pam_login_access vs. pam_access (fwd)

Mike Becher Mike.Becher at lrz-muenchen.de
Mon Jan 30 08:01:24 UTC 2006 

On Fri, 27 Jan 2006, Thorsten Kukuk wrote:

> On Thu, Jan 05, Mike Becher wrote:
> 
> > Hi again,
> > 
> > because I don't know whether my patch for pam_access module (please
> > have a look at forwarded message but without patch) will be accepted
> > by list moderator or not (message was too large, larger than 40kB
> > because patch size is 100735 bytes) I post it again but now in 5
> > pieces in messages with subject: "pam_access patch part X of 5"
> > 
> > I hope this code finds the way into official distribution of
> > Linux-PAM.
> 
> I looked at it and the code is terrible. My first step will be to
> merge only the basic stuff like netmasks and IPv6, not the external
> helper and compatibility hacks.
That's OK, but I will wait till you put the code into CVS to get an 
up to date snapshot of that code before I will work further on it.
External helper and/or compatibility options may be introduced later
after we have done this step.

> 
> At first, functions like convert_hostname_r are by no means thread
> safe/reentrant only because the use no static buffer, as long as
> they use non-reentrant functions like gethostbyname().
Your are right... I know... Additionally I should also shorten code in 
pam_* functions.
 
> 
> The second problem is that from gethostbyname only the first IP is
> used. This was already broken in the old version, but now it depends
> on if the IPv4 or the IPv6 address is the first one which is returned,
> pure luck if this is really working.
> getaddrinfo should be used instead.
I know thread safety and reentrants are two different things and if one 
function is thread safe and/or reentrant depends on usage of function 
that are also thread safe and/or reentrant. 
But OK after I see the modification in CVS I will work on it to make it 
really thread safe/reentrant.

Another questions: Tabs in code are a strange thing because in 
different editors they will be handled different in point of formating. 
Thats why I don't like them to arange code and use spaces instead.
Is this OK? 

Thanks for your hints and best regards
  mike

> 
>   Thorsten
> 
> -- 
> Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk at suse.de
> SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
> --------------------------------------------------------------------    
> Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
> 

-----------------------------------------------------------------------------
 Mike Becher                              Mike.Becher at lrz-muenchen.de
 Leibniz-Rechenzentrum der                http://www.lrz.de
 Bayerischen Akademie der Wissenschaften  phone: +49-89-289-28721      
 Gruppe Hochleistungssysteme              fax:   +49-89-280-9460
 Barer Strasse 21                    
 D-80333 Muenchen
 Germany                   
-----------------------------------------------------------------------------

More information about the Pam-list mailing list