1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
Patch to keep save_old_password() thread-safe when called by the PAM
module, since nothing blocks other threads from calling getpwnam in
parallel
Authors: Steve Langasek <vorlon@debian.org>
Upstream status: committed to CVS
Index: pam.deb/modules/pam_unix/passverify.c
===================================================================
--- pam.deb.orig/modules/pam_unix/passverify.c
+++ pam.deb/modules/pam_unix/passverify.c
@@ -535,9 +535,15 @@
}
#endif
+#ifdef HELPER_COMPILE
int
save_old_password(const char *forwho, const char *oldpass,
int howmany)
+#else
+int
+save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
+ int howmany)
+#endif
{
static char buf[16384];
static char nbuf[16384];
@@ -653,7 +659,7 @@
fclose(opwfile);
if (!found) {
- pwd = getpwnam(forwho);
+ pwd = pam_modutil_getpwnam(pamh, forwho);
if (pwd == NULL) {
err = 1;
} else {
Index: pam.deb/modules/pam_unix/passverify.h
===================================================================
--- pam.deb.orig/modules/pam_unix/passverify.h
+++ pam.deb/modules/pam_unix/passverify.h
@@ -33,9 +33,15 @@
void
unlock_pwdf(void);
+#ifdef HELPER_COMPILE
int
save_old_password(const char *forwho, const char *oldpass,
int howmany);
+#else
+int
+save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass,
+ int howmany);
+#endif
#ifdef HELPER_COMPILE
void
Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
+++ pam.deb/modules/pam_unix/pam_unix_passwd.c
@@ -378,7 +378,7 @@
return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember);
#endif
/* first, save old password */
- if (save_old_password(forwho, fromwhat, remember)) {
+ if (save_old_password(pamh, forwho, fromwhat, remember)) {
retval = PAM_AUTHTOK_ERR;
goto done;
}
|