From 1814aec611a5f9e03eceee81237ad3a3f51c954a Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 26 Oct 2011 23:56:54 +0000 Subject: Fix whitespace issues Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD --- modules/pam_unix/pam_unix_passwd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 631df318..6ba2c2e6 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -212,7 +212,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { if (i != STDIN_FILENO) - close(i); + close(i); } } @@ -262,7 +262,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const } else { D(("fork failed")); close(fds[0]); - close(fds[1]); + close(fds[1]); retval = PAM_AUTH_ERR; } -- cgit v1.2.3 From 0baf28fa03dfa46482e13390fd9a7545c30ccd7f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 3 Jan 2012 12:30:43 +0100 Subject: Fix matching of usernames in the pam_unix remember feature. * modules/pam_unix/pam_unix_passwd.c (check_old_password): Make sure we match only the whole username in opasswd entry. * modules/pam_unix/passverify.c (save_old_password): Likewise make sure we match only the whole username in opasswd entry. --- modules/pam_unix/pam_unix_passwd.c | 4 +++- modules/pam_unix/passverify.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 6ba2c2e6..498a81c6 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -280,13 +280,15 @@ static int check_old_password(const char *forwho, const char *newpass) char *s_luser, *s_uid, *s_npas, *s_pas; int retval = PAM_SUCCESS; FILE *opwfile; + size_t len = strlen(forwho); opwfile = fopen(OLD_PASSWORDS_FILE, "r"); if (opwfile == NULL) return PAM_ABORT; while (fgets(buf, 16380, opwfile)) { - if (!strncmp(buf, forwho, strlen(forwho))) { + if (!strncmp(buf, forwho, len) && (buf[len] == ':' || + buf[len] == ',')) { char *sptr; buf[strlen(buf) - 1] = '\0'; s_luser = strtok_r(buf, ":,", &sptr); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 089f4b83..52899552 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -562,6 +562,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, int found = 0; struct passwd *pwd = NULL; struct stat st; + size_t len = strlen(forwho); #ifdef WITH_SELINUX security_context_t prev_context=NULL; #endif @@ -629,7 +630,7 @@ save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, } while (fgets(buf, 16380, opwfile)) { - if (!strncmp(buf, forwho, strlen(forwho))) { + if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) { char *sptr = NULL; found = 1; if (howmany == 0) -- cgit v1.2.3 From 3c69856acf9af74368b789b1ed867b433db0ed02 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 3 Feb 2012 00:13:44 +0000 Subject: pam_unix: make configuration consistent in --enable-static-modules mode In --enable-static-modules mode, it was not possible to use "pam_unix" in PAM config files. Instead, different names had to be used for each management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and pam_unix_session. This change makes pam_unix configuration consistent with other PAM modules. * README: Remove the paragraph describing pam_unix distinctions in --enable-static-modules mode. * libpam/pam_static_modules.h (_pam_unix_acct_modstruct, _pam_unix_auth_modstruct, _pam_unix_passwd_modstruct, _pam_unix_session_modstruct): Remove. (_pam_unix_modstruct): New pam_module declaration. * modules/pam_unix/pam_unix_static.h: New file. * modules/pam_unix/pam_unix_static.c: Likewise. * modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h (pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c * modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_acct_modstruct): Remove. * modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_auth_modstruct): Remove. * modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_passwd_modstruct): Remove. * modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_session_modstruct): Remove. Suggested-by: Matveychikov Ilya --- README | 4 ---- libpam/pam_static_modules.h | 10 ++-------- modules/pam_unix/Makefile.am | 6 +++++- modules/pam_unix/pam_unix_acct.c | 24 +++++++----------------- modules/pam_unix/pam_unix_auth.c | 25 ++++++++----------------- modules/pam_unix/pam_unix_passwd.c | 25 +++++++------------------ modules/pam_unix/pam_unix_sess.c | 27 +++++++++------------------ modules/pam_unix/pam_unix_static.c | 23 +++++++++++++++++++++++ modules/pam_unix/pam_unix_static.h | 6 ++++++ 9 files changed, 67 insertions(+), 83 deletions(-) create mode 100644 modules/pam_unix/pam_unix_static.c create mode 100644 modules/pam_unix/pam_unix_static.h (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/README b/README index 81159140..994dd95a 100644 --- a/README +++ b/README @@ -52,10 +52,6 @@ build a static libpam including all PAM modules, you have to call: ./configure --enable-static-modules --disable-pie -In this case you cannot use pam_unix in the PAM config files instead you -have to use pam_unix_acct, pam_unix_auth, pam_unix_passwd and -pam_unix_session. - To run the build checks with static modules, you need to run the following command: make -C test check && make check diff --git a/libpam/pam_static_modules.h b/libpam/pam_static_modules.h index b1739ed1..698989bd 100644 --- a/libpam/pam_static_modules.h +++ b/libpam/pam_static_modules.h @@ -80,10 +80,7 @@ extern struct pam_module _pam_timestamp_modstruct; extern struct pam_module _pam_tty_audit_modstruct; #endif extern struct pam_module _pam_umask_modstruct; -extern struct pam_module _pam_unix_acct_modstruct; -extern struct pam_module _pam_unix_auth_modstruct; -extern struct pam_module _pam_unix_passwd_modstruct; -extern struct pam_module _pam_unix_session_modstruct; +extern struct pam_module _pam_unix_modstruct; extern struct pam_module _pam_userdb_modstruct; extern struct pam_module _pam_warn_modstruct; extern struct pam_module _pam_wheel_modstruct; @@ -142,10 +139,7 @@ static struct pam_module *static_modules[] = { &_pam_tty_audit_modstruct, #endif &_pam_umask_modstruct, - &_pam_unix_acct_modstruct, - &_pam_unix_auth_modstruct, - &_pam_unix_passwd_modstruct, - &_pam_unix_session_modstruct, + &_pam_unix_modstruct, &_pam_userdb_modstruct, &_pam_warn_modstruct, &_pam_wheel_modstruct, diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am index ab0d55ac..56ed5916 100644 --- a/modules/pam_unix/Makefile.am +++ b/modules/pam_unix/Makefile.am @@ -34,7 +34,8 @@ pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ securelib_LTLIBRARIES = pam_unix.la -noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h +noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ + pam_unix_static.h sbin_PROGRAMS = unix_chkpwd unix_update @@ -43,6 +44,9 @@ noinst_PROGRAMS = bigcrypt pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c +if STATIC_MODULES +pam_unix_la_SOURCES += pam_unix_static.c +endif bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c bigcrypt_CFLAGS = $(AM_CFLAGS) diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 2731b8bc..8e90cc9a 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -52,7 +52,11 @@ /* indicate that the following groups are defined */ -#define PAM_SM_ACCOUNT +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_ACCOUNT +#endif #include #include @@ -178,8 +182,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, * account management module. */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; const void *void_uname; @@ -291,17 +295,3 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, return retval; } - - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_unix_acct_modstruct = { - "pam_unix_acct", - NULL, - NULL, - pam_sm_acct_mgmt, - NULL, - NULL, - NULL, -}; -#endif diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 1379d96c..44573e6c 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -50,7 +50,11 @@ /* indicate the following groups are defined */ -#define PAM_SM_AUTH +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_AUTH +#endif #define _PAM_EXTERN_FUNCTIONS #include @@ -98,9 +102,8 @@ setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) free (ptr); } - -PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags - ,int argc, const char **argv) +int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; int retval, *ret_data = NULL; @@ -190,7 +193,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags * warned you. -- AOY */ -PAM_EXTERN int +int pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { @@ -213,15 +216,3 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, return retval; } - -#ifdef PAM_STATIC -struct pam_module _pam_unix_auth_modstruct = { - "pam_unix_auth", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, -}; -#endif diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 498a81c6..e9059d3c 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -63,7 +63,11 @@ /* indicate the following groups are defined */ -#define PAM_SM_PASSWORD +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_PASSWORD +#endif #include #include @@ -523,9 +527,8 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh return retval; } - -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl, lctrl; int retval; @@ -823,17 +826,3 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, return retval; } - - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_unix_passwd_modstruct = { - "pam_unix_passwd", - NULL, - NULL, - NULL, - NULL, - NULL, - pam_sm_chauthtok, -}; -#endif diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c index 72046ea0..d1376732 100644 --- a/modules/pam_unix/pam_unix_sess.c +++ b/modules/pam_unix/pam_unix_sess.c @@ -49,7 +49,11 @@ /* indicate the following groups are defined */ -#define PAM_SM_SESSION +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_SESSION +#endif #include #include @@ -63,8 +67,8 @@ * session module. */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *user_name, *service; unsigned int ctrl; @@ -98,8 +102,8 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, return PAM_SUCCESS; } -PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, - int argc, const char **argv) +int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { char *user_name, *service; unsigned int ctrl; @@ -127,16 +131,3 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, return PAM_SUCCESS; } - -/* static module data */ -#ifdef PAM_STATIC -struct pam_module _pam_unix_session_modstruct = { - "pam_unix_session", - NULL, - NULL, - NULL, - pam_sm_open_session, - pam_sm_close_session, - NULL, -}; -#endif diff --git a/modules/pam_unix/pam_unix_static.c b/modules/pam_unix/pam_unix_static.c new file mode 100644 index 00000000..160268c9 --- /dev/null +++ b/modules/pam_unix/pam_unix_static.c @@ -0,0 +1,23 @@ +#include "config.h" + +#ifdef PAM_STATIC + +#define static extern +#define PAM_SM_ACCOUNT +#define PAM_SM_AUTH +#define PAM_SM_PASSWORD +#define PAM_SM_SESSION +#include "pam_unix_static.h" +#include + +struct pam_module _pam_unix_modstruct = { + "pam_unix", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + pam_sm_open_session, + pam_sm_close_session, + pam_sm_chauthtok, +}; + +#endif diff --git a/modules/pam_unix/pam_unix_static.h b/modules/pam_unix/pam_unix_static.h new file mode 100644 index 00000000..39b05efe --- /dev/null +++ b/modules/pam_unix/pam_unix_static.h @@ -0,0 +1,6 @@ +#define pam_sm_acct_mgmt _pam_unix_sm_acct_mgmt +#define pam_sm_authenticate _pam_unix_sm_authenticate +#define pam_sm_setcred _pam_unix_sm_setcred +#define pam_sm_chauthtok _pam_unix_sm_chauthtok +#define pam_sm_open_session _pam_unix_sm_open_session +#define pam_sm_close_session _pam_unix_sm_close_session -- cgit v1.2.3 From 1329c68b19daa6d5793dd672db73ebe85465eea9 Mon Sep 17 00:00:00 2001 From: Paul Wouters Date: Wed, 11 Apr 2012 21:13:14 +0200 Subject: Check for crypt() failure returning NULL. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message. * modules/pam_unix/passverify.c (create_password_hash): Check for crypt() returning NULL. --- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/passverify.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index e9059d3c..9e1302d5 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -800,7 +800,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) tpass = create_password_hash(pamh, pass_new, ctrl, rounds); if (tpass == NULL) { pam_syslog(pamh, LOG_CRIT, - "out of memory for password"); + "crypt() failure or out of memory for password"); pass_new = pass_old = NULL; /* tidy up */ unlock_pwdf(); return PAM_BUF_ERR; diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 52899552..4840bb2d 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -424,7 +424,7 @@ PAMH_ARG_DECL(char * create_password_hash, } #endif sp = crypt(password, salt); - if (strncmp(algoid, sp, strlen(algoid)) != 0) { + if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { /* libxcrypt/libc doesn't know the algorithm, use MD5 */ pam_syslog(pamh, LOG_ERR, "Algo %s not supported by the crypto backend, " @@ -432,7 +432,9 @@ PAMH_ARG_DECL(char * create_password_hash, on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : on(UNIX_SHA256_PASS, ctrl) ? "sha256" : on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); - memset(sp, '\0', strlen(sp)); + if(sp) { + memset(sp, '\0', strlen(sp)); + } return crypt_md5_wrapper(password); } -- cgit v1.2.3 From 0603b28023ebe44151466bfb33c60687922e0b0b Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 10 Oct 2012 18:13:07 +0000 Subject: pam_unix: fix build in --enable-selinux mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit glibc's starting with commit http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467 does not include for POSIX 2008 conformance reasons, so when pam is being built with SELinux support enabled, pam_unix_passwd.c uses getrlimit(2) and therefore should include without relying on other headers. * modules/pam_unix/pam_unix_passwd.c: Include . Reported-by: Guido Trentalancia Reported-by: "Jory A. Pratt" Reported-by: Diego Elio Pettenò --- modules/pam_unix/pam_unix_passwd.c | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9e1302d5..94bc3ec8 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -58,6 +58,7 @@ #include #include #include +#include #include -- cgit v1.2.3 From a9ac7fd64000712fdedd4c38b408ffebd2988156 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 29 Aug 2013 14:09:39 +0200 Subject: Restart waitpid if it returns with EINTR (ticket #17) * modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/support.c: Likewise. --- modules/pam_unix/pam_unix_acct.c | 3 ++- modules/pam_unix/pam_unix_passwd.c | 3 ++- modules/pam_unix/support.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 4a362f88..7f8250ca 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -142,7 +142,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, if (child > 0) { char buf[32]; int rc=0; - rc=waitpid(child, &retval, 0); /* wait for helper to complete */ + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc); retval = PAM_AUTH_ERR; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 94bc3ec8..9bc1cd9e 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -254,7 +254,8 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); - rc=waitpid(child, &retval, 0); /* wait for helper to complete */ + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); retval = PAM_AUTHTOK_ERR; diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index f36786e4..d8f4a6f7 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -621,7 +621,8 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, } close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); - rc=waitpid(child, &retval, 0); /* wait for helper to complete */ + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_chkpwd waitpid returned %d: %m", rc); retval = PAM_AUTH_ERR; -- cgit v1.2.3 From 7f9aa8388f19012b6b11b0077422ee0c7a8cb286 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 13 Sep 2013 14:04:08 +0200 Subject: Add missing ')' modules/pam_unix/pam_unix_passwd.c: Add missing ')'.. --- modules/pam_unix/pam_unix_passwd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9bc1cd9e..9aae3b03 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); /* wait for helper to complete: */ - while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); if (rc<0) { pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); retval = PAM_AUTHTOK_ERR; -- cgit v1.2.3