OBS User unknown 2008-10-22 15:45:32 +00:00 committed by Git OBS Bridge
parent 7d48496d36
commit 6d1722507c
3 changed files with 48 additions and 40 deletions

View File

@ -37,7 +37,7 @@ Index: src/Makefile.am
ls_LDADD += $(LIB_ACL_TRIVIAL) $(LIB_ACL)
--- src/getdef.c
+++ src/getdef.c
@@ -0,0 +1,257 @@
@@ -0,0 +1,259 @@
+/* Copyright (C) 2003, 2004, 2005 Thorsten Kukuk
+ Author: Thorsten Kukuk <kukuk@suse.de>
+
@ -70,9 +70,9 @@ Index: src/Makefile.am
+#include "getdef.h"
+
+struct item {
+ char *name; /* name of the option. */
+ char *value; /* value of the option. */
+ struct item *next; /* pointer to next option. */
+ char *name; /* Name of the option. */
+ char *value; /* Value of the option. */
+ struct item *next; /* Pointer to next option. */
+};
+
+static struct item *list = NULL;
@ -109,12 +109,12 @@ Index: src/Makefile.am
+ abort ();
+
+ new->name = strdup (name);
+ new->value = strdup (value?:"");
+ new->value = strdup (value ?: "");
+ new->next = list;
+ list = new;
+}
+
+/* search a special entry in the list and return the value. */
+/* Search a special entry in the list and return the value. */
+static const char *
+search (const char *name)
+{
@ -131,7 +131,7 @@ Index: src/Makefile.am
+ return NULL;
+}
+
+/* Load the login.defs file (/etc/login.defs) */
+/* Load the login.defs file (/etc/login.defs). */
+static void
+load_defaults_internal (const char *filename)
+{
@ -173,7 +173,7 @@ Index: src/Makefile.am
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ while (isspace ((unsigned char) *cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
@ -183,7 +183,7 @@ Index: src/Makefile.am
+
+ tmp = strsep (&cp, " \t=");
+ if (cp != NULL)
+ while (isspace ((int)*cp) || *cp == '=')
+ while (isspace ((unsigned char) *cp) || *cp == '=')
+ ++cp;
+
+ store (tmp, cp);
@ -232,9 +232,10 @@ Index: src/Makefile.am
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtol (val, &cp, 0);
+ if (*cp != '\0' ||
+ ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE))
+ if (*cp != '\0'
+ || ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE))
+ {
+ fprintf (stderr,
+ "%s contains invalid numerical value: %s!\n",
@ -259,6 +260,7 @@ Index: src/Makefile.am
+ if (val == NULL)
+ return dflt;
+
+ errno = 0;
+ retval = strtoul (val, &cp, 0);
+ if (*cp != '\0' || (retval == ULONG_MAX && errno == ERANGE))
+ {
@ -417,7 +419,7 @@ Index: src/Makefile.am
static void run_shell (char const *, char const *, char **, size_t)
ATTRIBUTE_NORETURN;
@@ -215,7 +238,163 @@ log_su (struct passwd const *pw, bool su
@@ -215,7 +238,162 @@ log_su (struct passwd const *pw, bool su
}
#endif
@ -443,30 +445,29 @@ Index: src/Makefile.am
+static void
+cleanup_pam (int retcode)
+{
+ if (_pam_cred_established)
+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
+
+ if (_pam_session_opened)
+ pam_close_session (pamh, 0);
+
+ if (_pam_cred_established)
+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
+
+ pam_end(pamh, retcode);
+}
+
+/* Signal handler for parent process */
+/* Signal handler for parent process. */
+static void
+su_catch_sig (int sig)
+{
+ caught_signal = true;
+}
+
+/* Export env variables declared by PAM modules */
+/* Export env variables declared by PAM modules. */
+static void
+export_pamenv(void)
+export_pamenv (void)
+{
+ char** env;
+ char **env;
+
+ /* this is a copy but don't care to free as we exec later anyways
+ * */
+ /* This is a copy but don't care to free as we exec later anyways. */
+ env = pam_getenvlist (pamh);
+ while (env && *env)
+ {
@ -477,16 +478,16 @@ Index: src/Makefile.am
+}
+
+static void
+create_watching_parent(void)
+create_watching_parent (void)
+{
+ pid_t child;
+ sigset_t ourset;
+ int status;
+
+ retval = pam_open_session (pamh,0);
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ cleanup_pam(retval);
+ cleanup_pam (retval);
+ error (EXIT_FAILURE, 0, _("cannot not open session: %s"),
+ pam_strerror (pamh, retval));
+ }
@ -496,7 +497,7 @@ Index: src/Makefile.am
+ child = fork ();
+ if (child == (pid_t) -1)
+ {
+ cleanup_pam(PAM_ABORT);
+ cleanup_pam (PAM_ABORT);
+ error (EXIT_FAILURE, errno, _("cannot create child process"));
+ }
+
@ -504,10 +505,10 @@ Index: src/Makefile.am
+ if (child == 0)
+ return;
+
+ /* in the parent watch the child */
+ /* In the parent watch the child. */
+
+ /* su without pam support does not have a helper that keeps
+ * sitting on any directory so let's go to / */
+ sitting on any directory so let's go to /. */
+ if (chdir ("/") != 0)
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
+
@ -564,7 +565,7 @@ Index: src/Makefile.am
+ kill (child, SIGTERM);
+ }
+
+ cleanup_pam(PAM_SUCCESS);
+ cleanup_pam (PAM_SUCCESS);
+
+ if (caught_signal)
+ {
@ -604,7 +605,7 @@ Index: src/Makefile.am
+ retval = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_BAIL_P (return false);
+ }
+#if 0 /* manpage discourages use of getlogin */
+#if 0 /* Manpage discourages use of getlogin. */
+ cp = getlogin ();
+ if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ()))
+#endif
@ -619,12 +620,12 @@ Index: src/Makefile.am
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval == PAM_NEW_AUTHTOK_REQD)
+ {
+ /* password has expired. Offer option to change it. */
+ /* Password has expired. Offer option to change it. */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ PAM_BAIL_P (return false);
+ }
+ PAM_BAIL_P (return false);
+ /* must be authenticated if this point was reached */
+ /* Must be authenticated if this point was reached. */
+ return true;
+#else /* !USE_PAM */
char *unencrypted, *encrypted, *correct;
@ -689,7 +690,7 @@ Index: src/Makefile.am
- error (EXIT_FAILURE, errno, _("cannot set groups"));
+ {
+#ifdef USE_PAM
+ cleanup_pam(PAM_ABORT);
+ cleanup_pam (PAM_ABORT);
+#endif
+ error (EXIT_FAILURE, errno, _("cannot set groups"));
+ }
@ -724,17 +725,17 @@ Index: src/Makefile.am
}
shell = xstrdup (shell ? shell : pw->pw_shell);
+
+ init_groups(pw);
+ init_groups (pw);
+
+#ifdef USE_PAM
+ create_watching_parent();
+ /* now we're in the child */
+ create_watching_parent ();
+ /* Now we're in the child. */
+#endif
+
+ change_identity(pw);
+ change_identity (pw);
+
+ /* Set environment after pam_open_session, which may put KRB5CCNAME
+ * into the pam_env, etc. */
+ into the pam_env, etc. */
+
modify_environment (pw, shell);

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Oct 21 11:31:35 CEST 2008 - schwab@suse.de
- Fix pam cleanup.
-------------------------------------------------------------------
Thu Sep 18 16:38:01 CEST 2008 - schwab@suse.de

View File

@ -24,7 +24,7 @@ Url: http://www.gnu.org/software/coreutils/
License: GNU Free Documentation License, Version 1.2 (GFDL 1.2); GPL v2 or later; GPL v3 or later
Group: System/Base
Version: 6.12
Release: 29
Release: 30
Provides: fileutils sh-utils stat textutils mktemp
Obsoletes: fileutils sh-utils stat textutils mktemp
Obsoletes: libselinux <= 1.23.11-3 libselinux-32bit = 9 libselinux-64bit = 9 libselinux-x86 = 9
@ -189,6 +189,8 @@ rm -rf $RPM_BUILD_ROOT
%defattr(-,root,root)
%changelog
* Tue Oct 21 2008 schwab@suse.de
- Fix pam cleanup.
* Thu Sep 18 2008 schwab@suse.de
- Move readlink and md5sum to /bin.
* Wed Aug 20 2008 schwab@suse.de