diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2002-07-11 05:43:50 +0000 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2002-07-11 05:43:50 +0000 |
| commit | 449f88eeb44e910b25261e8e5bead120d3757fec (patch) | |
| tree | f7e975a38ddc879704eeae18123ac74a4c3c12ca /modules/pam_unix | |
| parent | f58075a0497ae9c32a43a71a1bdb1d1b6c9e83d4 (diff) | |
Relevant BUGIDs: 476963
Purpose of commit: new feature
Commit summary:
---------------
some applications are not prepared to get a SIGCHLD from a child
process they didn't think they launched, so we now suppress
this signal for the duration of use of the helper binary.
The 'noreap' module argument is provided to override this new
default.
Diffstat (limited to 'modules/pam_unix')
| -rw-r--r-- | modules/pam_unix/support.c | 18 | ||||
| -rw-r--r-- | modules/pam_unix/support.h | 4 |
2 files changed, 21 insertions, 1 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 5998c7db..98536d21 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -16,6 +16,7 @@ #include <limits.h> #include <utmp.h> #include <errno.h> +#include <signal.h> #include <security/_pam_macros.h> #include <security/pam_modules.h> @@ -434,6 +435,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsigned int ctrl, const char *user) { int retval, child, fds[2]; + void (*sighandler)(int) = NULL; D(("called.")); /* create a pipe for the password */ @@ -442,6 +444,18 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, return PAM_AUTH_ERR; } + if (off(UNIX_NOREAP, ctrl)) { + /* + * This code arranges that the demise of the child does not cause + * the application to receive a signal it is not expecting - which + * may kill the application or worse. + * + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ + sighandler = signal(SIGCHLD, SIG_IGN); + } + /* fork */ child = fork(); if (child == 0) { @@ -486,6 +500,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, retval = PAM_AUTH_ERR; } + if (sighandler != NULL) { + (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + } + D(("returning %d", retval)); return retval; } diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 0b6b6e04..755d1c9f 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -80,8 +80,9 @@ typedef struct { #define UNIX_BIGCRYPT 18 /* use DEC-C2 crypt()^x function */ #define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */ #define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */ +#define UNIX_NOREAP 21 /* don't reap child process */ /* -------------- */ -#define UNIX_CTRLS_ 21 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 22 /* number of ctrl arguments defined */ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = @@ -110,6 +111,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(020000), 0400000}, /* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, /* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) |