Relevant BUGIDs:

Purpose of commit: new feature

Commit summary:
---------------
2009-02-27  Tomas Mraz <t8m@centrum.cz>

        * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace
        signal() with sigaction().
        * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs):
        Likewise.
        * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise.
        * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary):
        Likewise.
        * modules/pam_unix/passverify.c(su_sighandler): Likewise.
        * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise.

        * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam
        for auxiliary functions.
        * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset
        option. Document new serialize option.
        * modules/pam_tally2/pam_tally2.c: Add support for the new serialize
        option.
        (_cleanup, tally_set_data, tally_get_data): Add tally file handle to
        tally PAM data. Needed for fcntl() locking.
        (get_tally): Use low level file access instead of stdio buffered FILE.
        If serialize option is used lock the tally file access.
        (set_tally, tally_bump, tally_reset): Use low level file access instead
        of stdio buffered FILE. Close the file handle only when it is not owned
        by PAM data.
        (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally
        file handle to tally_set_data(). Get it from tally_get_data().
        (main): Use low level file access instead of stdio buffered FILE.

4 files changed, 26 insertions, 14 deletions

diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 40ff3c06..f8698337 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -65,7 +65,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
 	const char *user, int *daysleft)
 {
   int retval=0, child, fds[2];
-  void (*sighandler)(int) = NULL;
+  struct sigaction newsa, oldsa;
   D(("running verify_binary"));
 
   /* create a pipe for the messages */
@@ -85,7 +85,9 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
      * The "noreap" module argument is provided so that the admin can
      * override this behavior.
      */
-    sighandler = signal(SIGCHLD, SIG_DFL);
+     memset(&newsa, '\0', sizeof(newsa));
+     newsa.sa_handler = SIG_DFL;
+     sigaction(SIGCHLD, &newsa, &oldsa);
   }
 
   /* fork */
@@ -158,9 +160,11 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
     }
     close(fds[0]);
   }
-  if (sighandler != SIG_ERR) {
-    (void) signal(SIGCHLD, sighandler);   /* restore old signal handler */
+
+  if (off(UNIX_NOREAP, ctrl)) {
+        sigaction(SIGCHLD, &oldsa, NULL);   /* restore old signal handler */
   }
+
   D(("Returning %d",retval));
   return retval;
 }
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index b8da9913..9386d87f 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -139,7 +139,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
     const char *fromwhat, const char *towhat, int remember)
 {
     int retval, child, fds[2];
-    void (*sighandler)(int) = NULL;
+    struct sigaction newsa, oldsa;
 
     D(("called."));
     /* create a pipe for the password */
@@ -157,7 +157,9 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
 	 * The "noreap" module argument is provided so that the admin can
 	 * override this behavior.
 	 */
-	sighandler = signal(SIGCHLD, SIG_DFL);
+        memset(&newsa, '\0', sizeof(newsa));
+        newsa.sa_handler = SIG_DFL;
+        sigaction(SIGCHLD, &newsa, &oldsa);
     }
 
     /* fork */
@@ -236,8 +238,8 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
 	retval = PAM_AUTH_ERR;
     }
 
-    if (sighandler != SIG_ERR) {
-        (void) signal(SIGCHLD, sighandler);   /* restore old signal handler */
+    if (off(UNIX_NOREAP, ctrl)) {
+        sigaction(SIGCHLD, &oldsa, NULL);   /* restore old signal handler */
     }
 
     return retval;
diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c
index 360bd90b..234e86dd 100644
--- a/modules/pam_unix/passverify.c
+++ b/modules/pam_unix/passverify.c
@@ -994,8 +994,12 @@ su_sighandler(int sig)
 {
 #ifndef SA_RESETHAND
         /* emulate the behaviour of the SA_RESETHAND flag */
-        if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV )
-                signal(sig, SIG_DFL);
+        if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) {
+		struct sigaction sa;
+		memset(&sa, '\0, sizeof(sa));
+		sa.sa_handler = SIG_DFL;
+                sigaction(sig, &sa, NULL);
+	}
 #endif
         if (sig > 0) {
                 _exit(sig);
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index faec20dc..6e1bd454 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -408,7 +408,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
 				   unsigned int ctrl, const char *user)
 {
     int retval, child, fds[2];
-    void (*sighandler)(int) = NULL;
+    struct sigaction newsa, oldsa;
 
     D(("called."));
     /* create a pipe for the password */
@@ -426,7 +426,9 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
 	 * The "noreap" module argument is provided so that the admin can
 	 * override this behavior.
 	 */
-	sighandler = signal(SIGCHLD, SIG_DFL);
+        memset(&newsa, '\0', sizeof(newsa));
+	newsa.sa_handler = SIG_DFL;
+	sigaction(SIGCHLD, &newsa, &oldsa);
     }
 
     /* fork */
@@ -497,8 +499,8 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
 	retval = PAM_AUTH_ERR;
     }
 
-    if (sighandler != SIG_ERR) {
-        (void) signal(SIGCHLD, sighandler);   /* restore old signal handler */
+    if (off(UNIX_NOREAP, ctrl)) {
+        sigaction(SIGCHLD, &oldsa, NULL);   /* restore old signal handler */
     }
 
     D(("returning %d", retval));