From 7e0abd7e80ba3bb7acb5e1436216c90bed8edcd2 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Thu, 3 Aug 2000 19:03:52 +0000 Subject: Relevant BUGIDs: 111035 Purpose of commit: bugfix to pam_unix_auth Commit summary: --------------- Fix for 'likeauth' handling in the pam_unix_auth module. If pam_setcred needs to return the same value as returned by pam_authenticate, malloc() space for this return value and pass its address to pam_set_data(). Also, changes pam_sm_setcred() so that it reads this value properly. --- modules/pam_unix/pam_unix_auth.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'modules/pam_unix/pam_unix_auth.c') diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 3c301df0..a16118d6 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -85,11 +85,12 @@ #define AUTH_RETURN \ { \ - if (on(UNIX_LIKE_AUTH, ctrl)) { \ + if (on(UNIX_LIKE_AUTH, ctrl) && ret_data) { \ D(("recording return code for next time [%d]", \ retval)); \ + *ret_data = retval; \ pam_set_data(pamh, "unix_setcred_return", \ - (void *) &retval, NULL); \ + (void *) ret_data, NULL); \ } \ D(("done. [%s]", pam_strerror(pamh, retval))); \ return retval; \ @@ -99,13 +100,17 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags ,int argc, const char **argv) { unsigned int ctrl; - int retval; + int retval, *ret_data = NULL; const char *name, *p; D(("called.")); ctrl = _set_ctrl(flags, NULL, argc, argv); + /* Get a few bytes so we can pass our return value to + pam_sm_setcred(). */ + ret_data = malloc(sizeof(int)); + /* get the user'name' */ retval = pam_get_user(pamh, &name, "login: "); @@ -197,12 +202,16 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags retval = PAM_SUCCESS; if (on(UNIX_LIKE_AUTH, ctrl)) { - int *pretval = &retval; + int *pretval = NULL; D(("recovering return code from auth call")); pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval); pam_set_data(pamh, "unix_setcred_return", NULL, NULL); - D(("recovered data indicates that old retval was %d", retval)); + if(pretval) { + retval = *pretval; + free(pretval); + D(("recovered data indicates that old retval was %d", retval)); + } } return retval; } -- cgit v1.2.3