Accepting request 898637 from Linux-PAM

OBS-URL: https://build.opensuse.org/request/show/898637 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam-config?expand=0&rev=84
2021-06-12 18:05:25 +00:00 · 2021-06-12 18:05:25 +00:00 · 4dce58607f
commit 4dce58607f
parent 97ffcc6a61 feefdc5717
4 changed files with 120 additions and 0 deletions
--- a/pam-config-fix-pam_keyinit-options.patch
+++ b/pam-config-fix-pam_keyinit-options.patch
@ -0,0 +1,42 @@
 Index: pam-config-1.3/src/mod_pam_keyinit.c
 ===================================================================
 --- pam-config-1.3.orig/src/mod_pam_keyinit.c
 +++ pam-config-1.3/src/mod_pam_keyinit.c
@@ -47,20 +47,15 @@ write_config_keyinit (pam_module_t *this
   fp = create_service_file (gl_service);
   if (!fp) return 0;
 -  fprintf(stderr, "writeit=%d, is_written=%d\n", writeit, is_written);
   while (cfg_content != NULL)
   {
 -    fprintf(stderr, "cfg_content->line = >>%s", cfg_content->line);
     if (writeit)
     {
 -      fprintf(stderr, "writeit=%d\n", writeit);
       if (!is_written)
       {
 -	fprintf(stderr, "is_written=%d\n", is_written);
 	/* write this entry as the first in the session part */
 	if (strstr(cfg_content->line, "session") != NULL)
 	{
 -	  fprintf(stderr, "strstr(cfg_content->line, \"session\") != NULL\n");
 	  write_entry(fp, opt_set);
 	  is_written = 1;
 	}
@@ -97,7 +92,6 @@ write_config_keyinit (pam_module_t *this
 static void
 write_entry(FILE *fp, option_set_t *opt_set)
 {
 -  fprintf(stderr, "write_entry(fp, opt_set)\n");
   fprintf (fp, "session  optional\tpam_keyinit.so revoke ");
   if (opt_set->is_enabled (opt_set, "force"))
     fprintf (fp, "force ");
@@ -121,7 +115,7 @@ PRINT_ARGS("keyinit")
 PRINT_XMLHELP("keyinit")
 /* ---- contruct module object ---- */
 -DECLARE_BOOL_OPTS_3 (is_enabled, debug, force);
 +DECLARE_BOOL_OPTS_4 (is_enabled, debug, force, revoke);
 DECLARE_STRING_OPTS_0;
 DECLARE_OPT_SETS;
--- a/pam-config-remove-bad-access-call.patch
+++ b/pam-config-remove-bad-access-call.patch
@ -0,0 +1,54 @@
 Index: pam-config-1.3/src/pam-config.c
 ===================================================================
 --- pam-config-1.3.orig/src/pam-config.c
 +++ pam-config-1.3/src/pam-config.c
@@ -1075,19 +1075,10 @@ main (int argc, char *argv[])
       if (debug)
 		  printf ("*** write_config (%s/pam.d/%s)\n", confdir, gl_service);
 -      /* Check if service file exists */
 -      char *conffile;
 -      if (asprintf (&conffile, "%s/pam.d/%s", confdir, gl_service) < 0)
 -	return 1;
 -
 -      if (access (conffile, R_OK) != 0)
 -      {
 -	fprintf (stderr, _("Cannot access '%s': %m\n"), conffile);
 -	free (conffile);
 -	return 1;
 -      }
 -      free (conffile);
 -
 +      /*
 +       * Note that the modules in service_module_list[]
 +       * do not use the "op" and the "fp" parameters.
 +       */
       while (*modptr != NULL)
 	{
 	  retval |= (*modptr)->write_config (*modptr, -1, NULL);
 Index: pam-config-1.3/src/single_config.c
 ===================================================================
 --- pam-config-1.3.orig/src/single_config.c
 +++ pam-config-1.3/src/single_config.c
@@ -245,12 +245,15 @@ create_service_file (const char *service
     return NULL;
   if (stat (conffile, &f_stat) != 0)
 -  {
 -    fprintf (stderr, _("Cannot stat '%s': %m\n"), conffile);
 -    free (tmp_file);
 -    free (conffile);
 -    return NULL;
 -  }
 +    {
 +      /* Make them owned by root and writable only by root */
 +      fprintf (stderr, _("Cannot stat '%s': %m\n"), conffile);
 +
 +      memset(&f_stat, 0, sizeof(struct stat));	/* To be on the safe side ... */
 +      f_stat.st_mode = 0644;
 +      f_stat.st_uid = 0;
 +      f_stat.st_gid = 0;
 +    }
   free (conffile);
   fd = mkstemp (tmp_file);
--- a/pam-config.changes
+++ b/pam-config.changes
@ -1,3 +1,23 @@
 -------------------------------------------------------------------
 Tue Jun  8 12:46:00 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
 - Add "revoke" to the option list for pam_keyinit
  (Remove some leftover debugs while we're at it)
  [pam-config-fix-pam_keyinit-options.patch]
 -------------------------------------------------------------------
 Tue Jun  8 12:23:47 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
 - prior to writing an service-specific config file, the main function
  calls access() on the destination file in /etc/pam.d.
  This will fail and no config file will be written when the original
  config file was installed in /usr/etc/pam.d.
  A similar problem exists when creating the new service file:
  create_service_file() wants to give the new service file the same
  user, group and mode as the old one, but the old one may not exist.
  In that case, set these to 0(root), 0(root), and 0644.
  [pam-config-remove-bad-access-call.patch]
 -------------------------------------------------------------------
 Fri May  1 20:32:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
--- a/pam-config.spec
+++ b/pam-config.spec
@ -24,6 +24,8 @@ License:        GPL-2.0-only
 Group:          System/Management
 URL:            https://github.com/SUSE/pam-config
 Source:         %{name}-%{version}.tar.xz
 Patch1:         pam-config-remove-bad-access-call.patch
 Patch2:         pam-config-fix-pam_keyinit-options.patch
 PreReq:         pam >= 1.3.0
 Recommends:     pam_pwquality
@ -36,6 +38,8 @@ add/adjust/remove other PAM modules and their options.
 %prep
 %setup -q
 %patch1 -p1
 %patch2 -p1
 %build
 %configure