The previous code was prone to race conditions if the child already
started writing to stdout before the dup2 call happened. This has
been detected in postmarketOS[1] and I also reproduced it in Alpine
Linux. Since passwd writes to stderr and linux-pam to stdout, the
redirection was needed. However, linux-pam was failing with
"Conversation error" since an fprintf(stdout, ...) call wasn't
able to write to an already-closed stdout.
This problem is fixed by setting the redirection in the child setup
function and ignoring the stderr pipe. It also fixes a leak, where
the stderr fd was simply ignored and never closed.
[1] https://gitlab.com/postmarketOS/pmaports/-/issues/1449
On Fedora 31, the "Current Password: " prompt is printed by passwd,
when I enter my current password wrongly. It is not clear to me why
and I don't know how to debug the PAM stack, but it causes that the
checkmark for the old password field is not reliable and what is worse
it causes the dialog hangs when it is submitted. Let's add check for
the "urrent" keyword to fix this issue.
Fixes: https://gitlab.gnome.org/GNOME/gnome-control-center/issues/766
Usually, passwd exits with an error if the current password is incorrect,
however, when using LDAP, it askes for password again. It causes hangs as
the passwd helper assumes that the password is correct. Let's prevent this
hangs using additional check for "incorrect" keyword.
Based on a patch from https://launchpad.net/bugs/607357 made by Ryan Tandy.
https://bugzilla.gnome.org/show_bug.cgi?id=786530
By passing the environment down to passwed rather than an empty one.
This means that passwd's PAM modules will be able to access the session
D-Bus, for the gnome-keyring PAM module to change the keyring password
for example.
https://bugzilla.gnome.org/show_bug.cgi?id=616703
