From owner-freebsd-current@FreeBSD.ORG Thu Jan 26 10:38:39 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BE45106566B; Thu, 26 Jan 2012 10:38:39 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-lpp01m010-f54.google.com (mail-lpp01m010-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id B52378FC15; Thu, 26 Jan 2012 10:38:38 +0000 (UTC) Received: by lahj13 with SMTP id j13so312825lah.13 for ; Thu, 26 Jan 2012 02:38:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=HqWd5iZW1WiwuOZ9sIeYsFX6AWx7GDad3gPgdsc8k/M=; b=VWG/fclr0MNQYkGEsMIxA+bUt8OV7ZWjO8VTUBomMIpUYLRq4Jlz1A+099BCMQ8qMQ dz0/WBUgW1+Hiqf8CD3aYh0S0PrVreIbo2E8xx8TMdE8WzOACvbY7133C6nz4IL3cGzg oVtwNVwaTxx6SFN6gmQnM+PYBJjavuiZs0z/o= Received: by 10.112.29.6 with SMTP id f6mr364099lbh.69.1327572462897; Thu, 26 Jan 2012 02:07:42 -0800 (PST) Received: from localhost ([78.157.92.5]) by mx.google.com with ESMTPS id k4sm2720023lbw.10.2012.01.26.02.07.40 (version=SSLv3 cipher=OTHER); Thu, 26 Jan 2012 02:07:41 -0800 (PST) Date: Thu, 26 Jan 2012 12:07:46 +0200 From: Gleb Kurtsou To: Jean-S?bastien P?dron Message-ID: <20120126100745.GA62071@reks> References: <4F1EBF42.4050307@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <4F1EBF42.4050307@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Romain Vrignaud , Pierre-Gilles Mialon , freebsd-current@freebsd.org Subject: Re: [patch] pam_exec: use program exit code instead of PAM_SYSTEM_ERR X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2012 10:38:39 -0000 On (24/01/2012 15:25), Jean-S?bastien P?dron wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > If the specified program exits with non-zero, current implementation > of pam_exec(8) logs this code and return PAM_SYSTEM_ERR. Therefore, > applications have no idea what went wrong with authentication. > > Attached is a patch that changes the behaviour to always return the > program exit code as-is. This lets the program returns meaningful > informations to applications. > > I also added a small paragraph explaining this to the man page. > > I'm planning to commit this to -CURRENT (maybe in a week or two) and > merge it to 9 and 8 if there're no objections. Please consider making it optional. It will break for generic applications because pam_sm_chauthtok error codes are documented and standardized. I'm not aware of any application that uses PAM error constants as exit code. Thanks, Gleb. > > Thanks for any comments! > > - -- > Jean-Sébastien Pédron > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.18 (FreeBSD) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk8ev0IACgkQa+xGJsFYOlNjyACfSg6NgDLy+7VF6rEVV6yTINTd > rlgAoNpgWLvYBEL2DCejuPDz0yQRf5QY > =JEte > -----END PGP SIGNATURE----- > diff --git a/lib/libpam/modules/pam_exec/pam_exec.8 b/lib/libpam/modules/pam_exec/pam_exec.8 > index 311d64c..c5d2404 100644 > --- a/lib/libpam/modules/pam_exec/pam_exec.8 > +++ b/lib/libpam/modules/pam_exec/pam_exec.8 > @@ -32,7 +32,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd February 1, 2005 > +.Dd January 24, 2012 > .Dt PAM_EXEC 8 > .Os > .Sh NAME > @@ -59,6 +59,12 @@ variables: > .Ev PAM_TTY , > and > .Ev PAM_USER . > +.Pp > +The program exit code should be one of the codes defined in > +.Pa /usr/include/security/pam_constants.h > +under section "XSSO 5.2". Authentication is successful if the return code is > +.Er PAM_SUCCESS > +(0), failed otherwise. > .Sh SEE ALSO > .Xr pam_get_item 3 , > .Xr pam.conf 5 , > diff --git a/lib/libpam/modules/pam_exec/pam_exec.c b/lib/libpam/modules/pam_exec/pam_exec.c > index b7a870f..d497479 100644 > --- a/lib/libpam/modules/pam_exec/pam_exec.c > +++ b/lib/libpam/modules/pam_exec/pam_exec.c > @@ -141,12 +141,7 @@ _pam_exec(pam_handle_t *pamh __unused, int flags __unused, > openpam_log(PAM_LOG_ERROR, "unknown status 0x%x", status); > return (PAM_SYSTEM_ERR); > } > - if (WEXITSTATUS(status) != 0) { > - openpam_log(PAM_LOG_ERROR, "%s returned code %d", > - argv[0], WEXITSTATUS(status)); > - return (PAM_SYSTEM_ERR); > - } > - return (PAM_SUCCESS); > + return (WEXITSTATUS(status)); > } > > PAM_EXTERN int > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"