From e359d4ad55858b6440f5077d632f14249137add4 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 8 Apr 2008 07:01:41 +0000 Subject: Relevant BUGIDs: Purpose of commit: cleanup Commit summary: --------------- 2008-04-08 Tomas Mraz * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple calls to sysconf() (based on patch by Sami Farin). --- modules/pam_xauth/pam_xauth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules/pam_xauth/pam_xauth.c') diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 1135d4b7..36f30708 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -118,6 +118,7 @@ run_coprocess(const char *input, char **output, size_t j; char *args[10]; const char *tmp; + int maxopened; /* Drop privileges. */ setgid(gid); setgroups(0, NULL); @@ -129,7 +130,8 @@ run_coprocess(const char *input, char **output, * descriptors. */ dup2(ipipe[0], STDIN_FILENO); dup2(opipe[1], STDOUT_FILENO); - for (i = 0; i < sysconf(_SC_OPEN_MAX); i++) { + maxopened = (int)sysconf(_SC_OPEN_MAX); + for (i = 0; i < maxopened; i++) { if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { close(i); } -- cgit v1.2.3 From dade683fe1334eccfae157517fa4f8b9a77d36cb Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 19 Nov 2008 14:24:47 +0000 Subject: Relevant BUGIDs: Purpose of commit: missing part of new feature Commit summary: --------------- 2008-11-19 Thorsten Kukuk * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish implementation of type=STRING option. * modules/pam_pwhistory/pam_pwhistory.8.xml: Document "type=STRING" option. --- ChangeLog | 8 ++ m4/.cvsignore | 5 +- modules/pam_env/pam_env.c | 150 +++++++++++++++++------------- modules/pam_pwhistory/pam_pwhistory.8.xml | 18 ++++ modules/pam_pwhistory/pam_pwhistory.c | 13 ++- modules/pam_xauth/pam_xauth.c | 25 ++++- 6 files changed, 148 insertions(+), 71 deletions(-) (limited to 'modules/pam_xauth/pam_xauth.c') diff --git a/ChangeLog b/ChangeLog index 5ec48126..37c1d3fc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-11-19 Thorsten Kukuk + + * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish + implementation of type=STRING option. + + * modules/pam_pwhistory/pam_pwhistory.8.xml: Document + "type=STRING" option. + 2008-10-27 Thorsten Kukuk * doc/man/pam_setcred.3.xml: Document when credentials diff --git a/m4/.cvsignore b/m4/.cvsignore index d0c91f13..0f592bac 100644 --- a/m4/.cvsignore +++ b/m4/.cvsignore @@ -8,4 +8,7 @@ libtool.m4 nls.m4 po.m4 progtest.m4 - +ltoptions.m4 +ltsugar.m4 +ltversion.m4 +lt~obsolete.m4 diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 80a20cd6..4d81f1c4 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -11,6 +11,9 @@ #define DEFAULT_ETC_ENVFILE "/etc/environment" #define DEFAULT_READ_ENVFILE 1 +#define DEFAULT_USER_ENVFILE ".environment" +#define DEFAULT_USER_READ_ENVFILE 1 + #include "config.h" #include @@ -75,16 +78,19 @@ static char quote='Z'; /* argument parsing */ #define PAM_DEBUG_ARG 0x01 -#define PAM_NEW_CONF_FILE 0x02 -#define PAM_ENV_SILENT 0x04 -#define PAM_NEW_ENV_FILE 0x10 static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, - const char **conffile, const char **envfile, int *readenv) + char **conffile, char **envfile, int *readenv, + char **user_envfile, int *user_readenv) { int ctrl=0; + *user_envfile = strdup (DEFAULT_USER_ENVFILE); + *envfile = strdup (DEFAULT_ETC_ENVFILE); + *readenv = DEFAULT_READ_ENVFILE; + *user_readenv = DEFAULT_USER_READ_ENVFILE; + *conffile = strdup (DEFAULT_CONF_FILE); /* step through arguments */ for (; argc-- > 0; ++argv) { @@ -94,49 +100,54 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else if (!strncmp(*argv,"conffile=",9)) { - *conffile = 9 + *argv; - if (**conffile != '\0') { - D(("new Configuration File: %s", *conffile)); - ctrl |= PAM_NEW_CONF_FILE; - } else { - pam_syslog(pamh, LOG_ERR, - "conffile= specification missing argument - ignored"); - } + if (*argv+9 == '\0') { + pam_syslog(pamh, LOG_ERR, + "conffile= specification missing argument - ignored"); + } else { + free(*conffile); + *conffile = x_strdup(9+*argv); + D(("new Configuration File: %s", *conffile)); + } } else if (!strncmp(*argv,"envfile=",8)) { - *envfile = 8 + *argv; - if (**envfile != '\0') { - D(("new Env File: %s", *envfile)); - ctrl |= PAM_NEW_ENV_FILE; - } else { - pam_syslog (pamh, LOG_ERR, - "envfile= specification missing argument - ignored"); - } + if (*argv+8 == '\0') { + pam_syslog (pamh, LOG_ERR, + "envfile= specification missing argument - ignored"); + } else { + free(*envfile); + *envfile = x_strdup(8+*argv); + D(("new Env File: %s", *envfile)); + } + } else if (!strncmp(*argv,"user_envfile=",13)) { + if (*argv+13 == '\0') { + pam_syslog (pamh, LOG_ERR, + "user_envfile= specification missing argument - ignored"); + } else { + free(*user_envfile); + *user_envfile = x_strdup(13+*argv); + D(("new User Env File: %s", *user_env_file)); + } } else if (!strncmp(*argv,"readenv=",8)) - *readenv = atoi(8+*argv); + *readenv = atoi(8+*argv); + else if (!strncmp(*argv,"user_readenv=",13)) + *user_readenv = atoi(13+*argv); else - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } return ctrl; } static int -_parse_config_file(pam_handle_t *pamh, int ctrl, const char *conffile) +_parse_config_file(pam_handle_t *pamh, char *file) { int retval; - const char *file; char buffer[BUF_SIZE]; FILE *conf; VAR Var, *var=&Var; - var->name=NULL; var->defval=NULL; var->override=NULL; D(("Called.")); - if (ctrl & PAM_NEW_CONF_FILE) { - file = conffile; - } else { - file = DEFAULT_CONF_FILE; - } + var->name=NULL; var->defval=NULL; var->override=NULL; D(("Config file name is: %s", file)); @@ -184,18 +195,12 @@ _parse_config_file(pam_handle_t *pamh, int ctrl, const char *conffile) } static int -_parse_env_file(pam_handle_t *pamh, int ctrl, const char *env_file) +_parse_env_file(pam_handle_t *pamh, char *file) { int retval=PAM_SUCCESS, i, t; - const char *file; char buffer[BUF_SIZE], *key, *mark; FILE *conf; - if (ctrl & PAM_NEW_ENV_FILE) - file = env_file; - else - file = DEFAULT_ETC_ENVFILE; - D(("Env file name is: %s", file)); if ((conf = fopen(file,"r")) == NULL) { @@ -702,7 +707,7 @@ static int _define_var(pam_handle_t *pamh, VAR *var) pam_syslog(pamh, LOG_ERR, "out of memory"); return PAM_BUF_ERR; } - + retval = pam_putenv(pamh, envvar); _pam_drop(envvar); D(("Exit.")); @@ -751,24 +756,60 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; - const char *conf_file = NULL, *env_file = NULL; + int user_readenv = DEFAULT_USER_READ_ENVFILE; + char *conf_file = NULL, *env_file = NULL, *user_env_file = NULL; + /* * this module sets environment variables read in from a file */ D(("Called.")); - ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv); + ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, + &readenv, &user_env_file, &user_readenv); - retval = _parse_config_file(pamh, ctrl, conf_file); + retval = _parse_config_file(pamh, conf_file); if(readenv && retval == PAM_SUCCESS) { - retval = _parse_env_file(pamh, ctrl, env_file); + retval = _parse_env_file(pamh, env_file); if (retval == PAM_IGNORE) retval = PAM_SUCCESS; } + if(user_readenv && retval == PAM_SUCCESS) { + char *envpath = NULL; + struct passwd *user_entry; + const char *username; + struct stat statbuf; + + username = _pam_get_item_byname(pamh, "PAM_USER"); + + user_entry = getpwnam(username); + if (!user_entry) { + pam_syslog(pamh, LOG_ERR, "No such user!?"); + } + else { + if (asprintf(&envpath, "%s/%s", user_entry->pw_dir, user_env_file) < 0) + { + pam_syslog(pamh, LOG_ERR, "Out of memory"); + free (conf_file); + free (env_file); + free (user_env_file); + return PAM_BUF_ERR; + } + if (stat(envpath, &statbuf) == 0) { + retval = _parse_config_file(pamh, envpath); + if (retval == PAM_IGNORE) + retval = PAM_SUCCESS; + } + free(envpath); + } + } + /* indicate success or failure */ + free (conf_file); + free (env_file); + free (user_env_file); D(("Exit.")); return retval; @@ -786,28 +827,9 @@ PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; - const char *conf_file = NULL, *env_file = NULL; - - /* - * this module sets environment variables read in from a file - */ - - D(("Called.")); - ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv); - - retval = _parse_config_file(pamh, ctrl, conf_file); - - if(readenv && retval == PAM_SUCCESS) { - retval = _parse_env_file(pamh, ctrl, env_file); - if (retval == PAM_IGNORE) - retval = PAM_SUCCESS; - } - - /* indicate success or failure */ - - D(("Exit.")); - return retval; + /* Function was identical to pam_sm_setcred, so call it instead */ + D(("Called -- calling pam_sm_setcred instead...")); + return pam_sm_setcred(pamh, flags, argc, argv); } PAM_EXTERN int diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml index 26d6bd15..f8c152ad 100644 --- a/modules/pam_pwhistory/pam_pwhistory.8.xml +++ b/modules/pam_pwhistory/pam_pwhistory.8.xml @@ -33,6 +33,9 @@ retry=N + + type=STRING + @@ -119,6 +122,21 @@ + + + + + + + The default action is for the module to use the + following prompts when requesting passwords: + "New UNIX password: " and "Retype UNIX password: ". + The default word UNIX can + be replaced with this option. + + + + diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index d3cce728..424be38e 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -58,7 +58,9 @@ #include "opasswd.h" +/* For Translators: "%s%s" could be replaced with " " or "". */ #define NEW_PASSWORD_PROMPT _("New %s%spassword: ") +/* For Translators: "%s%s" could be replaced with " " or "". */ #define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ") #define MISTYPED_PASSWORD _("Sorry, passwords do not match.") @@ -70,6 +72,7 @@ struct options_t { int enforce_for_root; int remember; int tries; + const char *prompt_type; }; typedef struct options_t options_t; @@ -101,6 +104,8 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) } else if (strcasecmp (argv, "enforce_for_root") == 0) options->enforce_for_root = 1; + else if (strncasecmp (argv, "type=", 5) == 0) + options->prompt_type = &argv[5]; else pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); } @@ -121,6 +126,7 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) /* Set some default values, which could be overwritten later. */ options.remember = 10; options.tries = 1; + options.prompt_type = "UNIX"; /* Parse parameters for module */ for ( ; argc-- > 0; argv++) @@ -209,7 +215,8 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) while ((newpass == NULL) && (tries++ < options.tries)) { retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass, - NEW_PASSWORD_PROMPT, "UNIX", " "); + NEW_PASSWORD_PROMPT, options.prompt_type, + strlen (options.prompt_type) > 0?" ":""); if (retval != PAM_SUCCESS) { _pam_drop (newpass); @@ -249,7 +256,9 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) char *new2; retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2, - AGAIN_PASSWORD_PROMPT, "UNIX", " "); + AGAIN_PASSWORD_PROMPT, + options.prompt_type, + strlen (options.prompt_type) > 0?" ":""); if (retval != PAM_SUCCESS) return retval; diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 36f30708..518c015a 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -280,7 +280,7 @@ check_acl(pam_handle_t *pamh, return noent_code; default: if (debug) { - pam_syslog(pamh, LOG_ERR, + pam_syslog(pamh, LOG_DEBUG, "error opening %s: %m", path); } return PAM_PERM_DENIED; @@ -293,7 +293,8 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { char *cookiefile = NULL, *xauthority = NULL, - *cookie = NULL, *display = NULL, *tmp = NULL; + *cookie = NULL, *display = NULL, *tmp = NULL, + *xauthlocalhostname = NULL; const char *user, *xauth = NULL; struct passwd *tpwd, *rpwd; int fd, i, debug = 0; @@ -588,14 +589,30 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, if (asprintf(&d, "DISPLAY=%s", display) < 0) { - pam_syslog(pamh, LOG_DEBUG, "out of memory"); + pam_syslog(pamh, LOG_ERR, "out of memory"); cookiefile = NULL; retval = PAM_SESSION_ERR; goto cleanup; } if (pam_putenv (pamh, d) != PAM_SUCCESS) - pam_syslog (pamh, LOG_DEBUG, + pam_syslog (pamh, LOG_ERR, + "can't set environment variable '%s'", d); + free (d); + } + + /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */ + if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) { + char *d; + + if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) { + pam_syslog(pamh, LOG_ERR, "out of memory"); + retval = PAM_SESSION_ERR; + goto cleanup; + } + + if (pam_putenv (pamh, d) != PAM_SUCCESS) + pam_syslog (pamh, LOG_ERR, "can't set environment variable '%s'", d); free (d); } -- cgit v1.2.3 From 8575828fae141d5f918fca7f123cc96f6793ac11 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 3 Apr 2009 00:36:22 +0000 Subject: Relevant BUGIDs: Purpose of commit: bugfix Commit summary: --------------- 2009-04-03 Dmitry V. Levin * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3) in child process with call to _exit(2). * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to exit(3) in child process with calls to _exit(2). * modules/pam_filter/pam_filter.c (set_filter): Likewise. * modules/pam_namespace/pam_namespace.c (inst_init, cleanup_tmpdirs): Likewise. --- ChangeLog | 17 +++++++++++++++++ libpamc/pamc_load.c | 2 +- modules/pam_exec/pam_exec.c | 35 +++++++++++++++-------------------- modules/pam_filter/pam_filter.c | 5 +++-- modules/pam_mkhomedir/pam_mkhomedir.c | 2 +- modules/pam_namespace/pam_namespace.c | 10 +++++----- modules/pam_unix/pam_unix_acct.c | 3 ++- modules/pam_unix/pam_unix_passwd.c | 2 +- modules/pam_unix/support.c | 2 +- modules/pam_xauth/pam_xauth.c | 2 +- 10 files changed, 47 insertions(+), 33 deletions(-) (limited to 'modules/pam_xauth/pam_xauth.c') diff --git a/ChangeLog b/ChangeLog index b7667616..ad9f630e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +2009-04-03 Dmitry V. Levin + + * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3) + in child process with call to _exit(2). + * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. + * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): + Likewise. + * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): + Likewise. + * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. + * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. + * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to + exit(3) in child process with calls to _exit(2). + * modules/pam_filter/pam_filter.c (set_filter): Likewise. + * modules/pam_namespace/pam_namespace.c (inst_init, + cleanup_tmpdirs): Likewise. + 2009-03-27 Thorsten Kukuk * modules/pam_unix/support.c (_unix_run_helper_binary): Don't diff --git a/libpamc/pamc_load.c b/libpamc/pamc_load.c index b3c0b5d5..dbbfbd59 100644 --- a/libpamc/pamc_load.c +++ b/libpamc/pamc_load.c @@ -121,7 +121,7 @@ static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent) execle(full_path, "pam-agent", NULL, NULL); D(("exec failed")); - exit(1); + _exit(1); } diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 47e1d5bb..7b2e402c 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -252,7 +252,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "dup2 of STDIN failed: %m"); - exit (err); + _exit (err); } for (i = 0; i < sysconf (_SC_OPEN_MAX); i++) @@ -271,7 +271,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); - exit (err); + _exit (err); } } @@ -287,7 +287,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, int err = errno; pam_syslog (pamh, LOG_ERR, "open of %s failed: %m", logfile); - exit (err); + _exit (err); } if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0) { @@ -302,7 +302,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); - exit (err); + _exit (err); } } @@ -310,7 +310,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { int err = errno; pam_syslog (pamh, LOG_ERR, "dup failed: %m"); - exit (err); + _exit (err); } if (call_setuid) @@ -319,19 +319,19 @@ call_exec (const char *pam_type, pam_handle_t *pamh, int err = errno; pam_syslog (pamh, LOG_ERR, "setuid(%lu) failed: %m", (unsigned long) geteuid ()); - exit (err); + _exit (err); } if (setsid () == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "setsid failed: %m"); - exit (err); + _exit (err); } arggv = calloc (argc + 4, sizeof (char *)); if (arggv == NULL) - exit (ENOMEM); + _exit (ENOMEM); for (i = 0; i < (argc - optargc); i++) arggv[i] = strdup(argv[i+optargc]); @@ -351,7 +351,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { free(envlist); pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m"); - exit (ENOMEM); + _exit (ENOMEM); } envlist = tmp; for (i = 0; i < nitems; ++i) @@ -364,7 +364,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { free(envlist); pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); - exit (ENOMEM); + _exit (ENOMEM); } envlist[envlen++] = envstr; envlist[envlen] = NULL; @@ -374,7 +374,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, { free(envlist); pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); - exit (ENOMEM); + _exit (ENOMEM); } envlist[envlen++] = envstr; envlist[envlen] = NULL; @@ -382,16 +382,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh, if (debug) pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]); - if (execve (arggv[0], arggv, envlist) == -1) - { - int err = errno; - pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", - arggv[0]); - free(envlist); - exit (err); - } + execve (arggv[0], arggv, envlist); + i = errno; + pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", arggv[0]); free(envlist); - exit (1); /* should never be reached. */ + _exit (i); } return PAM_SYSTEM_ERR; /* will never be reached. */ } diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 6b821efc..2f290fd5 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -468,7 +468,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, pam_syslog(pamh, LOG_WARNING, "unable to re-assign APPIN/OUT/ERR: %m"); close(fd[0]); - exit(1); + _exit(1); } /* make sure that file descriptors survive 'exec's */ @@ -481,7 +481,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, close(APPIN_FILENO); close(APPOUT_FILENO); close(APPERR_FILENO); - exit(1); + _exit(1); } /* now the user input is read from the parent through filter */ @@ -491,6 +491,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, /* getting to here is an error */ pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername); + _exit(1); } else { /* wait for either of the two children to exit */ diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index b81708f2..dfc4979e 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -154,7 +154,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, /* should not get here: exit with error */ D(("helper binary is not available")); - exit(PAM_SYSTEM_ERR); + _exit(PAM_SYSTEM_ERR); } else if (child > 0) { int rc; while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 7d668d9e..f6219271 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1184,12 +1184,12 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { if (setexeccon(NULL) < 0) - exit(1); + _exit(1); } #endif if (execl(init_script, init_script, polyptr->dir, ipath, newdir?"1":"0", idata->user, (char *)NULL) < 0) - exit(1); + _exit(1); } else if (pid > 0) { while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && (errno == EINTR)); @@ -1611,16 +1611,16 @@ static int cleanup_tmpdirs(struct instance_data *idata) #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { if (setexeccon(NULL) < 0) - exit(1); + _exit(1); } #endif if (execl("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, (char *)NULL) < 0) - exit(1); + _exit(1); } else if (pid > 0) { while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && (errno == EINTR)); if (rc == (pid_t)-1) { - pam_syslog(idata->pamh, LOG_ERR, "waitpid failed- %m"); + pam_syslog(idata->pamh, LOG_ERR, "waitpid failed: %m"); rc = PAM_SESSION_ERR; goto out; } diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 4e119340..08cc750f 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -130,7 +130,8 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, /* should not get here: exit with error */ D(("helper binary is not available")); printf("-1\n"); - exit(PAM_AUTHINFO_UNAVAIL); + fflush(stdout); + _exit(PAM_AUTHINFO_UNAVAIL); } else { close(fds[1]); if (child > 0) { diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index ab1adda0..d3ee6815 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -207,7 +207,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* should not get here: exit with error */ D(("helper binary is not available")); - exit(PAM_AUTHINFO_UNAVAIL); + _exit(PAM_AUTHINFO_UNAVAIL); } else if (child > 0) { /* wait for child */ /* if the stored password is NULL */ diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 98283502..050e0dc1 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -472,7 +472,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* should not get here: exit with error */ D(("helper binary is not available")); - exit(PAM_AUTHINFO_UNAVAIL); + _exit(PAM_AUTHINFO_UNAVAIL); } else if (child > 0) { /* wait for child */ /* if the stored password is NULL */ diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 518c015a..bc72a8c1 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -149,7 +149,7 @@ run_coprocess(const char *input, char **output, /* Run the command. */ execv(command, args); /* Never reached. */ - exit(1); + _exit(1); } /* We're the parent, so close the other ends of the pipes. */ -- cgit v1.2.3