- Add pam_loginuid-log_write_errors.diff: log significant loginuid
write errors - pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to xauth process OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=135
This commit is contained in:
Thorsten Kukuk
Git OBS Bridge
parent
fbe6371c54
commit
52e0c1287c
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Add pam_loginuid-log_write_errors.diff: log significant loginuid
|
||||||
|
write errors
|
||||||
|
- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to
|
||||||
|
xauth process
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de
|
Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de
|
||||||
|
|
||||||
|
|||||||
4
pam.spec
4
pam.spec
@ -53,6 +53,8 @@ Source8: etc.environment
|
|||||||
Source9: baselibs.conf
|
Source9: baselibs.conf
|
||||||
Patch0: fix-man-links.dif
|
Patch0: fix-man-links.dif
|
||||||
Patch1: Linux-PAM-git-20140127.diff
|
Patch1: Linux-PAM-git-20140127.diff
|
||||||
|
Patch2: pam_loginuid-log_write_errors.diff
|
||||||
|
Patch3: pam_xauth-sigpipe.diff
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -98,6 +100,8 @@ building both PAM-aware applications and modules for use with PAM.
|
|||||||
%setup -q -n Linux-PAM-%{version} -b 1
|
%setup -q -n Linux-PAM-%{version} -b 1
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
%patch1 -p2
|
%patch1 -p2
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="%optflags -DNDEBUG"
|
export CFLAGS="%optflags -DNDEBUG"
|
||||||
|
|||||||
47
pam_loginuid-log_write_errors.diff
Normal file
47
pam_loginuid-log_write_errors.diff
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
commit 256b50e1fce2f785f1032a1949dd2d1dbc17e250
|
||||||
|
Author: Dmitry V. Levin <ldv@altlinux.org>
|
||||||
|
Date: Sun Jan 19 14:12:59 2014 +0000
|
||||||
|
|
||||||
|
pam_loginuid: log significant loginuid write errors
|
||||||
|
|
||||||
|
* modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors
|
||||||
|
during /proc/self/loginuid update that are not ignored.
|
||||||
|
|
||||||
|
modules/pam_loginuid/pam_loginuid.c | 12 +++++++++---
|
||||||
|
1 files changed, 9 insertions(+), 3 deletions(-)
|
||||||
|
---
|
||||||
|
diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c
|
||||||
|
index c476f7b..73c42f9 100644
|
||||||
|
--- a/modules/pam_loginuid/pam_loginuid.c
|
||||||
|
+++ b/modules/pam_loginuid/pam_loginuid.c
|
||||||
|
@@ -75,8 +75,8 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
|
||||||
|
rc = PAM_IGNORE;
|
||||||
|
}
|
||||||
|
if (rc != PAM_IGNORE) {
|
||||||
|
- pam_syslog(pamh, LOG_ERR,
|
||||||
|
- "Cannot open /proc/self/loginuid: %m");
|
||||||
|
+ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m",
|
||||||
|
+ "/proc/self/loginuid");
|
||||||
|
}
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
@@ -88,8 +88,14 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid)
|
||||||
|
goto done; /* already correct */
|
||||||
|
}
|
||||||
|
if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 &&
|
||||||
|
- pam_modutil_write(fd, loginuid, count) == count)
|
||||||
|
+ pam_modutil_write(fd, loginuid, count) == count) {
|
||||||
|
rc = PAM_SUCCESS;
|
||||||
|
+ } else {
|
||||||
|
+ if (rc != PAM_IGNORE) {
|
||||||
|
+ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m",
|
||||||
|
+ "/proc/self/loginuid");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
done:
|
||||||
|
close(fd);
|
||||||
|
return rc;
|
||||||
|
_______________________________________________
|
||||||
|
linux-pam-commits mailing list
|
||||||
|
linux-pam-commits@lists.fedorahosted.org
|
||||||
|
https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits
|
||||||
36
pam_xauth-sigpipe.diff
Normal file
36
pam_xauth-sigpipe.diff
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
commit 47db675c910a065fa9602753a904b050b0322f29
|
||||||
|
Author: Dmitry V. Levin <ldv@altlinux.org>
|
||||||
|
Date: Fri Jan 24 13:38:38 2014 +0000
|
||||||
|
|
||||||
|
pam_xauth: avoid potential SIGPIPE when writing to xauth process
|
||||||
|
|
||||||
|
Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8.
|
||||||
|
|
||||||
|
* modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process,
|
||||||
|
close the read end of input pipe after writing to its write end.
|
||||||
|
|
||||||
|
modules/pam_xauth/pam_xauth.c | 2 +-
|
||||||
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||||
|
---
|
||||||
|
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
|
||||||
|
index 7075547..c7ce55a 100644
|
||||||
|
--- a/modules/pam_xauth/pam_xauth.c
|
||||||
|
+++ b/modules/pam_xauth/pam_xauth.c
|
||||||
|
@@ -179,12 +179,12 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We're the parent, so close the other ends of the pipes. */
|
||||||
|
- close(ipipe[0]);
|
||||||
|
close(opipe[1]);
|
||||||
|
/* Send input to the process (if we have any), then send an EOF. */
|
||||||
|
if (input) {
|
||||||
|
(void)pam_modutil_write(ipipe[1], input, strlen(input));
|
||||||
|
}
|
||||||
|
+ close(ipipe[0]); /* close here to avoid possible SIGPIPE above */
|
||||||
|
close(ipipe[1]);
|
||||||
|
|
||||||
|
/* Read data output until we run out of stuff to read. */
|
||||||
|
_______________________________________________
|
||||||
|
linux-pam-commits mailing list
|
||||||
|
linux-pam-commits@lists.fedorahosted.org
|
||||||
|
https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits
|
||||||
Loading…
Reference in New Issue
Block a user