From: Hannes Laimer <h.laimer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-access-control 1/1] pam: fork for PAM authentication to isolate SIGCHLD handler
Date: Wed, 4 Mar 2026 14:46:49 +0100 [thread overview]
Message-ID: <20260304134649.82272-3-h.laimer@proxmox.com> (raw)
In-Reply-To: <20260304134649.82272-1-h.laimer@proxmox.com>
PAM modules can temporarily override $SIG{CHLD}, causing SIGCHLDs from
RESTEnvironment worker processes to be lost. Run the PAM interaction in
a subprocess via PVE::Tools::run_fork to contain any signal handler
manipulation to the child.
Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
src/PVE/Auth/PAM.pm | 74 +++++++++++++++++++++++++--------------------
1 file changed, 42 insertions(+), 32 deletions(-)
diff --git a/src/PVE/Auth/PAM.pm b/src/PVE/Auth/PAM.pm
index 3aacfc0..8586da5 100755
--- a/src/PVE/Auth/PAM.pm
+++ b/src/PVE/Auth/PAM.pm
@@ -27,45 +27,55 @@ sub authenticate_user {
# user (www-data) need to be able to read /etc/passwd /etc/shadow
die "no password\n" if !$password;
- my $pamh = Authen::PAM->new(
- 'proxmox-ve-auth',
- $username,
- sub {
- my @res;
- while (@_) {
- my $msg_type = shift;
- my $msg = shift;
- push @res, (0, $password);
- }
- push @res, 0;
- return @res;
- },
- );
-
- if (!ref($pamh)) {
- my $err = $pamh->pam_strerror($pamh);
- die "error during PAM init: $err";
+ # PAM modules may temporarily override $SIG{CHLD}, causing SIGCHLDs from
+ # RESTEnvironment workers to be lost. Running the PAM interaction in a fork
+ # isolates any such handler manipulation from the parent process.
+ my $client_ip;
+ if (my $rpcenv = PVE::RPCEnvironment::get()) {
+ $client_ip = $rpcenv->get_client_ip();
}
- if (my $rpcenv = PVE::RPCEnvironment::get()) {
- if (my $ip = $rpcenv->get_client_ip()) {
- $pamh->pam_set_item(PAM_RHOST(), $ip);
+ PVE::Tools::run_fork(sub {
+ my $pamh = Authen::PAM->new(
+ 'proxmox-ve-auth',
+ $username,
+ sub {
+ my @res;
+ while (@_) {
+ my $msg_type = shift;
+ my $msg = shift;
+ push @res, (0, $password);
+ }
+ push @res, 0;
+ return @res;
+ },
+ );
+
+ if (!ref($pamh)) {
+ my $err = $pamh->pam_strerror($pamh);
+ die "error during PAM init: $err";
}
- }
- my $res;
+ if ($client_ip) {
+ $pamh->pam_set_item(PAM_RHOST(), $client_ip);
+ }
- if (($res = $pamh->pam_authenticate(0)) != PAM_SUCCESS) {
- my $err = $pamh->pam_strerror($res);
- die "$err\n";
- }
+ my $res;
- if (($res = $pamh->pam_acct_mgmt(0)) != PAM_SUCCESS) {
- my $err = $pamh->pam_strerror($res);
- die "$err\n";
- }
+ if (($res = $pamh->pam_authenticate(0)) != PAM_SUCCESS) {
+ my $err = $pamh->pam_strerror($res);
+ die "$err\n";
+ }
+
+ if (($res = $pamh->pam_acct_mgmt(0)) != PAM_SUCCESS) {
+ my $err = $pamh->pam_strerror($res);
+ die "$err\n";
+ }
+
+ $pamh = 0; # call destructor
- $pamh = 0; # call destructor
+ return 1;
+ });
return 1;
}
--
2.47.3
prev parent reply other threads:[~2026-03-04 13:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-04 13:46 [PATCH access-control/common 0/2] address probblem with SIGCHLD handler being temporarily overwritten Hannes Laimer
2026-03-04 13:46 ` [PATCH pve-common 1/1] RESTEnvironment: periodically reap workers as SIGCHLD fallback Hannes Laimer
2026-03-04 13:46 ` Hannes Laimer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260304134649.82272-3-h.laimer@proxmox.com \
--to=h.laimer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.