pool/pam
SHA256
4
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
pam/git-20130916.diff
Thorsten Kukuk 7e0a049e63 - Replace fix-compiler-warnings.diff with current git snapshot 
(git-20130916.diff) for pam_unix.so:
  - fix glibc warnings
  - fix syntax error in SELinux code
  - fix crash at login

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=117
2013-09-16 09:59:31 +00:00

57 lines
2.3 KiB
Diff
Raw Blame History

diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 865dc29..8ec4449 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m");
+ printf("-1\n");
+ fflush(stdout);
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 9bc1cd9..9aae3b0 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const
close(fds[0]); /* close here to avoid possible SIGPIPE above */
close(fds[1]);
/* wait for helper to complete: */
- while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR);
+ while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR);
if (rc<0) {
pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
retval = PAM_AUTHTOK_ERR;
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index d8f4a6f..19d72e6 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
free (val);
/* read number of rounds for crypt algo */
- if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) {
+ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) {
val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS);
if (val) {
@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
if (geteuid() == 0) {
/* must set the real uid to 0 so the helper will not error
out if pam is called from setuid binary (su, sudo...) */
- setuid(0);
+ if (setuid(0) == -1) {
+ D(("setuid failed"));
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
}
/* exec binary helper */
Reference in New Issue View Git Blame Copy Permalink