OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam_mount?expand=0&rev=25

2009-01-12 17:18:12 +00:00 · 2009-01-12 17:18:12 +00:00 · f3711b373a
commit f3711b373a
parent 07f87dca59
6 changed files with 118 additions and 5 deletions
--- a/pam_mount-0.47-convert-add-logout.dif
+++ b/pam_mount-0.47-convert-add-logout.dif
@ -0,0 +1,44 @@
+--- orig/pam_mount-0.47/scripts/convert_pam_mount_conf.pl	2008-09-05 05:28:34.000000000 +0200
+++ pam_mount-0.47/scripts/convert_pam_mount_conf.pl	2009-01-10 18:07:15.000000000 +0100
+@@ -26,6 +26,7 @@
+ 
+ my %callbacks = (
+ 	"debug"           => \&callback_debug,
+        "logout"          => \&callback_logout,
+ 	"mkmountpoint"    => \&callback_mkmountpoint,
+ 	"fsckloop"        => \&callback_fsckloop,
+ 	"luserconf"       => \&callback_luserconf,
+@@ -67,6 +68,14 @@
+ 	$writer->emptyTag("debug", "enable" => $fields[1]);
+ }
+ 
+sub callback_logout
+{
+	my @fields = @_;
+
+        # we create a default entry here, fields are not evaluated
+	$writer->emptyTag("logout", "wait" => "2000", "hup" => "0", "term" => "1", "kill" => "1");
+}
+
+ sub callback_mkmountpoint
+ {
+ 	my @fields = @_;
+@@ -401,6 +415,18 @@
+ 			      "-" x 40, "\n";
+ 			return 1;
+ 		}
+
+                # insert new <logout> field after debug
+
+                if( $fields[0] eq "debug" )
+                {
+                       if ($debug) {
+                                print STDERR "callback_logout called: (default)\n";
+                        }
+
+                        $callbacks{"logout"}->();
+                        $writer->raw("\n\n");
+                }
+ 	}
+ 
+ 	return 0;
--- a/pam_mount-0.47-enable-logout-kill.dif
+++ b/pam_mount-0.47-enable-logout-kill.dif
@ -0,0 +1,11 @@
+--- orig/pam_mount-0.47/config/pam_mount.conf.xml	2008-09-05 05:28:34.000000000 +0200
+++ pam_mount-0.47/config/pam_mount.conf.xml	2009-01-10 17:52:15.000000000 +0100
+@@ -33,7 +33,7 @@
+ <mntoptions require="nosuid,nodev" />
+ <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
+ 
+-<logout wait="0" hup="0" term="0" kill="0" />
+<logout wait="2000" hup="0" term="1" kill="1" />
+ 
+ 
+ 		<!-- pam_mount parameters: Volume-related -->
--- a/pam_mount-0.47-fix-logout.dif
+++ b/pam_mount-0.47-fix-logout.dif
@ -0,0 +1,11 @@
+--- src/ofl-lib.c
+++ src/ofl-lib.c	2009/01/12 09:29:20
+@@ -206,7 +206,7 @@
+ 	while ((de = HXdir_read(dir)) != NULL) {
+ 		if (*de == '.')
+ 			continue;
+-		snprintf(tmp, sizeof(tmp), "%s/%s", path, de);
+		snprintf(tmp, sizeof(tmp), "%s/%s/fd", path, de);
+ 		if (lstat(tmp, &data->sb) < 0 || !S_ISDIR(data->sb.st_mode))
+ 			continue;
+ 		ofl_taskfd(mnt, tmp, data);
--- a/pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif
+++ b/pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif
@ -0,0 +1,18 @@
+--- src/rdconf2.c
+++ src/rdconf2.c	2009/01/12 12:16:30
+@@ -158,6 +158,7 @@
+ 			misc_log("Luser volume for %s is missing options that "
+ 			         "are required by global <mntoptions>\n",
+ 			         vol->mountpoint);
+			return false;
+ 		}
+ 		if (config->options_allow->items != 0 &&
+ 		    !allow_ok(config->options_allow, &vol->options)) {
+@@ -171,6 +172,7 @@
+ 			misc_log("Luser volume for %s has options that are "
+ 			         "denied by global <mntoptions>\n",
+ 			         vol->mountpoint);
+			return false;
+ 		}
+ 	}
+ 
--- a/pam_mount.changes
+++ b/pam_mount.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Mon Jan 12 11:23:15 CET 2009 - mc@suse.de
+
+- fix <logout> feature (bnc#461333)
+  * enable automatic wait, term and kill. Required to terminate
+    pulseaudio
+  * add <logout> during convert to converted config
+- remove passwdehd. (CVE-2008-5138) (bnc#465303)
+  does not work at all with new config format.
+- recognize required and deny options for luserconf
+  (bnc#463524)
+
 -------------------------------------------------------------------
 Tue Nov  4 13:55:40 CET 2008 - mc@suse.de

--- a/pam_mount.spec
+++ b/pam_mount.spec
@ -1,7 +1,7 @@
 #
 # spec file for package pam_mount (Version 0.47)
 #
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -23,7 +23,7 @@ BuildRequires:  libHX-devel libxml2-devel lzma openssl-devel pam-devel perl-XML-
 BuildRequires:  linux-kernel-headers
 Summary:        A PAM Module that can Mount Volumes for a User Session
 Version:        0.47
-Release:        12
+Release:        14
 # psmisc: /bin/fuser
 Recommends:     cifs-mount psmisc
 Recommends:     cryptsetup
@ -37,6 +37,10 @@ Patch2:         pam_mount-0.47-fix-decrypt-key.dif
 Patch3:         pam_mount-0.47-fix-replace-options.dif
 Patch4:         pam_mount-0.47-fix-deny_ok.dif
 Patch5:         pam_mount-0.47-remove-lsof-convert.dif
+Patch6:         pam_mount-0.47-fix-logout.dif
+Patch7:         pam_mount-0.47-enable-logout-kill.dif
+Patch8:         pam_mount-0.47-convert-add-logout.dif
+Patch9:         pam_mount-0.47-recognize-required-and-deny-option-for-luserconfig.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://pam-mount.sourceforge.net/
 PreReq:         coreutils, perl-XML-Writer
@ -77,6 +81,10 @@ include it and send me patches.
 %patch3
 %patch4
 %patch5
+%patch6
+%patch7 -p1
+%patch8 -p1
+%patch9

 %build
 %{suse_update_config -f}
@ -94,6 +102,8 @@ mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/security
 # remove mount_ehd, it's only for OpenBSD
 rm $RPM_BUILD_ROOT%{_prefix}/bin/mount_ehd
 rm $RPM_BUILD_ROOT%{_mandir}/man8/mount_ehd.8
+rm $RPM_BUILD_ROOT%{_prefix}/bin/passwdehd
+rm $RPM_BUILD_ROOT%{_mandir}/man8/passwdehd.8
 #install the docs
 mkdir -p ${RPM_BUILD_ROOT}/%_docdir/%{name}/examples
 cp doc/bugs.txt doc/changelog.txt LICENSE* doc/faq.txt doc/todo.txt doc/options.txt doc/pam_mount.txt ${RPM_BUILD_ROOT}/%_docdir/%name/
@ -117,7 +127,6 @@ rm -rf $RPM_BUILD_ROOT
 /%{_lib}/security/pam_mount*.so
 %{_prefix}/bin/mkehd
 %{_prefix}/bin/autoehd
-%{_prefix}/bin/passwdehd
 %{_prefix}/bin/pmt-fd0ssh
 %{_prefix}/bin/pmt-ofl
 /sbin/mount.crypt
@ -131,11 +140,19 @@ rm -rf $RPM_BUILD_ROOT
 %doc %{_mandir}/man8/autoehd.8.gz
 %doc %{_mandir}/man8/mount.crypt.8.gz
 %doc %{_mandir}/man8/pam_mount.8.gz
-%doc %{_mandir}/man8/passwdehd.8.gz
 %doc %{_mandir}/man8/pmvarrun.8.gz
 %doc %{_mandir}/man8/umount.crypt.8.gz

 %changelog
+* Mon Jan 12 2009 mc@suse.de
+- fix <logout> feature (bnc#461333)
+  * enable automatic wait, term and kill. Required to terminate
+  pulseaudio
+  * add <logout> during convert to converted config
+- remove passwdehd. (CVE-2008-5138) (bnc#465303)
+  does not work at all with new config format.
+- recognize required and deny options for luserconf
+  (bnc#463524)
 * Tue Nov 04 2008 mc@suse.de
 - fix failing convert script. (bnc#438842)
 * Mon Oct 27 2008 mc@suse.de
@ -290,7 +307,7 @@ rm -rf $RPM_BUILD_ROOT
 - Update to version 0.9.25
 * Mon Apr 11 2005 kukuk@suse.de
 - Update to version 0.9.22 [Bug #65110]
-* Fri Jan 16 2004 kukuk@suse.de
+* Thu Jan 15 2004 kukuk@suse.de
 - Build as user
 - Add pam-devel to neededforbuild
 * Mon Jan 12 2004 kukuk@suse.de