|
From: | Derek Robert Price |
Subject: | Re: Compile error in current CVS, src/server.c:5500 |
Date: | Mon, 21 Jul 2003 15:25:11 -0400 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 |
Mark D. Baushke wrote:
It seems that pam_strerror() has the first argument that is expected to be a pointer to a pam_handle_t and there is concern about what happens if pam_strerror() is called with an invalid pam_handle_t. So, if the handle has already been destroyed, should it still be possible to use pam_strerror() or not? I *thought* it should be, but I have not played with it. The FreeBSD implementation appears to deal with NULL being passed as the pam_handle_t for purposes of getting errnum returned properly, but there is some odd glue for UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT wherein not having a valid pam_handle_t might cause some more problems. So, it is possible that not all implementations of pam will be as friendly. I suppose another configure test could determine if it works or not...
If necessary, but it might not be. It looks like the UGLY_HACK, as you sent it from BSD, is just typecasting the pam_handle_t to an int and using it in place of the errnum. Since the PAM_* range seems to be reasonably close to zero, if the hack wasn't accepting a pam_handle_t of 0 (a typecast (int)NULL), we probably wouldn't encounter problems. As it stands, passing ((pam_handle_t)errnum, errnum) in place of ((pam_handle_t)NULL, errnum) when we might not have a pam_handle_t might avoid the configure test.
At the very least, the return value of the pam_end() function call should be captured and returned as an integer on the error string. I would find it acceptable to use "error 0 ..." rather than the "error EACCESS" I provided as a suggestion previously. I am not trying to force thru how the PAM code is implemented. I just want it to be possible for it to be supported when bugs are reported from the field.
I'd rather have something unique in english describing the error. "Failed to start PAM", "Failed to authenticate via PAM", "Failed PAM account management", "Failed to release PAM handle"...
Derek -- *8^) Email: derek@ximbiot.com Get CVS support at <http://ximbiot.com>! -- The policy of the American government is to leave their citizens free, neither restraining nor aiding them in their pursuits. - Thomas Jefferson
[Prev in Thread] | Current Thread | [Next in Thread] |