diff options
| -rw-r--r-- | CHANGELOG | 4 | ||||
| -rw-r--r-- | libpam/pam_dispatch.c | 14 | ||||
| -rw-r--r-- | libpam/pam_strerror.c | 4 | ||||
| -rw-r--r-- | modules/pam_nologin/pam_nologin.c | 5 |
4 files changed, 18 insertions, 9 deletions
@@ -71,6 +71,10 @@ BerliOS Bugs are marked with (BerliOS #XXXX). * pam_limits: support for new Linux kernel 2.6 limits (from toby cabot - t8m) * pam_tally: major rewrite of the module (t8m) +* libpam: don't return PAM_IGNORE for OK or JUMP actions if using + cached chain (Bug 629251 - t8m) +* pam_nologin: don't overwrite return value with return from + pam_get_item (t8m) 0.78: Do Nov 18 14:48:36 CET 2004 diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index c6fcd5f8..1daf0c9f 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -184,8 +184,12 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if ( impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - impression = _PAM_POSITIVE; - status = retval; + /* in case of using cached chain + we could get here with PAM_IGNORE - don't return it */ + if ( retval != PAM_IGNORE || cached_retval == retval ) { + impression = _PAM_POSITIVE; + status = retval; + } } if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { goto decision_made; @@ -227,8 +231,10 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if (impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - impression = _PAM_POSITIVE; - status = retval; + if ( retval != PAM_IGNORE || cached_retval == retval ) { + impression = _PAM_POSITIVE; + status = retval; + } } } diff --git a/libpam/pam_strerror.c b/libpam/pam_strerror.c index de857fd8..b2c6775a 100644 --- a/libpam/pam_strerror.c +++ b/libpam/pam_strerror.c @@ -48,7 +48,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum) case PAM_USER_UNKNOWN: return "User not known to the underlying authentication module"; case PAM_MAXTRIES: - return "Have exhasted maximum number of retries for service."; + return "Have exhausted maximum number of retries for service."; case PAM_NEW_AUTHTOK_REQD: return "Authentication token is no longer valid; new one required."; case PAM_ACCT_EXPIRED: @@ -78,7 +78,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum) case PAM_TRY_AGAIN: return "Failed preliminary check by password service"; case PAM_IGNORE: - return "Please ignore underlying account module"; + return "The return value should be ignored by PAM dispatch"; case PAM_MODULE_UNKNOWN: return "Module is unknown"; case PAM_AUTHTOK_EXPIRED: diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index 433d2e11..bfd17753 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -125,9 +125,8 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) * of /etc/nologin */ - retval = pam_get_item(pamh, PAM_CONV, - (const void **)&conversation); - if ((retval == PAM_SUCCESS) && (conversation)) { + if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation) + == PAM_SUCCESS && conversation && conversation->conv) { (void) conversation->conv(1, (const struct pam_message **)&pmessage, &resp, conversation->appdata_ptr); |