[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_login_access vs. pam_access (fwd)

On Thu, Jan 05, Mike Becher wrote:

> Hi again,
> because I don't know whether my patch for pam_access module (please
> have a look at forwarded message but without patch) will be accepted
> by list moderator or not (message was too large, larger than 40kB
> because patch size is 100735 bytes) I post it again but now in 5
> pieces in messages with subject: "pam_access patch part X of 5"
> I hope this code finds the way into official distribution of
> Linux-PAM.

I looked at it and the code is terrible. My first step will be to
merge only the basic stuff like netmasks and IPv6, not the external
helper and compatibility hacks.

At first, functions like convert_hostname_r are by no means thread
safe/reentrant only because the use no static buffer, as long as
they use non-reentrant functions like gethostbyname().

The second problem is that from gethostbyname only the first IP is
used. This was already broken in the old version, but now it depends
on if the IPv4 or the IPv6 address is the first one which is returned,
pure luck if this is really working.
getaddrinfo should be used instead.


Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk suse de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]