diff options
Diffstat (limited to 'modules/pam_unix')
| -rw-r--r-- | modules/pam_unix/support.c | 18 | ||||
| -rw-r--r-- | modules/pam_unix/support.h | 4 |
2 files changed, 21 insertions, 1 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 5998c7db..98536d21 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -16,6 +16,7 @@ #include <limits.h> #include <utmp.h> #include <errno.h> +#include <signal.h> #include <security/_pam_macros.h> #include <security/pam_modules.h> @@ -434,6 +435,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsigned int ctrl, const char *user) { int retval, child, fds[2]; + void (*sighandler)(int) = NULL; D(("called.")); /* create a pipe for the password */ @@ -442,6 +444,18 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, return PAM_AUTH_ERR; } + if (off(UNIX_NOREAP, ctrl)) { + /* + * This code arranges that the demise of the child does not cause + * the application to receive a signal it is not expecting - which + * may kill the application or worse. + * + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ + sighandler = signal(SIGCHLD, SIG_IGN); + } + /* fork */ child = fork(); if (child == 0) { @@ -486,6 +500,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, retval = PAM_AUTH_ERR; } + if (sighandler != NULL) { + (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + } + D(("returning %d", retval)); return retval; } diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 0b6b6e04..755d1c9f 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -80,8 +80,9 @@ typedef struct { #define UNIX_BIGCRYPT 18 /* use DEC-C2 crypt()^x function */ #define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */ #define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */ +#define UNIX_NOREAP 21 /* don't reap child process */ /* -------------- */ -#define UNIX_CTRLS_ 21 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 22 /* number of ctrl arguments defined */ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = @@ -110,6 +111,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(020000), 0400000}, /* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, /* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) |