BUG REPORT: gdm on RedHat 5.2 with PAM

[Peter Wainwright <prw wainpr demon co uk>]

Hi
	I am running Gnome on Intel RedHat 5.2. I have gdm from
CVS on anoncvs.gimp.org from 15th January. I have had to fix two
bugs to get it to work.

Firstly, I get text messages from the pam_pwdb module such as
"Your password will expire in N days". These are passed to the
conversation function with a msg_style of PAM_TEXT_INFO. It seems
that a valid reply MUST be set here, because Linux PAM 0.59+ will
expect a response to all messages and will free all the pointers.
Not setting a response here causes a segfault.

NOTE: this fix applies only to my system: I guess you should find
some way of checking the PAM version and acting appropriately.

Secondly, the strings read by gdm_slave_greeter() do not match
those sent by gdmgreeter, the order of language and session is
reversed. Also, there may be a problem if one of the strings is
empty, ie. just "\n". On my system sscanf() fails here with an
EPIPE error, and the output string is not set. I have therefore
added a check for this situation.

My patches are attached.

Peter Wainwright
Home: prw@wainpr.demon.co.uk   Work: peter.wainwright@nrpb.org.uk
http://www.wainpr.demon.co.uk
Visit the Opera Exchange Homepage at http://www.treda.co.uk/opex/
diff -U4 -r gdm-old/src/gdmslave.c gdm/src/gdmslave.c
--- gdm-old/src/gdmslave.c	Fri Jan 15 18:19:20 1999
+++ gdm/src/gdmslave.c	Sat Jan 16 19:35:34 1999
@@ -204,15 +204,19 @@
 		break;
 
 	    case 'U':		/* User session initiated */
 		fgets(buf, 64, greeter);
-		sscanf(buf, "%s", login);
+		if (sscanf(buf, "%s", login) <= 0)
+		  login[0] = '\0';
 		fgets(buf, 64, greeter);
-		sscanf(buf, "%s", passwd);
-		fgets(buf, _POSIX_PATH_MAX, greeter);
-		sscanf(buf, "%s", session);
+		if (sscanf(buf, "%s", passwd) <= 0)
+		  passwd[0] = '\0';
 		fgets(buf, 64, greeter);
-		sscanf(buf, "%s", lang);
+		if (sscanf(buf, "%s", lang) <= 0)
+		  lang[0] = '\0';
+		fgets(buf, _POSIX_PATH_MAX, greeter);
+		if (sscanf(buf, "%s", session) <= 0)
+		  session[0] = '\0';
 
 		if(strlen(login)+strlen(passwd)+strlen(session)+strlen(lang)==0) 
 		    gdm_remanage(_("gdm_slave_greeter: Insufficient data from greeter in pipe"));
 
diff -U4 -r gdm-old/src/gdmverify.c gdm/src/gdmverify.c
--- gdm-old/src/gdmverify.c	Fri Jan 15 18:19:20 1999
+++ gdm/src/gdmverify.c	Sat Jan 16 17:50:37 1999
@@ -46,10 +46,19 @@
 		      void *appdata_ptr)
 {
     int replies = 0;
     struct pam_response *reply = NULL;
-    
-    reply = g_malloc(sizeof(struct pam_response));
+
+    /* According to the application writer's guide: Post
+       Linux-PAM-0.59 (and in the interests of compatibility with
+       Sunsoft), the number of resposes is always equal to the num_msg
+       conversation function argument.  This is slightly easier to
+       program but does require that the response array is free(3)'d
+       after every call to the conversation function.  The index of
+       the responses corresponds directly to the prompt index in the
+       pam_message */
+       
+    reply = g_malloc(num_msg*sizeof(struct pam_response));
     if (!reply) return PAM_CONV_ERR;
     
     for (replies = 0; replies < num_msg; replies++) {
 	switch (msg[replies]->msg_style) {
@@ -57,8 +66,12 @@
 	    reply[replies].resp_retcode = PAM_SUCCESS;
 	    reply[replies].resp = g_strdup(passwd);
 	    break;
 	case PAM_TEXT_INFO:
+	    /* This structure WILL be freed by the module, so it had
+	       better point to something valid */
+	    reply[replies].resp_retcode = PAM_SUCCESS;
+	    reply[replies].resp = g_strdup("XXXX");
 	    break;
 	case PAM_PROMPT_ECHO_ON:
 	default:
 	    g_free (reply);