diff options
| author | Tomas Mraz <tm@t8m.info> | 2005-01-07 15:31:26 +0000 |
|---|---|---|
| committer | Tomas Mraz <tm@t8m.info> | 2005-01-07 15:31:26 +0000 |
| commit | 8371672714bbe3a7c171143a657083271cad7c71 (patch) | |
| tree | 926b7b38b7c0ce98dcfe15c58296cf7fe15f774c /libpam | |
| parent | c75c3ff9f2c3d221aabe89b8d0779f041e71e30c (diff) | |
Relevant BUGIDs: 629251, Red Hat bz 143750
Purpose of commit: bugfix
Commit summary:
---------------
libpam: don't return PAM_IGNORE if the impression is positive and
using cached chain
pam_nologin: don't overwrite return value with return from pam_get_item
Diffstat (limited to 'libpam')
| -rw-r--r-- | libpam/pam_dispatch.c | 14 | ||||
| -rw-r--r-- | libpam/pam_strerror.c | 4 |
2 files changed, 12 insertions, 6 deletions
diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index c6fcd5f8..1daf0c9f 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -184,8 +184,12 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if ( impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - impression = _PAM_POSITIVE; - status = retval; + /* in case of using cached chain + we could get here with PAM_IGNORE - don't return it */ + if ( retval != PAM_IGNORE || cached_retval == retval ) { + impression = _PAM_POSITIVE; + status = retval; + } } if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { goto decision_made; @@ -227,8 +231,10 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if (impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - impression = _PAM_POSITIVE; - status = retval; + if ( retval != PAM_IGNORE || cached_retval == retval ) { + impression = _PAM_POSITIVE; + status = retval; + } } } diff --git a/libpam/pam_strerror.c b/libpam/pam_strerror.c index de857fd8..b2c6775a 100644 --- a/libpam/pam_strerror.c +++ b/libpam/pam_strerror.c @@ -48,7 +48,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum) case PAM_USER_UNKNOWN: return "User not known to the underlying authentication module"; case PAM_MAXTRIES: - return "Have exhasted maximum number of retries for service."; + return "Have exhausted maximum number of retries for service."; case PAM_NEW_AUTHTOK_REQD: return "Authentication token is no longer valid; new one required."; case PAM_ACCT_EXPIRED: @@ -78,7 +78,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum) case PAM_TRY_AGAIN: return "Failed preliminary check by password service"; case PAM_IGNORE: - return "Please ignore underlying account module"; + return "The return value should be ignored by PAM dispatch"; case PAM_MODULE_UNKNOWN: return "Module is unknown"; case PAM_AUTHTOK_EXPIRED: |