forked from pool/coreutils
49b16878b2
- Improvements:
* As a GNU extension, 'chmod', 'mkdir', and 'install' now accept
operators '-', '+', '=' followed by octal modes;
* Also, ordinary numeric modes with five or more digits no longer
preserve setuid and setgid bits, so that 'chmod 00755 FOO' now
clears FOO's setuid and setgid bits.
* dd now accepts the count_bytes, skip_bytes iflags and the
seek_bytes oflag, to more easily allow processing portions of a
file.
* dd now accepts the conv=sparse flag to attempt to create sparse
output, by seeking rather than writing to the output file.
* ln now accepts the --relative option, to generate a relative
symbolic link to a target, irrespective of how the target is
specified.
* split now accepts an optional "from" argument to
--numeric-suffixes, which changes the start number from the
default of 0.
* split now accepts the --additional-suffix option, to append an
additional static suffix to output file names.
* basename now supports the -a and -s options, which allow
processing of more than one argument at a time. Also the
complementary -z option was added to delimit output items with
the NUL character.
* dirname now supports more than one argument. Also the complementary
z option was added to delimit output items with the NUL character.
- Bug fixes
* du --one-file-system (-x) would ignore any non-directory
specified on the command line. For example, "touch f; du -x f"
would print nothing. [bug introduced in coreutils-8.15]
* mv now lets you move a symlink onto a same-inode destination
file that has two or more hard links.
* "mv A B" could succeed, yet A would remain.
* realpath no longer mishandles a root directory.
- Improvements
* ls can be much more efficient, especially with large directories
on file systems for which getfilecon-, ACL-check- and XATTR-
check-induced syscalls fail with ENOTSUP or similar.
* 'realpath --relative-base=dir' in isolation now implies
'--relative-to=dir' instead of causing a usage failure.
* split now supports an unlimited number of split files as default
behavior.
For a detaild list se NEWS in the documentation.
- Add up-to-date german translation.
- Add two upstream patches that speed up ls (bnc#752943):
* Cache (l)getfilecon calls to avoid the vast majority of the failing
underlying getxattr syscalls.
* Avoids always-failing queries for whether a file has a nontrivial
ACL and for whether a file has certain "capabilities".
OBS-URL: https://build.opensuse.org/package/show/Base:System/coreutils?expand=0&rev=147
403 lines
10 KiB
Diff
403 lines
10 KiB
Diff
From 8b1e75c55ea6be5c8639c98b73ecfa0cf15226ce Mon Sep 17 00:00:00 2001
|
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
Date: Tue, 17 Aug 2010 13:21:44 +0200
|
|
Subject: [PATCH 1/7] pam support for su
|
|
|
|
---
|
|
configure.ac | 14 +++
|
|
src/Makefile.am | 4 +-
|
|
src/su.c | 266 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
|
3 files changed, 278 insertions(+), 6 deletions(-)
|
|
|
|
Index: configure.ac
|
|
===================================================================
|
|
--- configure.ac.orig 2012-03-24 19:22:13.000000000 +0100
|
|
+++ configure.ac 2012-04-16 12:59:28.737919405 +0200
|
|
@@ -185,6 +185,20 @@ fi
|
|
|
|
AC_FUNC_FORK
|
|
|
|
+AC_ARG_ENABLE(pam, AS_HELP_STRING([--disable-pam],
|
|
+ [Enable PAM support in su (default=auto)]), , [enable_pam=yes])
|
|
+if test "x$enable_pam" != xno; then
|
|
+ AC_CHECK_LIB([pam], [pam_start], [enable_pam=yes], [enable_pam=no])
|
|
+ AC_CHECK_LIB([pam_misc], [misc_conv], [:], [enable_pam=no])
|
|
+ if test "x$enable_pam" != xno; then
|
|
+ AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
|
|
+ PAM_LIBS="-lpam -lpam_misc"
|
|
+ AC_SUBST(PAM_LIBS)
|
|
+ fi
|
|
+fi
|
|
+AC_MSG_CHECKING([whether to enable PAM support in su])
|
|
+AC_MSG_RESULT([$enable_pam])
|
|
+
|
|
optional_bin_progs=
|
|
AC_CHECK_FUNCS([chroot],
|
|
gl_ADD_PROG([optional_bin_progs], [chroot]))
|
|
Index: src/Makefile.am
|
|
===================================================================
|
|
--- src/Makefile.am.orig 2012-03-24 19:22:13.000000000 +0100
|
|
+++ src/Makefile.am 2012-04-16 12:59:28.737919405 +0200
|
|
@@ -357,8 +357,8 @@ factor_LDADD += $(LIB_GMP)
|
|
# for getloadavg
|
|
uptime_LDADD += $(GETLOADAVG_LIBS)
|
|
|
|
-# for crypt
|
|
-su_LDADD += $(LIB_CRYPT)
|
|
+# for crypt and pam
|
|
+su_LDADD += $(LIB_CRYPT) $(PAM_LIBS)
|
|
|
|
# for various ACL functions
|
|
copy_LDADD += $(LIB_ACL)
|
|
Index: src/su.c
|
|
===================================================================
|
|
--- src/su.c.orig 2012-03-24 19:22:13.000000000 +0100
|
|
+++ src/su.c 2012-04-16 13:00:06.496924665 +0200
|
|
@@ -37,6 +37,16 @@
|
|
restricts who can su to UID 0 accounts. RMS considers that to
|
|
be fascist.
|
|
|
|
+#ifdef USE_PAM
|
|
+
|
|
+ Actually, with PAM, su has nothing to do with whether or not a
|
|
+ wheel group is enforced by su. RMS tries to restrict your access
|
|
+ to a su which implements the wheel group, but PAM considers that
|
|
+ to be fascist, and gives the user/sysadmin the opportunity to
|
|
+ enforce a wheel group by proper editing of /etc/pam.d/su
|
|
+
|
|
+#endif
|
|
+
|
|
Compile-time options:
|
|
-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
|
|
-DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
|
|
@@ -52,6 +62,13 @@
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
+#ifdef USE_PAM
|
|
+#include <security/pam_appl.h>
|
|
+#include <security/pam_misc.h>
|
|
+#include <signal.h>
|
|
+#include <sys/wait.h>
|
|
+#include <sys/fsuid.h>
|
|
+#endif
|
|
|
|
#include "system.h"
|
|
#include "getpass.h"
|
|
@@ -111,7 +128,9 @@
|
|
/* The user to become if none is specified. */
|
|
#define DEFAULT_USER "root"
|
|
|
|
+#ifndef USE_PAM
|
|
char *crypt (char const *key, char const *salt);
|
|
+#endif
|
|
|
|
static void run_shell (char const *, char const *, char **, size_t)
|
|
ATTRIBUTE_NORETURN;
|
|
@@ -125,6 +144,11 @@ static bool simulate_login;
|
|
/* If true, change some environment vars to indicate the user su'd to. */
|
|
static bool change_environment;
|
|
|
|
+#ifdef USE_PAM
|
|
+static bool _pam_session_opened;
|
|
+static bool _pam_cred_established;
|
|
+#endif
|
|
+
|
|
static struct option const longopts[] =
|
|
{
|
|
{"command", required_argument, NULL, 'c'},
|
|
@@ -203,7 +227,164 @@ log_su (struct passwd const *pw, bool su
|
|
}
|
|
#endif
|
|
|
|
+#ifdef USE_PAM
|
|
+#define PAM_SERVICE_NAME PROGRAM_NAME
|
|
+#define PAM_SERVICE_NAME_L PROGRAM_NAME "-l"
|
|
+static sig_atomic_t volatile caught_signal = false;
|
|
+static pam_handle_t *pamh = NULL;
|
|
+static int retval;
|
|
+static struct pam_conv conv =
|
|
+{
|
|
+ misc_conv,
|
|
+ NULL
|
|
+};
|
|
+
|
|
+#define PAM_BAIL_P(a) \
|
|
+ if (retval) \
|
|
+ { \
|
|
+ pam_end (pamh, retval); \
|
|
+ a; \
|
|
+ }
|
|
+
|
|
+static void
|
|
+cleanup_pam (int retcode)
|
|
+{
|
|
+ if (_pam_session_opened)
|
|
+ pam_close_session (pamh, 0);
|
|
+
|
|
+ if (_pam_cred_established)
|
|
+ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT);
|
|
+
|
|
+ pam_end(pamh, retcode);
|
|
+}
|
|
+
|
|
+/* Signal handler for parent process. */
|
|
+static void
|
|
+su_catch_sig (int sig)
|
|
+{
|
|
+ caught_signal = true;
|
|
+}
|
|
+
|
|
+/* Export env variables declared by PAM modules. */
|
|
+static void
|
|
+export_pamenv (void)
|
|
+{
|
|
+ char **env;
|
|
+
|
|
+ /* This is a copy but don't care to free as we exec later anyways. */
|
|
+ env = pam_getenvlist (pamh);
|
|
+ while (env && *env)
|
|
+ {
|
|
+ if (putenv (*env) != 0)
|
|
+ xalloc_die ();
|
|
+ env++;
|
|
+ }
|
|
+}
|
|
+
|
|
+static void
|
|
+create_watching_parent (void)
|
|
+{
|
|
+ pid_t child;
|
|
+ sigset_t ourset;
|
|
+ int status = 0;
|
|
+
|
|
+ retval = pam_open_session (pamh, 0);
|
|
+ if (retval != PAM_SUCCESS)
|
|
+ {
|
|
+ cleanup_pam (retval);
|
|
+ error (EXIT_FAILURE, 0, _("cannot not open session: %s"),
|
|
+ pam_strerror (pamh, retval));
|
|
+ }
|
|
+ else
|
|
+ _pam_session_opened = 1;
|
|
+
|
|
+ child = fork ();
|
|
+ if (child == (pid_t) -1)
|
|
+ {
|
|
+ cleanup_pam (PAM_ABORT);
|
|
+ error (EXIT_FAILURE, errno, _("cannot create child process"));
|
|
+ }
|
|
+
|
|
+ /* the child proceeds to run the shell */
|
|
+ if (child == 0)
|
|
+ return;
|
|
+
|
|
+ /* In the parent watch the child. */
|
|
+
|
|
+ /* su without pam support does not have a helper that keeps
|
|
+ sitting on any directory so let's go to /. */
|
|
+ if (chdir ("/") != 0)
|
|
+ error (0, errno, _("warning: cannot change directory to %s"), "/");
|
|
+
|
|
+ sigfillset (&ourset);
|
|
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL))
|
|
+ {
|
|
+ error (0, errno, _("cannot block signals"));
|
|
+ caught_signal = true;
|
|
+ }
|
|
+ if (!caught_signal)
|
|
+ {
|
|
+ struct sigaction action;
|
|
+ action.sa_handler = su_catch_sig;
|
|
+ sigemptyset (&action.sa_mask);
|
|
+ action.sa_flags = 0;
|
|
+ sigemptyset (&ourset);
|
|
+ if (sigaddset (&ourset, SIGTERM)
|
|
+ || sigaddset (&ourset, SIGALRM)
|
|
+ || sigaction (SIGTERM, &action, NULL)
|
|
+ || sigprocmask (SIG_UNBLOCK, &ourset, NULL))
|
|
+ {
|
|
+ error (0, errno, _("cannot set signal handler"));
|
|
+ caught_signal = true;
|
|
+ }
|
|
+ }
|
|
+ if (!caught_signal)
|
|
+ {
|
|
+ pid_t pid;
|
|
+ for (;;)
|
|
+ {
|
|
+ pid = waitpid (child, &status, WUNTRACED);
|
|
+
|
|
+ if (pid != (pid_t)-1 && WIFSTOPPED (status))
|
|
+ {
|
|
+ kill (getpid (), SIGSTOP);
|
|
+ /* once we get here, we must have resumed */
|
|
+ kill (pid, SIGCONT);
|
|
+ }
|
|
+ else
|
|
+ break;
|
|
+ }
|
|
+ if (pid != (pid_t)-1)
|
|
+ if (WIFSIGNALED (status))
|
|
+ status = WTERMSIG (status) + 128;
|
|
+ else
|
|
+ status = WEXITSTATUS (status);
|
|
+ else
|
|
+ status = 1;
|
|
+ }
|
|
+ else
|
|
+ status = 1;
|
|
+
|
|
+ if (caught_signal)
|
|
+ {
|
|
+ fprintf (stderr, _("\nSession terminated, killing shell..."));
|
|
+ kill (child, SIGTERM);
|
|
+ }
|
|
+
|
|
+ cleanup_pam (PAM_SUCCESS);
|
|
+
|
|
+ if (caught_signal)
|
|
+ {
|
|
+ sleep (2);
|
|
+ kill (child, SIGKILL);
|
|
+ fprintf (stderr, _(" ...killed.\n"));
|
|
+ }
|
|
+ exit (status);
|
|
+}
|
|
+#endif
|
|
+
|
|
/* Ask the user for a password.
|
|
+ If PAM is in use, let PAM ask for the password if necessary.
|
|
Return true if the user gives the correct password for entry PW,
|
|
false if not. Return true without asking for a password if run by UID 0
|
|
or if PW has an empty password. */
|
|
@@ -211,10 +392,52 @@ log_su (struct passwd const *pw, bool su
|
|
static bool
|
|
correct_password (const struct passwd *pw)
|
|
{
|
|
+#ifdef USE_PAM
|
|
+ const struct passwd *lpw;
|
|
+ const char *cp;
|
|
+
|
|
+ retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME,
|
|
+ pw->pw_name, &conv, &pamh);
|
|
+ PAM_BAIL_P (return false);
|
|
+
|
|
+ if (isatty (0) && (cp = ttyname (0)) != NULL)
|
|
+ {
|
|
+ const char *tty;
|
|
+
|
|
+ if (strncmp (cp, "/dev/", 5) == 0)
|
|
+ tty = cp + 5;
|
|
+ else
|
|
+ tty = cp;
|
|
+ retval = pam_set_item (pamh, PAM_TTY, tty);
|
|
+ PAM_BAIL_P (return false);
|
|
+ }
|
|
+#if 0 /* Manpage discourages use of getlogin. */
|
|
+ cp = getlogin ();
|
|
+ if (!(cp && *cp && (lpw = getpwnam (cp)) != NULL && lpw->pw_uid == getuid ()))
|
|
+#endif
|
|
+ lpw = getpwuid (getuid ());
|
|
+ if (lpw && lpw->pw_name)
|
|
+ {
|
|
+ retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name);
|
|
+ PAM_BAIL_P (return false);
|
|
+ }
|
|
+ retval = pam_authenticate (pamh, 0);
|
|
+ PAM_BAIL_P (return false);
|
|
+ retval = pam_acct_mgmt (pamh, 0);
|
|
+ if (retval == PAM_NEW_AUTHTOK_REQD)
|
|
+ {
|
|
+ /* Password has expired. Offer option to change it. */
|
|
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
|
+ PAM_BAIL_P (return false);
|
|
+ }
|
|
+ PAM_BAIL_P (return false);
|
|
+ /* Must be authenticated if this point was reached. */
|
|
+ return true;
|
|
+#else /* !USE_PAM */
|
|
char *unencrypted, *encrypted, *correct;
|
|
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
|
|
/* Shadow passwd stuff for SVR3 and maybe other systems. */
|
|
- struct spwd *sp = getspnam (pw->pw_name);
|
|
+ const struct spwd *sp = getspnam (pw->pw_name);
|
|
|
|
endspent ();
|
|
if (sp)
|
|
@@ -235,6 +458,7 @@ correct_password (const struct passwd *p
|
|
encrypted = crypt (unencrypted, correct);
|
|
memset (unencrypted, 0, strlen (unencrypted));
|
|
return STREQ (encrypted, correct);
|
|
+#endif /* !USE_PAM */
|
|
}
|
|
|
|
/* Update 'environ' for the new shell based on PW, with SHELL being
|
|
@@ -277,19 +501,41 @@ modify_environment (const struct passwd
|
|
}
|
|
}
|
|
}
|
|
+
|
|
+#ifdef USE_PAM
|
|
+ export_pamenv ();
|
|
+#endif
|
|
}
|
|
|
|
/* Become the user and group(s) specified by PW. */
|
|
|
|
static void
|
|
-change_identity (const struct passwd *pw)
|
|
+init_groups (const struct passwd *pw)
|
|
{
|
|
#ifdef HAVE_INITGROUPS
|
|
errno = 0;
|
|
if (initgroups (pw->pw_name, pw->pw_gid) == -1)
|
|
- error (EXIT_CANCELED, errno, _("cannot set groups"));
|
|
+ {
|
|
+#ifdef USE_PAM
|
|
+ cleanup_pam (PAM_ABORT);
|
|
+#endif
|
|
+ error (EXIT_FAILURE, errno, _("cannot set groups"));
|
|
+ }
|
|
endgrent ();
|
|
#endif
|
|
+
|
|
+#ifdef USE_PAM
|
|
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
|
|
+ if (retval != PAM_SUCCESS)
|
|
+ error (EXIT_FAILURE, 0, "%s", pam_strerror (pamh, retval));
|
|
+ else
|
|
+ _pam_cred_established = 1;
|
|
+#endif
|
|
+}
|
|
+
|
|
+static void
|
|
+change_identity (const struct passwd *pw)
|
|
+{
|
|
if (setgid (pw->pw_gid))
|
|
error (EXIT_CANCELED, errno, _("cannot set group id"));
|
|
if (setuid (pw->pw_uid))
|
|
@@ -502,9 +748,21 @@ main (int argc, char **argv)
|
|
shell = NULL;
|
|
}
|
|
shell = xstrdup (shell ? shell : pw->pw_shell);
|
|
- modify_environment (pw, shell);
|
|
+
|
|
+ init_groups (pw);
|
|
+
|
|
+#ifdef USE_PAM
|
|
+ create_watching_parent ();
|
|
+ /* Now we're in the child. */
|
|
+#endif
|
|
|
|
change_identity (pw);
|
|
+
|
|
+ /* Set environment after pam_open_session, which may put KRB5CCNAME
|
|
+ into the pam_env, etc. */
|
|
+
|
|
+ modify_environment (pw, shell);
|
|
+
|
|
if (simulate_login && chdir (pw->pw_dir) != 0)
|
|
error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
|
|
|