Comments (5)
benschumacher
commented on July 29, 2024
Eric-
The previous issue #23 indicates that leaving the file open causes problems in some scenarios. I think closing the FD is an appropriate solution, but it seems like this could be a race condition and is possible related to being run multithreaded -- the code not being particularly robust for this sort of behavior. (NSCD, for example, is threaded.)
If you changed the magic() function to this definition, I believe it would solve this issue, if indeed it is the issue (you might need to #include <pthread.h>, too):
#include <pthread.h>
/*
* magic - Returns the next magic number.
*/
u_int32_t
magic()
{
static pthread_once_t magic_control = PTHREAD_ONCE_INIT;
pthread_once(&magic_control, &magic_init);
return (u_int32_t)random();
}(I haven't tried running this code yet, but I have confirmed it does compile.)
I can also create a pull request for it when I get a chance. With this change, the 'magic_initialised' variable isn't used any longer, so it could be removed, as well.
Hope this helps,
Ben
from pam_tacplus.
daveolson53
commented on July 29, 2024
benschumacher [email protected] wrote:
The previous issue #23 indicates that leaving the file open causes problems in
some scenarios. I think closing the FD is an appropriate solution, but it seems
like this could be a race condition and is possible related to being run
multithreaded -- the code not being particularly robust for this sort of
behavior. (NSCD, for example, is threaded.)If you changed the magic() function to this definition, I believe it would
solve this issue, if indeed it is the issue (you might need to #include
<pthread.h>, too):
I think that's not a good idea. Big chunks of the code aren't thread
safe, so there isn't a reason to patch this one tiny thing.
I'd suggest saving that until the code is made thread safe, and do all the work
together.
Dave Olson
[email protected]
from pam_tacplus.
ehoffman2
commented on July 29, 2024
I don't think it's multi-thread related. In my scenario, I have only one thread running the code. The problem really is because when the function is called the first time, the file is opened (rfd is initialized) and is then closed (thus, the referenced FD is obsolete) before return to caller. The second time magic() is called (within the same tread), the file descriptor is now invalid (and not re-initialized). Data is read from whatever file is referenced by the obsolete descriptor.
Regards,
Eric
from pam_tacplus.
daveolson53
commented on July 29, 2024
ehoffman2 [email protected] wrote:
I don't think it's multi-thread related. In my scenario, I have only one thread
running the code. The problem really is because when the function is called the
first time, the file is opened (rfd is initialized) and is then closed (thus,
the referenced FD is obsolete) before return to caller. The second time magic()
is called (within the same tread), the file descriptor is now invalid (and not
re-initialized). Data is read from whatever file is referenced by the obsolete
descriptor.
That sounds like the problem that was addressed by an earlier change.
Maybe I'm confused, though.
I any case, I stand by my recommendation that we not try to apply
the thread patch.
Dave Olson
[email protected]
from pam_tacplus.
kravietz
commented on July 29, 2024
The whole magic.c is now replaced by OpenSSL.
from pam_tacplus.
Related Issues (20)
- debian 11 package for libpam-tacplus HOT 6
- no prompt when using for sudo
- Double free in authenticate HOT 2
- sshd not working
- Is loopback source IP Address configure possible ?
- No configure in official tarball HOT 8
- Out-of-tree builds fail in configure
- Does not compile without getrandom() HOT 7
- Ubuntu Failing with "Tacacs Session aborted".
- How to log user commands into server accounting file?
- Mechanism to get the user priviledge from TACACS Server
- m4/explicit_bzero.m4 (gl_PREREQ_EXPLICIT_BZERO): Remove.
- /bin/sh: sys/random.h-t: No such file or directory HOT 3
- pam_tacplus license HOT 1
- Is srcaddr supported at all
- Build Error: Gnulib files not imported
- Is password change supported in pam_tacplus
- core dumped due double free
- Can't access with the default user of the router if the user is not in TACACS+
- Configuration does not fail when gnulib is not installed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pam_tacplus.