Skip site navigation (1) Skip section navigation (2)

pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming
Date: 2009-10-16 22:09:08
Message-ID: 20091016220908.DAFF4753FB7@cvs.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the
pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message.
Instead, deal with however many messages there are, and don't throw error
for PAM_ERROR_MSG and PAM_TEXT_INFO messages.  This logic is borrowed from
openssh 5.2p1, which hopefully has seen more real-world PAM usage than we
have.  Per bug #5121 from Ryan Douglas, which turned out to be caused by
the conv_proc being called with zero messages.  Apparently that is normal
behavior given the combination of Linux pam_krb5 with MS Active Directory
as the domain controller.

Patch all the way back, since this code has been essentially untouched
since 7.4.  (Surprising we've not heard complaints before.)

Tags:
----
REL8_0_STABLE

Modified Files:
--------------
    pgsql/src/backend/libpq:
        auth.c (r1.122 -> r1.122.4.1)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/libpq/auth.c?r1=1.122&r2=1.122.4.1)

pgsql-committers by date

Next:From: Tom LaneDate: 2009-10-16 22:09:16
Subject: pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming
Previous:From: Tom LaneDate: 2009-10-16 22:09:02
Subject: pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group