Date: Mon, 9 Jan 2012 06:25:48 -0800 (PST) From: Don Lewis <truckman@FreeBSD.org> To: des@des.no Cc: current@FreeBSD.org Subject: Re: couldn't log on to my -CURRENT machine after upgrade to latest PAM Message-ID: <201201091425.q09EPmA0026105@gw.catspoiler.org> In-Reply-To: <86y5thx97g.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9 Jan, Dag-Erling Smørgrav wrote: > Don Lewis <truckman@FreeBSD.org> writes: >> The documentation says that /etc/pam.conf is only used if >> /etc/pam.d/service-name isn't found, and the code appears to agree >> with that, however this doesn't seem to be working as expected after >> the latest import of PAM. > > The culprit was this commit: > > http://trac.des.no/openpam/changeset/487/trunk/lib/openpam_configure.c > > However, I'm not confident that simply reverting this commit is the > right way to go. Thanks for the detective work. It looks to me like the bug is caused by the change in the openpam_parse_chain() return value. In the previous code it returned the value of count, which I would guess was greater than zero if it found something. In that case, the for loop in openpam_load_chain() would be terminated because r != 0. In the new code, openpam_parse_chain() will return PAM_SUCCESS if it found something, and the loop in openpam_load_chain() will go through another iteration because ret == PAM_SUCCESS. I think the code around the end of the loop should look more like: if (ret == PAM_SUCCESS) break; } return (ret); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201091425.q09EPmA0026105>