On 9 Jan, Dag-Erling Smørgrav wrote: > Don Lewis <truckman_at_FreeBSD.org> writes: >> The documentation says that /etc/pam.conf is only used if >> /etc/pam.d/service-name isn't found, and the code appears to agree >> with that, however this doesn't seem to be working as expected after >> the latest import of PAM. > > The culprit was this commit: > > http://trac.des.no/openpam/changeset/487/trunk/lib/openpam_configure.c > > However, I'm not confident that simply reverting this commit is the > right way to go. Thanks for the detective work. It looks to me like the bug is caused by the change in the openpam_parse_chain() return value. In the previous code it returned the value of count, which I would guess was greater than zero if it found something. In that case, the for loop in openpam_load_chain() would be terminated because r != 0. In the new code, openpam_parse_chain() will return PAM_SUCCESS if it found something, and the loop in openpam_load_chain() will go through another iteration because ret == PAM_SUCCESS. I think the code around the end of the loop should look more like: if (ret == PAM_SUCCESS) break; } return (ret); }Received on Mon Jan 09 2012 - 13:27:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:23 UTC