          _exit (ENOMEM);
         }
       envlist[envlen++] = envstr;
       envlist[envlen] = NULL;
@@ -382,16 +382,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
       if (debug)
 	pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]);
 
-      if (execve (arggv[0], arggv, envlist) == -1)
-	{
-	  int err = errno;
-	  pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m",
-		      arggv[0]);
-          free(envlist);
-	  exit (err);
-	}
+      execve (arggv[0], arggv, envlist);
+      i = errno;
+      pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", arggv[0]);
       free(envlist);
-      exit (1); /* should never be reached. */
+      _exit (i);
     }
   return PAM_SYSTEM_ERR; /* will never be reached. */
 }
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index 6b821efc..2f290fd5 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -468,7 +468,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
 	    pam_syslog(pamh, LOG_WARNING,
 		       "unable to re-assign APPIN/OUT/ERR: %m");
 	    close(fd[0]);
-	    exit(1);
+	    _exit(1);
 	}
 
 	/* make sure that file descriptors survive 'exec's */
@@ -481,7 +481,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
 	    close(APPIN_FILENO);
 	    close(APPOUT_FILENO);
 	    close(APPERR_FILENO);
-	    exit(1);
+	    _exit(1);
 	}
 
 	/* now the user input is read from the parent through filter */
@@ -491,6 +491,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
 	/* getting to here is an error */
 
 	pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername);
+	_exit(1);
 
     } else {           /* wait for either of the two children to exit */
 
diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c
index b81708f2..dfc4979e 100644
--- a/modules/pam_mkhomedir/pam_mkhomedir.c
+++ b/modules/pam_mkhomedir/pam_mkhomedir.c
@@ -154,7 +154,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt,
 
 	/* should not get here: exit with error */
 	D(("helper binary is not available"));
-	exit(PAM_SYSTEM_ERR);
+	_exit(PAM_SYSTEM_ERR);
    } else if (child > 0) {
 	int rc;
 	while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR);
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index 7d668d9e..f6219271 100644
--- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c
@@ -1184,12 +1184,12 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath,
 #ifdef WITH_SELINUX
 				if (idata->flags & PAMNS_SELINUX_ENABLED) {
 					if (setexeccon(NULL) < 0)
-						exit(1);
+						_exit(1);
 				}
 #endif
 				if (execl(init_script, init_script,
 					polyptr->dir, ipath, newdir?"1":"0", idata->user, (char *)NULL) < 0)
-					exit(1);
+					_exit(1);
 			} else if (pid > 0) {
 				while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) &&
 						(errno == EINTR));
@@ -1611,16 +1611,16 @@ static int cleanup_tmpdirs(struct instance_data *idata)
 #ifdef WITH_SELINUX
 		if (idata->flags & PAMNS_SELINUX_ENABLED) {
 		    if (setexeccon(NULL) < 0)
-			exit(1);
+			_exit(1);
 		}
 #endif
 		if (execl("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, (char *)NULL) < 0)
-			exit(1);
+			_exit(1);
 	    } else if (pid > 0) {
 		while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) &&
 		    (errno == EINTR));
 		if (rc == (pid_t)-1) {
-		    pam_syslog(idata->pamh, LOG_ERR, "waitpid failed- %m");
+		    pam_syslog(idata->pamh, LOG_ERR, "waitpid failed: %m");
 		    rc = PAM_SESSION_ERR;
 		    goto out;
 		}
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 4e119340..08cc750f 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -130,7 +130,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
     /* should not get here: exit with error */
     D(("helper binary is not available"));
     printf("-1\n");
-    exit(PAM_AUTHINFO_UNAVAIL);
+    fflush(stdout);
+    _exit(PAM_AUTHINFO_UNAVAIL);
   } else {
     close(fds[1]);
     if (child > 0) {
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index ab1adda0..d3ee6815 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -207,7 +207,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
 
 	/* should not get here: exit with error */
 	D(("helper binary is not available"));
-	exit(PAM_AUTHINFO_UNAVAIL);
+	_exit(PAM_AUTHINFO_UNAVAIL);
     } else if (child > 0) {
 	/* wait for child */
 	/* if the stored password is NULL */
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index 98283502..050e0dc1 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -472,7 +472,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
 
 	/* should not get here: exit with error */
 	D(("helper binary is not available"));
-	exit(PAM_AUTHINFO_UNAVAIL);
+	_exit(PAM_AUTHINFO_UNAVAIL);
     } else if (child > 0) {
 	/* wait for child */
 	/* if the stored password is NULL */
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 518c015a..bc72a8c1 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -149,7 +149,7 @@ run_coprocess(const char *input, char **output,
 		/* Run the command. */
 		execv(command, args);
 		/* Never reached. */
-		exit(1);
+		_exit(1);
 	}
 
 	/* We're the parent, so close the other ends of the pipes. */