path: root/debian/patches-applied/pam_unix_thread-safe_save_old_password.patch

Patch to keep save_old_password() thread-safe when called by the PAM
module, since nothing blocks other threads from calling getpwnam in
parallel

Authors: Steve Langasek <vorlon@debian.org>

Upstream status: committed to CVS

Index: pam.deb/modules/pam_unix/passverify.c
===================================================================
--- pam.deb.orig/modules/pam_unix/passverify.c
+++ pam.deb/modules/pam_unix/passverify.c
@@ -535,9 +535,15 @@
 }
 #endif
 
+#ifdef HELPER_COMPILE
 int
 save_old_password(const char *forwho, const char *oldpass,
 		  int howmany)
+#else
+int
+save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
+		  int howmany)
+#endif
 {
     static char buf[16384];
     static char nbuf[16384];
@@ -653,7 +659,7 @@
     fclose(opwfile);
 
     if (!found) {
-	pwd = getpwnam(forwho);
+	pwd = pam_modutil_getpwnam(pamh, forwho);
 	if (pwd == NULL) {
 	    err = 1;
 	} else {
Index: pam.deb/modules/pam_unix/passverify.h
===================================================================
--- pam.deb.orig/modules/pam_unix/passverify.h
+++ pam.deb/modules/pam_unix/passverify.h
@@ -33,9 +33,15 @@
 void
 unlock_pwdf(void);
 
+#ifdef HELPER_COMPILE
 int
 save_old_password(const char *forwho, const char *oldpass,
 		  int howmany);
+#else
+int
+save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
+		  int howmany);
+#endif
 
 #ifdef HELPER_COMPILE
 void
Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
+++ pam.deb/modules/pam_unix/pam_unix_passwd.c
@@ -378,7 +378,7 @@
 			  return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember);
 #endif
 		/* first, save old password */
-		if (save_old_password(forwho, fromwhat, remember)) {
+		if (save_old_password(pamh, forwho, fromwhat, remember)) {
 			retval = PAM_AUTHTOK_ERR;
 			goto done;
 		}