[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [mituc@iasi.rdsnet.ro: pam limits drops privileges]

On Wed, Sep 12, Steve Langasek wrote:

> On Wed, 12 Sep 2001, Steve Langasek wrote:
> > Rather than a single jumbo patch, perhaps it would help to first add autoconf
> > support and a sample usage of getpwnam_r()?  After that, adding proper
> > reentrant support to all of the modules should be fairly parallelizable.
> In fact, let's go ahead and get started on this.
> I've just committed changes to the autoconf code which add HAVE_GETPWNAM_R and
> HAVE_GETGRNAM_R defines if those functions are available.  More can be added
> for the other NSS functions as we get farther along.
> Is the following ok for a first implementation, or do you have more ambitious
> plans?  I believe you mentioned providing a wrapper for systems that don't
> have getpwnam_r(), but I'm personally quite content with this.

You should not allocate a static buffer for use with getpwnam_r.
Instead query the return code and if errno = ERANGE (I think this was
the value) increase the buffer and try it again.
Else the result will be worse then the current situation, longer entries
will fail.


> Regards,
> Steve Langasek
> postmodern programmer
>     struct passwd *pwd = NULL;
>     char buf[512];
>     struct passwd pwd_buf;
>     pwd = &pwd_buf;
> #endif
> ...
>     getpwnam_r(name, pwd, buf, sizeof(buf), &pwd);
> #else
>     pwd = getpwnam(name);
> #endif
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE GmbH            Deutschherrenstr. 15-19       D-90429 Nuernberg
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []