Jose Plans
2007-02-24 17:40:10 UTC
Hi,
Ok this is a proposal fixing the problem of the return codes from
pam_sm_authenticate(), where in the original code the returns were
sometimes PAM_SERVICE_ERR or PAM_IGNORE, producing a cascade to
pam_deny.so !
We should apply these too. They are tested / verified.
Example on how to find this bug, try to remove the module uinput on
startup (Fedora Core example) and try to use the swipe with 0.2.3, you
will not reach pam_unix/2.so...
Then I checked the code and saw that some illegal calls were used in
pam_sm_authenticate(3) for failure.
Attached are the two patches that fixes the problem and add the correct
returns.
Thanks,
Jose
Ok this is a proposal fixing the problem of the return codes from
pam_sm_authenticate(), where in the original code the returns were
sometimes PAM_SERVICE_ERR or PAM_IGNORE, producing a cascade to
pam_deny.so !
We should apply these too. They are tested / verified.
Example on how to find this bug, try to remove the module uinput on
startup (Fedora Core example) and try to use the swipe with 0.2.3, you
will not reach pam_unix/2.so...
Then I checked the code and saw that some illegal calls were used in
pam_sm_authenticate(3) for failure.
Attached are the two patches that fixes the problem and add the correct
returns.
Thanks,
Jose