Patch to keep save_old_password() thread-safe when called by the PAM module, since nothing blocks other threads from calling getpwnam in parallel Authors: Steve Langasek Upstream status: committed to CVS Index: pam.deb/modules/pam_unix/passverify.c =================================================================== --- pam.deb.orig/modules/pam_unix/passverify.c +++ pam.deb/modules/pam_unix/passverify.c @@ -535,9 +535,15 @@ } #endif +#ifdef HELPER_COMPILE int save_old_password(const char *forwho, const char *oldpass, int howmany) +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany) +#endif { static char buf[16384]; static char nbuf[16384]; @@ -653,7 +659,7 @@ fclose(opwfile); if (!found) { - pwd = getpwnam(forwho); + pwd = pam_modutil_getpwnam(pamh, forwho); if (pwd == NULL) { err = 1; } else { Index: pam.deb/modules/pam_unix/passverify.h =================================================================== --- pam.deb.orig/modules/pam_unix/passverify.h +++ pam.deb/modules/pam_unix/passverify.h @@ -33,9 +33,15 @@ void unlock_pwdf(void); +#ifdef HELPER_COMPILE int save_old_password(const char *forwho, const char *oldpass, int howmany); +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany); +#endif #ifdef HELPER_COMPILE void Index: pam.deb/modules/pam_unix/pam_unix_passwd.c =================================================================== --- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c +++ pam.deb/modules/pam_unix/pam_unix_passwd.c @@ -378,7 +378,7 @@ return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember); #endif /* first, save old password */ - if (save_old_password(forwho, fromwhat, remember)) { + if (save_old_password(pamh, forwho, fromwhat, remember)) { retval = PAM_AUTHTOK_ERR; goto done; }