couldn't log on to my -CURRENT machine after upgrade to latest
PAM
Don Lewis
truckman at FreeBSD.org
Mon Jan 9 14:27:13 UTC 2012
On 9 Jan, Dag-Erling Smørgrav wrote:
> Don Lewis <truckman at FreeBSD.org> writes:
>> The documentation says that /etc/pam.conf is only used if
>> /etc/pam.d/service-name isn't found, and the code appears to agree
>> with that, however this doesn't seem to be working as expected after
>> the latest import of PAM.
>
> The culprit was this commit:
>
> http://trac.des.no/openpam/changeset/487/trunk/lib/openpam_configure.c
>
> However, I'm not confident that simply reverting this commit is the
> right way to go.
Thanks for the detective work. It looks to me like the bug is caused by
the change in the openpam_parse_chain() return value. In the previous
code it returned the value of count, which I would guess was greater
than zero if it found something. In that case, the for loop in
openpam_load_chain() would be terminated because r != 0. In the new
code, openpam_parse_chain() will return PAM_SUCCESS if it found
something, and the loop in openpam_load_chain() will go through another
iteration because ret == PAM_SUCCESS. I think the code around the end
of the loop should look more like:
if (ret == PAM_SUCCESS)
break;
}
return (ret);
}
More information about the freebsd-current
mailing list