Skip site navigation (1) Skip section navigation (2)

pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming
Date: 2009-10-16 22:09:16
Message-ID: 20091016220916.B0DF9753FB7@cvs.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the
pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message.
Instead, deal with however many messages there are, and don't throw error
for PAM_ERROR_MSG and PAM_TEXT_INFO messages.  This logic is borrowed from
openssh 5.2p1, which hopefully has seen more real-world PAM usage than we
have.  Per bug #5121 from Ryan Douglas, which turned out to be caused by
the conv_proc being called with zero messages.  Apparently that is normal
behavior given the combination of Linux pam_krb5 with MS Active Directory
as the domain controller.

Patch all the way back, since this code has been essentially untouched
since 7.4.  (Surprising we've not heard complaints before.)

Tags:
----
REL7_4_STABLE

Modified Files:
--------------
    pgsql/src/backend/libpq:
        auth.c (r1.112.2.1 -> r1.112.2.2)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/libpq/auth.c?r1=1.112.2.1&r2=1.112.2.2)

pgsql-committers by date

Next:From: Magnus HaganderDate: 2009-10-17 00:24:51
Subject: pgsql: Write to the Windows eventlog in UTF16, converting the message
Previous:From: Tom LaneDate: 2009-10-16 22:09:08
Subject: pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group