pam_login_access vs. pam_access (fwd)
Mike Becher
Mike.Becher at lrz-muenchen.de
Mon Jan 30 08:01:24 UTC 2006
On Fri, 27 Jan 2006, Thorsten Kukuk wrote:
> On Thu, Jan 05, Mike Becher wrote:
>
> > Hi again,
> >
> > because I don't know whether my patch for pam_access module (please
> > have a look at forwarded message but without patch) will be accepted
> > by list moderator or not (message was too large, larger than 40kB
> > because patch size is 100735 bytes) I post it again but now in 5
> > pieces in messages with subject: "pam_access patch part X of 5"
> >
> > I hope this code finds the way into official distribution of
> > Linux-PAM.
>
> I looked at it and the code is terrible. My first step will be to
> merge only the basic stuff like netmasks and IPv6, not the external
> helper and compatibility hacks.
That's OK, but I will wait till you put the code into CVS to get an
up to date snapshot of that code before I will work further on it.
External helper and/or compatibility options may be introduced later
after we have done this step.
>
> At first, functions like convert_hostname_r are by no means thread
> safe/reentrant only because the use no static buffer, as long as
> they use non-reentrant functions like gethostbyname().
Your are right... I know... Additionally I should also shorten code in
pam_* functions.
>
> The second problem is that from gethostbyname only the first IP is
> used. This was already broken in the old version, but now it depends
> on if the IPv4 or the IPv6 address is the first one which is returned,
> pure luck if this is really working.
> getaddrinfo should be used instead.
I know thread safety and reentrants are two different things and if one
function is thread safe and/or reentrant depends on usage of function
that are also thread safe and/or reentrant.
But OK after I see the modification in CVS I will work on it to make it
really thread safe/reentrant.
Another questions: Tabs in code are a strange thing because in
different editors they will be handled different in point of formating.
Thats why I don't like them to arange code and use spaces instead.
Is this OK?
Thanks for your hints and best regards
mike
>
> Thorsten
>
> --
> Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
> SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
> --------------------------------------------------------------------
> Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
-----------------------------------------------------------------------------
Mike Becher Mike.Becher at lrz-muenchen.de
Leibniz-Rechenzentrum der http://www.lrz.de
Bayerischen Akademie der Wissenschaften phone: +49-89-289-28721
Gruppe Hochleistungssysteme fax: +49-89-280-9460
Barer Strasse 21
D-80333 Muenchen
Germany
-----------------------------------------------------------------------------
More information about the Pam-list
mailing list