pool/pam
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a01288951c
pam/pam_issue-systemd.patch
Thorsten Kukuk a01288951c - pam_access: rework resolving of tokens as hostname 
- separate resolving of IP addresses from hostnames. Don't resolve TTYs or
    display variables as hostname.
  - Add "nodns" option to disallow resolving of tokens as hostname.
  - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, CVE-2024-10963]

OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=305
2024-12-06 09:32:46 +00:00

52 lines
1.6 KiB
Diff
Raw Blame History

From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@suse.com>
Date: Wed, 4 Sep 2024 16:07:56 +0200
Subject: [PATCH] pam_issue: only count class user
Since systemd added new types of classes (e.g. manager*), we cannot
use the count of all sessions anymore, but have to check which class
this is.
This is backward compatible, systemd v209 or newer is required.
---
modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
index aade642ec5..e2c555c405 100644
--- a/modules/pam_issue/pam_issue.c
+++ b/modules/pam_issue/pam_issue.c
@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
{
unsigned int users = 0;
#ifdef USE_LOGIND
- int sessions = sd_get_sessions(NULL);
+ char **sessions_list;
+ int sessions = sd_get_sessions(&sessions_list);
if (sessions < 0) {
pam_syslog(pamh, LOG_ERR, "logind error: %s",
strerror(-sessions));
_pam_drop(issue);
return PAM_SERVICE_ERR;
+ } else if (sessions > 0 && sessions_list != NULL) {
+ int i;
+
+ for (i = 0; i < sessions; i++) {
+ char *class;
+
+ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL)
+ continue;
+
+ if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete
+ users++;
+ free(class);
+ }
+
+ for (i = 0; i < sessions; i++)
+ free(sessions_list[i]);
+ free(sessions_list);
} else {
users = sessions;
}
Reference in New Issue View Git Blame Copy Permalink