X-Git-Url: http://git.hungrycats.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=driver%2Fpasswd-pam.c;h=7560d1a41ec487175784a56687f81db48495a77b;hb=96bdd7cf6ea60c418a76921acaf0e34d6f5be930;hp=7083cfe487f41342c5c26ff1dd10518ceedcbdeb;hpb=cccbddbc4140cf9a06d7d95cc5c0ca36eb5d6e28;p=xscreensaver

diff --git a/driver/passwd-pam.c b/driver/passwd-pam.c
index 7083cfe4..7560d1a4 100644
--- a/driver/passwd-pam.c
+++ b/driver/passwd-pam.c
@@ -1,7 +1,7 @@
 /* passwd-pam.c --- verifying typed passwords with PAM
  * (Pluggable Authentication Modules.)
  * written by Bill Nottingham <notting@redhat.com> (and jwz) for
- * xscreensaver, Copyright (c) 1993-2002 Jamie Zawinski <jwz@jwz.org>
+ * xscreensaver, Copyright (c) 1993-2003 Jamie Zawinski <jwz@jwz.org>
  *
  * Permission to use, copy, modify, distribute, and sell this software and its
  * documentation for any purpose is hereby granted without fee, provided that
@@ -52,10 +52,12 @@ extern char *blurb(void);
 #include <pwd.h>
 #include <grp.h>
 #include <security/pam_appl.h>
+#include <signal.h>
+#include <errno.h>
 
 #include <sys/stat.h>
 
-extern void block_sigchld (void);
+extern sigset_t block_sigchld (void);
 extern void unblock_sigchld (void);
 
 /* blargh */
@@ -179,6 +181,8 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
   struct pam_conv pc;
   struct pam_closure c;
   char *user = 0;
+  sigset_t set;
+  struct timespec timeout;
 
   struct passwd *p = getpwuid (getuid ());
   if (!p) return False;
@@ -242,8 +246,10 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
 
   PAM_NO_DELAY(pamh);
 
-  block_sigchld();
+  timeout.tv_nsec = 1;
+  set = block_sigchld();
   status = pam_authenticate (pamh, 0);
+  sigtimedwait (&set, NULL, &timeout);
   unblock_sigchld();
 
   if (verbose_p)
@@ -254,8 +260,13 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
       /* Each time we successfully authenticate, refresh credentials,
          for Kerberos/AFS/DCE/etc.  If this fails, just ignore that
          failure and blunder along; it shouldn't matter.
+
+         Note: this used to be PAM_REFRESH_CRED instead of
+         PAM_REINITIALIZE_CRED, but Jason Heiss <jheiss@ee.washington.edu>
+         says that the Linux PAM library ignores that one, and only refreshes
+         credentials when using PAM_REINITIALIZE_CRED.
        */
-      int status2 = pam_setcred (pamh, PAM_REFRESH_CRED);
+      int status2 = pam_setcred (pamh, PAM_REINITIALIZE_CRED);
       if (verbose_p)
         fprintf (stderr, "%s:   pam_setcred (...) ==> %d (%s)\n",
                  blurb(), status2, PAM_STRERROR(pamh, status2));
@@ -274,7 +285,12 @@ pam_passwd_valid_p (const char *typed_passwd, Bool verbose_p)
   if (status != PAM_SUCCESS) goto DONE;
 
   PAM_NO_DELAY(pamh);
+
+  set = block_sigchld();
   status = pam_authenticate (pamh, 0);
+  sigtimedwait(&set, NULL, &timeout);
+  unblock_sigchld();
+
   if (verbose_p)
     fprintf (stderr, "%s:   pam_authenticate (...) ==> %d (%s)\n",
              blurb(), status, PAM_STRERROR(pamh, status));