git.ipfire.org Git - thirdparty/systemd.git/commit

shared/pam-util: add pam_syslog_errno() wrapper that sets errno

So far our pam code was using strerror_safe(). But that's not a good approach,
because strerror_safe() is not thread-safe, and the pam code is "library code"
that should be thread-safe. In fact, the whole effort to use strerror() is
unnecessary, because pam_syslog() is documented to support %m. The
implementation in linux-pam simply uses vasprintf(). If we use %m too, we get
rid of the issue. The wrapper sets errno temporarily from the argument.

Apparently some PAM consumers run multiple PAM stacks in threads, so we should
avoid non-thread-safe code.

The new helper returns PAM_BUF_ERR for ENOMEM, and PAM_SERVICE_ERR in other
cases. This may change the returned code in some cases, but I think a) it
doesn't matter much, b) it's probably for the better. E.g. we might now return
PAM_SERVICE_ERR if the dbus message is borked, and PAM_SERVICE_ERR seems
appropriate.

author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 4 Oct 2022 12:19:12 +0000 (14:19 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 10 Oct 2022 07:55:21 +0000 (09:55 +0200)
commit	b1eff892bb7c4ba2fac2b1fdf54d86534aaf2d08
tree	c91027fa63ac201f47041ac56fb46497c9b93025	tree \| snapshot
parent	50c5b991df302e7d143e8a859dd9d95c419d60fc	commit \| diff

src/shared/pam-util.c		diff \| blob \| blame \| history
src/shared/pam-util.h		diff \| blob \| blame \| history