pool/pam_mount
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 27109 from Linux-PAM

Browse Source 
Copy from Linux-PAM/pam_mount based on submit request 27109 from user mcalmer

OBS-URL: https://build.opensuse.org/request/show/27109
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_mount?expand=0&rev=33
This commit is contained in:
OBS User autobuild 2009-12-18 14:14:31 +00:00 committed by Git OBS Bridge
parent 29b136c663
commit 1b56352a74
9 changed files with 23 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pam_mount-0.47-enable-logout-kill.dif
View File

@ -1,8 +1,8 @@
Index: pam_mount-1.27/config/pam_mount.conf.xml Index: pam_mount-1.32/config/pam_mount.conf.xml
=================================================================== ===================================================================
--- pam_mount-1.27.orig/config/pam_mount.conf.xml --- pam_mount-1.32.orig/config/pam_mount.conf.xml
+++ pam_mount-1.27/config/pam_mount.conf.xml +++ pam_mount-1.32/config/pam_mount.conf.xml
@@ -29,7 +29,7 @@ @@ -33,7 +33,7 @@
<mntoptions require="nosuid,nodev" /> <mntoptions require="nosuid,nodev" />
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path> <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>

39
pam_mount-1.27-fix-krb5-env.dif
View File

@ -1,39 +0,0 @@
Index: pam_mount-1.27/doc/changelog.txt
===================================================================
--- pam_mount-1.27.orig/doc/changelog.txt
+++ pam_mount-1.27/doc/changelog.txt
@@ -4,6 +4,7 @@ For details, see the history as recorded
Fixes:
- pam_mount: avoid crash in sudo by not calling setenv() with NULL
+- pam_mount: unwind krb5 environment info at the right time
- umount.crypt: do not remove entry from /etc/mtab twice
v1.27 (July 01 2009)
Index: pam_mount-1.27/src/pam_mount.c
===================================================================
--- pam_mount-1.27.orig/src/pam_mount.c
+++ pam_mount-1.27/src/pam_mount.c
@@ -550,9 +550,10 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open
ret = PAM_SERVICE_ERR;
}
}
- memset(system_authtok, 0, strlen(system_authtok));
- if (krb5 != NULL)
- unsetenv("KRB5CCNAME");
+ if (system_authtok != NULL) {
+ memset(system_authtok, 0, strlen(system_authtok));
+ free(system_authtok);
+ }
modify_pm_count(&Config, Config.user, "1");
envpath_restore();
if (getuid() == 0)
@@ -570,6 +571,8 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open
*/
ret = PAM_SUCCESS;
out:
+ if (krb5 != NULL)
+ unsetenv("KRB5CCNAME");
w4rn("done opening session (ret=%d)\n", ret);
common_exit();
return ret;

29
pam_mount-1.27-fix-mtab-handling.dif
View File

@ -1,29 +0,0 @@
Index: pam_mount-1.27/doc/changelog.txt
===================================================================
--- pam_mount-1.27.orig/doc/changelog.txt
+++ pam_mount-1.27/doc/changelog.txt
@@ -4,7 +4,7 @@ For details, see the history as recorded
Fixes:
- pam_mount: avoid crash in sudo by not calling setenv() with NULL
-
+- umount.crypt: do not remove entry from /etc/mtab twice
v1.27 (July 01 2009)
====================
Index: pam_mount-1.27/src/mtcrypt.c
===================================================================
--- pam_mount-1.27.orig/src/mtcrypt.c
+++ pam_mount-1.27/src/mtcrypt.c
@@ -563,9 +563,8 @@ static int mtcr_umount(struct umount_opt
umount_args[argk++] = "umount";
#ifdef __linux__
- umount_args[argk++] = "-i";
- if (opt->no_update)
- umount_args[argk++] = "-n";
+ /* Always pass in -n, as we manually edit /etc/mtab */
+ umount_args[argk++] = "-ni";
#endif
umount_args[argk++] = mountpoint;
umount_args[argk] = NULL;

57
pam_mount-1.27-fix-sudo-crash.dif
View File

@ -1,57 +0,0 @@
diff --git a/doc/changelog.txt b/doc/changelog.txt
index 5107e9b..bdc37f0 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -2,6 +2,10 @@
For details, see the history as recorded in the git repository.
+Fixes:
+- pam_mount: avoid crash in sudo by not calling setenv() with NULL
+
+
v1.27 (July 01 2009)
====================
Changes:
diff --git a/src/pam_mount.c b/src/pam_mount.c
index 87262bd..73da556 100644
--- a/src/pam_mount.c
+++ b/src/pam_mount.c
@@ -451,7 +451,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
{
struct vol *vol;
int ret;
- unsigned int krb5_set;
+ const char *krb5;
char *system_authtok = NULL;
const void *tmp;
int getval;
@@ -464,11 +464,17 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
w4rn(PACKAGE_STRING ": entering session stage\n");
/*
+ * Environment variables set with setenv() only last while PAM is
+ * active, i.e. disappear when the shell is started. On the other hand,
+ * variabled fed to pam_putenv() are only visible once the shell
+ * started.
+ */
+ /*
* Get the Kerberos CCNAME so we can make it available to the
* mount command later on.
*/
- krb5_set = getenv("KRB5CCNAME") != NULL;
- if (setenv("KRB5CCNAME", pam_getenv(pamh, "KRB5CCNAME"), 1) < 0)
+ krb5 = pam_getenv(pamh, "KRB5CCNAME");
+ if (krb5 != NULL && setenv("KRB5CCNAME", krb5, true) < 0)
l0g("KRB5CCNAME setenv failed\n");
/* Store initialized config as PAM data */
@@ -545,7 +551,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
}
}
memset(system_authtok, 0, strlen(system_authtok));
- if (krb5_set)
+ if (krb5 != NULL)
unsetenv("KRB5CCNAME");
modify_pm_count(&Config, Config.user, "1");
envpath_restore();

24
pam_mount-1.27-uid_guid-handling.dif
View File

@ -1,24 +0,0 @@
diff --git a/src/rdconf1.c b/src/rdconf1.c
index 0a90de7..9ec29f8 100644
--- a/src/rdconf1.c
+++ b/src/rdconf1.c
@@ -959,8 +959,7 @@ static int rc_volume_cond_uid(const struct passwd *pwd, xmlNode *node)
continue;
ret = __rc_volume_cond_id(signed_cast(const char *,
node->content), pwd->pw_uid);
- if (ret < 0)
- return ret;
+ return ret;
}
l0g("config: empty or invalid content for <%s>\n", "uid");
@@ -981,8 +980,7 @@ static int rc_volume_cond_gid(const struct passwd *pwd, xmlNode *node)
continue;
ret = __rc_volume_cond_id(signed_cast(const char *,
node->content), pwd->pw_gid);
- if (ret < 0)
- return ret;
+ return ret;
}
l0g("config: empty or invalid content for <%s>\n", "gid");

3
pam_mount-1.27.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:37a5121e81113b05029200aaba5104dd1ac2c1e68906c31d373a04b1606c2011
size 329455

3
pam_mount-1.32.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76786345ea182a3ac53808c71340e36d999ab2ed318ca24a70af2eb1d447437c
size 330255

11
pam_mount.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Fri Dec 18 13:14:17 CET 2009 - mc@suse.de
- update to version 1.32
* luserconf: fix skipping luser volume mounting
* config: allow arbitrary source paths for tmpfs
* fix a potential strlen(NULL) on login
* umount.crypt: do not remove entry from /etc/mtab twice
* luserconf: delayed parsing and mounting of luserconf volumes
* documentation fixes
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 19 11:12:36 CET 2009 - mc@suse.de Thu Nov 19 11:12:36 CET 2009 - mc@suse.de

18
pam_mount.spec
View File

@ -1,5 +1,5 @@
# #
# spec file for package pam_mount (Version 1.27) # spec file for package pam_mount (Version 1.32)
# #
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -22,16 +22,16 @@ Name: pam_mount
BuildRequires: perl-XML-Parser perl-XML-Writer BuildRequires: perl-XML-Parser perl-XML-Writer
BuildRequires: libtool pam-devel >= 0.99 pkg-config >= 0.19 BuildRequires: libtool pam-devel >= 0.99 pkg-config >= 0.19
BuildRequires: libxml2-devel >= 2.6 openssl-devel >= 0.9.8 BuildRequires: libxml2-devel >= 2.6 openssl-devel >= 0.9.8
BuildRequires: libHX-devel >= 2.8 BuildRequires: libHX-devel >= 3.0.1
BuildRequires: linux-kernel-headers >= 2.6 BuildRequires: linux-kernel-headers >= 2.6
Summary: A PAM Module that can Mount Volumes for a User Session Summary: A PAM Module that can Mount Volumes for a User Session
Version: 1.27 Version: 1.32
Release: 2 Release: 1
# psmisc: /bin/fuser # psmisc: /bin/fuser
Recommends: cryptsetup Recommends: cryptsetup
Recommends: cifs-mount xfsprogs Recommends: cifs-mount xfsprogs
Requires: util-linux Requires: util-linux
License: LGPL v2.1 or later License: LGPLv2.1+
Prefix: /usr Prefix: /usr
Group: System/Libraries Group: System/Libraries
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
@ -40,10 +40,6 @@ Source2: convert_keyhash.pl
Source3: mount.crypt Source3: mount.crypt
Source4: mount.encfs13 Source4: mount.encfs13
Patch1: pam_mount-0.47-enable-logout-kill.dif Patch1: pam_mount-0.47-enable-logout-kill.dif
Patch2: pam_mount-1.27-fix-sudo-crash.dif
Patch3: pam_mount-1.27-fix-mtab-handling.dif
Patch4: pam_mount-1.27-uid_guid-handling.dif
Patch5: pam_mount-1.27-fix-krb5-env.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://pam-mount.sourceforge.net/ Url: http://pam-mount.sourceforge.net/
PreReq: coreutils, perl-XML-Writer, perl-XML-Parser PreReq: coreutils, perl-XML-Writer, perl-XML-Parser
@ -64,10 +60,6 @@ dm-crypt and LUKS.
%prep %prep
%setup -q %setup -q
%patch1 -p1 %patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build %build
%{suse_update_config -f} %{suse_update_config -f}