diff --git a/coreutils-6.8-su.diff b/coreutils-6.8-su.diff index 6c2a851..6082b85 100644 --- a/coreutils-6.8-su.diff +++ b/coreutils-6.8-su.diff @@ -37,7 +37,7 @@ Index: src/Makefile.am ls_LDADD += $(LIB_ACL_TRIVIAL) $(LIB_ACL) --- src/getdef.c +++ src/getdef.c -@@ -0,0 +1,257 @@ +@@ -0,0 +1,259 @@ +/* Copyright (C) 2003, 2004, 2005 Thorsten Kukuk + Author: Thorsten Kukuk + @@ -70,9 +70,9 @@ Index: src/Makefile.am +#include "getdef.h" + +struct item { -+ char *name; /* name of the option. */ -+ char *value; /* value of the option. */ -+ struct item *next; /* pointer to next option. */ ++ char *name; /* Name of the option. */ ++ char *value; /* Value of the option. */ ++ struct item *next; /* Pointer to next option. */ +}; + +static struct item *list = NULL; @@ -109,12 +109,12 @@ Index: src/Makefile.am + abort (); + + new->name = strdup (name); -+ new->value = strdup (value?:""); ++ new->value = strdup (value ?: ""); + new->next = list; + list = new; +} + -+/* search a special entry in the list and return the value. */ ++/* Search a special entry in the list and return the value. */ +static const char * +search (const char *name) +{ @@ -131,7 +131,7 @@ Index: src/Makefile.am + return NULL; +} + -+/* Load the login.defs file (/etc/login.defs) */ ++/* Load the login.defs file (/etc/login.defs). */ +static void +load_defaults_internal (const char *filename) +{ @@ -173,7 +173,7 @@ Index: src/Makefile.am + tmp = strchr (cp, '#'); /* remove comments */ + if (tmp) + *tmp = '\0'; -+ while (isspace ((int)*cp)) /* remove spaces and tabs */ ++ while (isspace ((unsigned char) *cp)) /* remove spaces and tabs */ + ++cp; + if (*cp == '\0') /* ignore empty lines */ + continue; @@ -183,7 +183,7 @@ Index: src/Makefile.am + + tmp = strsep (&cp, " \t="); + if (cp != NULL) -+ while (isspace ((int)*cp) || *cp == '=') ++ while (isspace ((unsigned char) *cp) || *cp == '=') + ++cp; + + store (tmp, cp); @@ -232,9 +232,10 @@ Index: src/Makefile.am + if (val == NULL) + return dflt; + ++ errno = 0; + retval = strtol (val, &cp, 0); -+ if (*cp != '\0' || -+ ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE)) ++ if (*cp != '\0' ++ || ((retval == LONG_MAX || retval == LONG_MIN) && errno == ERANGE)) + { + fprintf (stderr, + "%s contains invalid numerical value: %s!\n", @@ -259,6 +260,7 @@ Index: src/Makefile.am + if (val == NULL) + return dflt; + ++ errno = 0; + retval = strtoul (val, &cp, 0); + if (*cp != '\0' || (retval == ULONG_MAX && errno == ERANGE)) + { @@ -417,7 +419,7 @@ Index: src/Makefile.am static void run_shell (char const *, char const *, char **, size_t) ATTRIBUTE_NORETURN; -@@ -215,7 +238,163 @@ log_su (struct passwd const *pw, bool su +@@ -215,7 +238,162 @@ log_su (struct passwd const *pw, bool su } #endif @@ -443,30 +445,29 @@ Index: src/Makefile.am +static void +cleanup_pam (int retcode) +{ -+ if (_pam_cred_established) -+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); -+ + if (_pam_session_opened) + pam_close_session (pamh, 0); + ++ if (_pam_cred_established) ++ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); ++ + pam_end(pamh, retcode); +} + -+/* Signal handler for parent process */ ++/* Signal handler for parent process. */ +static void +su_catch_sig (int sig) +{ + caught_signal = true; +} + -+/* Export env variables declared by PAM modules */ ++/* Export env variables declared by PAM modules. */ +static void -+export_pamenv(void) ++export_pamenv (void) +{ -+ char** env; ++ char **env; + -+ /* this is a copy but don't care to free as we exec later anyways -+ * */ ++ /* This is a copy but don't care to free as we exec later anyways. */ + env = pam_getenvlist (pamh); + while (env && *env) + { @@ -477,18 +478,18 @@ Index: src/Makefile.am +} + +static void -+create_watching_parent(void) ++create_watching_parent (void) +{ + pid_t child; + sigset_t ourset; + int status; + -+ retval = pam_open_session (pamh,0); ++ retval = pam_open_session (pamh, 0); + if (retval != PAM_SUCCESS) + { -+ cleanup_pam(retval); ++ cleanup_pam (retval); + error (EXIT_FAILURE, 0, _("cannot not open session: %s"), -+ pam_strerror (pamh, retval)); ++ pam_strerror (pamh, retval)); + } + else + _pam_session_opened = 1; @@ -496,7 +497,7 @@ Index: src/Makefile.am + child = fork (); + if (child == (pid_t) -1) + { -+ cleanup_pam(PAM_ABORT); ++ cleanup_pam (PAM_ABORT); + error (EXIT_FAILURE, errno, _("cannot create child process")); + } + @@ -504,10 +505,10 @@ Index: src/Makefile.am + if (child == 0) + return; + -+ /* in the parent watch the child */ ++ /* In the parent watch the child. */ + + /* su without pam support does not have a helper that keeps -+ * sitting on any directory so let's go to / */ ++ sitting on any directory so let's go to /. */ + if (chdir ("/") != 0) + error (0, errno, _("warning: cannot change directory to %s"), "/"); + @@ -564,7 +565,7 @@ Index: src/Makefile.am + kill (child, SIGTERM); + } + -+ cleanup_pam(PAM_SUCCESS); ++ cleanup_pam (PAM_SUCCESS); + + if (caught_signal) + { @@ -590,7 +591,7 @@ Index: src/Makefile.am + const char *cp; + + retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME, -+ pw->pw_name, &conv, &pamh); ++ pw->pw_name, &conv, &pamh); + PAM_BAIL_P (return false); + + if (isatty (0) && (cp = ttyname (0)) != NULL) @@ -604,7 +605,7 @@ Index: src/Makefile.am + retval = pam_set_item (pamh, PAM_TTY, tty); + PAM_BAIL_P (return false); + } -+#if 0 /* manpage discourages use of getlogin */ ++#if 0 /* Manpage discourages use of getlogin. */ + cp = getlogin (); + if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ())) +#endif @@ -619,12 +620,12 @@ Index: src/Makefile.am + retval = pam_acct_mgmt (pamh, 0); + if (retval == PAM_NEW_AUTHTOK_REQD) + { -+ /* password has expired. Offer option to change it. */ ++ /* Password has expired. Offer option to change it. */ + retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + PAM_BAIL_P (return false); + } + PAM_BAIL_P (return false); -+ /* must be authenticated if this point was reached */ ++ /* Must be authenticated if this point was reached. */ + return true; +#else /* !USE_PAM */ char *unencrypted, *encrypted, *correct; @@ -689,7 +690,7 @@ Index: src/Makefile.am - error (EXIT_FAILURE, errno, _("cannot set groups")); + { +#ifdef USE_PAM -+ cleanup_pam(PAM_ABORT); ++ cleanup_pam (PAM_ABORT); +#endif + error (EXIT_FAILURE, errno, _("cannot set groups")); + } @@ -724,17 +725,17 @@ Index: src/Makefile.am } shell = xstrdup (shell ? shell : pw->pw_shell); + -+ init_groups(pw); ++ init_groups (pw); + +#ifdef USE_PAM -+ create_watching_parent(); -+ /* now we're in the child */ ++ create_watching_parent (); ++ /* Now we're in the child. */ +#endif + -+ change_identity(pw); ++ change_identity (pw); + + /* Set environment after pam_open_session, which may put KRB5CCNAME -+ * into the pam_env, etc. */ ++ into the pam_env, etc. */ + modify_environment (pw, shell); diff --git a/coreutils.changes b/coreutils.changes index 1f3b607..933208e 100644 --- a/coreutils.changes +++ b/coreutils.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 21 11:31:35 CEST 2008 - schwab@suse.de + +- Fix pam cleanup. + ------------------------------------------------------------------- Thu Sep 18 16:38:01 CEST 2008 - schwab@suse.de diff --git a/coreutils.spec b/coreutils.spec index 9c105c3..37022ed 100644 --- a/coreutils.spec +++ b/coreutils.spec @@ -24,7 +24,7 @@ Url: http://www.gnu.org/software/coreutils/ License: GNU Free Documentation License, Version 1.2 (GFDL 1.2); GPL v2 or later; GPL v3 or later Group: System/Base Version: 6.12 -Release: 29 +Release: 30 Provides: fileutils sh-utils stat textutils mktemp Obsoletes: fileutils sh-utils stat textutils mktemp Obsoletes: libselinux <= 1.23.11-3 libselinux-32bit = 9 libselinux-64bit = 9 libselinux-x86 = 9 @@ -189,6 +189,8 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root) %changelog +* Tue Oct 21 2008 schwab@suse.de +- Fix pam cleanup. * Thu Sep 18 2008 schwab@suse.de - Move readlink and md5sum to /bin. * Wed Aug 20 2008 schwab@suse.de