Relevant BUGIDs: 129775

Purpose of commit: bugfix

Commit summary:
---------------
This bugfix leads to backwardly incompatable behavior with earlier
releases of Linux-PAM.

Note, this cleans up the setcred/session and chauthtok stacks in
such a way that it is no longer preferred that the setcred module
always return the same error code as the auth components of said
modules did.

This means behavior should be a great deal more sane. It also gives
meaning to the unique return codes that are available to pam_sm_setcred.
[I'm sure that when we add support for credential relevant events,
 this change will be critical.]

1 files changed, 5 insertions, 0 deletions

diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
index a22d66f6..b2065999 100644
--- a/libpam/pam_handlers.c
+++ b/libpam/pam_handlers.c
@@ -756,6 +756,8 @@ int _pam_add_handler(pam_handle_t *pamh
     (*handler_p)->must_fail = must_fail;        /* failure forced? */
     (*handler_p)->func = func;
     memcpy((*handler_p)->actions,actions,sizeof((*handler_p)->actions));
+    (*handler_p)->cached_retval = -1;                     /* error */
+    (*handler_p)->cached_retval_p = &((*handler_p)->cached_retval);
     (*handler_p)->argc = argc;
     (*handler_p)->argv = argv;                       /* not a copy */
     (*handler_p)->next = NULL;
@@ -775,6 +777,9 @@ int _pam_add_handler(pam_handle_t *pamh
 	(*handler_p2)->must_fail = must_fail;        /* failure forced? */
 	(*handler_p2)->func = func2;
 	memcpy((*handler_p2)->actions,actions,sizeof((*handler_p2)->actions));
+	(*handler_p2)->cached_retval = -1;            /* ignored */
+	/* Note, this next entry points to the handler_p value! */
+	(*handler_p2)->cached_retval_p = &((*handler_p)->cached_retval);
 	(*handler_p2)->argc = argc;
 	if (argv) {
 	    if (((*handler_p2)->argv = malloc(argvlen)) == NULL) {