Don Lewis <truckman_at_FreeBSD.org> writes: > Dag-Erling Smørgrav <des_at_des.no> writes: > > The culprit was this commit: > > > > http://trac.des.no/openpam/changeset/487/trunk/lib/openpam_configure.c > > > > However, I'm not confident that simply reverting this commit is the > > right way to go. > Thanks for the detective work. It looks to me like the bug is caused by > the change in the openpam_parse_chain() return value. In the previous > code it returned the value of count, which I would guess was greater > than zero if it found something. In that case, the for loop in > openpam_load_chain() would be terminated because r != 0. In the new > code, openpam_parse_chain() will return PAM_SUCCESS if it found > something, and the loop in openpam_load_chain() will go through another > iteration because ret == PAM_SUCCESS. Thank you, Captain Obvious. I am still not confident that simply reverting this commit is the right way to go, because it discards valuable information when an error occurs, especially if an error occurs while parsing an include. DES -- Dag-Erling Smørgrav - des_at_des.noReceived on Mon Jan 09 2012 - 14:15:29 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:23 UTC