Re: [Exim] SIGCHLD complaints and pam_exim failing inexplica…

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MGreg Owen at <-
M\MNeal D. Becker at ->
Delete this message
Reply to this message
Author: Greg Owen
Date:  
To: exim-users
Subject: Re: [Exim] SIGCHLD complaints and pam_exim failing inexplicably
--

Summary: patch to make pam_exim function under RedHat 9 (SIGCHLD/SIG_IGN)

On Tue, 3 Jun 2003, Greg Owen wrote:
> I'm currently seeing the same problem using the pam_exim helper program
> from http://www.e-admin.de/pam_exim/. That fix uses a setuid PAM helper
> executable, which presumably is the subprocess involved.

To recap earlier email, exim 4.14 on RedHat 9 with the pam_exim module was
failing to authenticate users, and the log messages printed the RedHat 9
SIGCHLD/SIG_IGN complaint, like such:

Jul 7 10:30:14 mail exim(pam_exim)[17379]: args to give gowen
Jul 7 10:30:14 mail kernel: application bug: exim(17378) has SIGCHLD set to SIG_IGN but calls wait().
Jul 7 10:30:14 mail kernel: (see the NOTES section of 'man 2 wait'). Workaround activated.
Jul 7 10:30:14 mail exim_chkpwd[17379]: pass okay - returnig UNIX_PASSED
Jul 7 10:30:14 mail exim(pam_exim)[17378]: authentication failure; logname= uid=95 euid=95 tty= ruser= rhost= user=gowen

As you can see from the log, the exim_chkpwd helper binary thinks the
user authenticated, but pam_exim doesn't. Debugging showed that the
return value from waitpid was all screwy.

In order to work around this, I modified support.c from the pam_exim
tarball to 'signal(SIGCHLD, SIG_DFL)' before the fork, and
'signal(SIGCHLD, SIG_IGN)' after the child returns. This eliminated both
the error message and the malfunction, and makes pam_exim work under
RedHat 9. I've attached the patch.

There's no guarantee that the patch won't cause unforseen havoc,
catastrophe, or other problems. Use at your own risk ;>

I've also sent this in to Andreas Gietl and he's updated the pam_exim page
at http://www.e-admin.de/pam_exim/ to include a copy of this patch.
Thanks to Andreas for making pam_exim available. 

--
    gowen -- Greg Owen -- gowen@???
    79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D
--
Content-Description: Patch to support.c from pam_exim tarball


--- support.c    2003-07-07 10:30:43.000000000 -0400
+++ support.c.orig    2003-07-07 10:21:50.000000000 -0400
@@ -406,8 +406,6 @@
     return PAM_AUTH_ERR;
     }

-    /* try to fix SIG_IGN POSIX problem under RH9 */
-    signal(SIGCHLD, SIG_DFL);
     /* fork */
     child = fork();
     if (child == 0) {
@@ -456,7 +454,6 @@
     retval = PAM_AUTH_ERR;
     }

-    signal(SIGCHLD, SIG_IGN);
     D(("returning %d", retval));
     return retval;
 }
--




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] reverse DNS lookup for virtual domains[Exim] Re: Big increase in bounces addressed to non-existent addresses->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)