From 9d79541e95b60796224323f8850fe2d8e673ac1d45e3872995df5927dce39915 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Mon, 19 Oct 2020 07:48:15 +0000
Subject: [PATCH] Revert: https://bugzilla.opensuse.org/show_bug.cgi?id=1177858

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=104
---
 pam-login_defs-check.sh   |   4 +-
 pam-xauth_ownership.patch | 106 --------------------------------------
 pam.changes               |  28 ----------
 pam.spec                  |   2 -
 4 files changed, 2 insertions(+), 138 deletions(-)
 delete mode 100644 pam-xauth_ownership.patch

diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh
index b559d79..d1f9e38 100644
--- a/pam-login_defs-check.sh
+++ b/pam-login_defs-check.sh
@@ -9,10 +9,10 @@ set -o errexit
 
 echo -n "Checking login.defs variables in pam... " >&2
 grep -rh LOGIN_DEFS . |
-	sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
+	sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' |
 	LC_ALL=C sort -u >pam-login_defs-vars.lst
 
-if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3c6e0020c31609690b69ef391654df930b74151d ; then
+if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then
 
 	echo "does not match!" >&2
 	echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2
diff --git a/pam-xauth_ownership.patch b/pam-xauth_ownership.patch
deleted file mode 100644
index 737af6f..0000000
--- a/pam-xauth_ownership.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
-===================================================================
---- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c
-+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c
-@@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh,
- 	char *cookiefile = NULL, *xauthority = NULL,
- 	     *cookie = NULL, *display = NULL, *tmp = NULL,
- 	     *xauthlocalhostname = NULL;
--	const char *user, *xauth = NULL;
-+	const char *user, *xauth = NULL, *login_name;
- 	struct passwd *tpwd, *rpwd;
- 	int fd, i, debug = 0;
- 	int retval = PAM_SUCCESS;
--	uid_t systemuser = 499, targetuser = 0;
-+	uid_t systemuser = 499, targetuser = 0, uid;
-+	gid_t gid;
-+	struct stat st;
- 
- 	/* Parse arguments.  We don't understand many, so no sense in breaking
- 	 * this into a separate function. */
-@@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh,
- 		retval = PAM_SESSION_ERR;
- 		goto cleanup;
- 	}
--	rpwd = pam_modutil_getpwuid(pamh, getuid());
-+
-+	login_name = pam_modutil_getlogin(pamh);
-+	if (login_name == NULL) {
-+		login_name = "";
-+	}
-+	if (*login_name)
-+		rpwd = pam_modutil_getpwnam(pamh, login_name);
-+	else
-+		rpwd = pam_modutil_getpwuid(pamh, getuid());
-+
- 	if (rpwd == NULL) {
- 		pam_syslog(pamh, LOG_ERR,
- 			   "error determining invoking user's name");
-@@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh,
- 			   cookiefile);
- 	}
- 
-+	/* Get owner and group of the cookiefile */
-+	uid = getuid();
-+	gid = getgid();
-+	if (stat(cookiefile, &st) == 0) {
-+		uid = st.st_uid;
-+		gid = st.st_gid;
-+	}
-+
- 	/* Read the user's .Xauthority file.  Because the current UID is
- 	 * the original user's UID, this will only fail if something has
- 	 * gone wrong, or we have no cookies. */
- 	if (debug) {
- 		pam_syslog(pamh, LOG_DEBUG,
--			   "running \"%s %s %s %s %s\" as %lu/%lu",
--			   xauth, "-f", cookiefile, "nlist", display,
--			   (unsigned long) getuid(), (unsigned long) getgid());
-+			   "running \"%s %s %s %s %s %s\" as %lu/%lu",
-+			   xauth, "-i", "-f", cookiefile, "nlist", display,
-+			   (unsigned long) uid, (unsigned long) gid);
- 	}
- 	if (run_coprocess(pamh, NULL, &cookie,
--			  getuid(), getgid(),
--			  xauth, "-f", cookiefile, "nlist", display,
-+			  uid, gid,
-+			  xauth, "-i", "-f", cookiefile, "nlist", display,
- 			  NULL) == 0) {
- #ifdef WITH_SELINUX
- 		security_context_t context = NULL;
-@@ -583,12 +602,12 @@ pam_sm_open_session (pam_handle_t *pamh,
- 						       cookiefile,
- 						       "nlist",
- 						       t,
--						       (unsigned long) getuid(),
--						       (unsigned long) getgid());
-+						       (unsigned long) uid,
-+						       (unsigned long) gid);
- 					}
- 					run_coprocess(pamh, NULL, &cookie,
--						      getuid(), getgid(),
--						      xauth, "-f", cookiefile,
-+						      uid, gid,
-+						      xauth, "-i", "-f", cookiefile,
- 						      "nlist", t, NULL);
- 				}
- 				free(t);
-@@ -673,13 +692,17 @@ pam_sm_open_session (pam_handle_t *pamh,
- 			goto cleanup;
- 		}
- 
-+		if (debug) {
-+			pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'",
-+				   xauthority);
-+		}
- 		/* Set the new variable in the environment. */
- 		if (pam_putenv (pamh, xauthority) != PAM_SUCCESS)
- 			pam_syslog(pamh, LOG_ERR,
- 				   "can't set environment variable '%s'",
- 				   xauthority);
- 		putenv (xauthority); /* The environment owns this string now. */
--		xauthority = NULL; /* Don't free environment variables. */
-+		/* Don't free environment variables nor set them to NULL. */
- 
- 		/* set $DISPLAY in pam handle to make su - work */
- 		{
diff --git a/pam.changes b/pam.changes
index f8ad70f..f2c199e 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,31 +1,3 @@
--------------------------------------------------------------------
-Wed Oct  8 13:31:39 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
-
-- /usr/bin/xauth chokes on the old user's $HOME being on an NFS
-  file system. Run /usr/bin/xauth using the old user's uid/gid
-  Patch courtesy of Dr. Werner Fink.
-  [bsc#1174593, pam-xauth_ownership.patch]
-
--------------------------------------------------------------------
-Thu Oct  8 02:33:16 UTC 2020 - Stanislav Brabec <sbrabec@suse.com>
-
-- pam-login_defs-check.sh: Fix the regexp to get a real variable
-  list (boo#1164274).
-
--------------------------------------------------------------------
-Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
-
-- Revert the previous change [SR#815713].
-  The group is not necessary for PAM functionality but used only
-  during testing. The test system should therefore create this group.
-  [bsc#1171016, pam.spec]
-
--------------------------------------------------------------------
-Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
-
-- Add requirement for group "wheel" to spec file.
-  [bsc#1171016, pam.spec]
-
 -------------------------------------------------------------------
 Mon Jun  8 13:19:12 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/pam.spec b/pam.spec
index 6fc5819..cff51f0 100644
--- a/pam.spec
+++ b/pam.spec
@@ -47,7 +47,6 @@ Source11:       unix2_chkpwd.8
 Source12:       pam-login_defs-check.sh
 Patch2:         pam-limit-nproc.patch
 Patch4:         pam-hostnames-in-access_conf.patch
-Patch5:         pam-xauth_ownership.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  cracklib-devel
@@ -140,7 +139,6 @@ removed with one of the next releases.
 cp -a %{SOURCE12} .
 %patch2 -p1
 %patch4 -p1
-%patch5 -p1
 
 %build
 bash ./pam-login_defs-check.sh