[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compile error in current CVS, src/server.c:5500

From: Derek Robert Price
Subject: Re: Compile error in current CVS, src/server.c:5500
Date: Mon, 21 Jul 2003 15:25:11 -0400
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1

Mark D. Baushke wrote:

It seems that pam_strerror() has the first argument that is expected to

be a pointer to a pam_handle_t and there is concern about what happens
if pam_strerror() is called with an invalid pam_handle_t. So, if the
handle has already been destroyed, should it still be possible to use
pam_strerror() or not? I *thought* it should be, but I have not played
with it.

The FreeBSD implementation appears to deal with NULL being passed as the
pam_handle_t for purposes of getting errnum returned properly, but there
is some odd glue for UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT wherein not
having a valid pam_handle_t might cause some more problems. So, it is
possible that not all implementations of pam will be as friendly.

I suppose another configure test could determine if it works or not...

If necessary, but it might not be. It looks like the UGLY_HACK, as you sent it from BSD, is just typecasting the pam_handle_t to an int and using it in place of the errnum. Since the PAM_* range seems to be reasonably close to zero, if the hack wasn't accepting a pam_handle_t of 0 (a typecast (int)NULL), we probably wouldn't encounter problems. As it stands, passing ((pam_handle_t)errnum, errnum) in place of ((pam_handle_t)NULL, errnum) when we might not have a pam_handle_t might avoid the configure test.

At the very least, the return value of the pam_end() function call
should be captured and returned as an integer on the error string.

I would find it acceptable to use "error 0 ..." rather than the "error
EACCESS" I provided as a suggestion previously. I am not trying to force
thru how the PAM code is implemented. I just want it to be possible for
it to be supported when bugs are reported from the field.

I'd rather have something unique in english describing the error. "Failed to start PAM", "Failed to authenticate via PAM", "Failed PAM account management", "Failed to release PAM handle"...



Email: derek@ximbiot.com

Get CVS support at <http://ximbiot.com>!
The policy of the American government is to leave their citizens free, neither 
restraining nor aiding them in their pursuits.

                        - Thomas Jefferson

reply via email to

[Prev in Thread] Current Thread [Next in Thread]