forked from pool/pam-config
Accepting request 898637 from Linux-PAM
OBS-URL: https://build.opensuse.org/request/show/898637 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam-config?expand=0&rev=84
This commit is contained in:
commit
4dce58607f
42
pam-config-fix-pam_keyinit-options.patch
Normal file
42
pam-config-fix-pam_keyinit-options.patch
Normal file
@ -0,0 +1,42 @@
|
||||
Index: pam-config-1.3/src/mod_pam_keyinit.c
|
||||
===================================================================
|
||||
--- pam-config-1.3.orig/src/mod_pam_keyinit.c
|
||||
+++ pam-config-1.3/src/mod_pam_keyinit.c
|
||||
@@ -47,20 +47,15 @@ write_config_keyinit (pam_module_t *this
|
||||
fp = create_service_file (gl_service);
|
||||
if (!fp) return 0;
|
||||
|
||||
- fprintf(stderr, "writeit=%d, is_written=%d\n", writeit, is_written);
|
||||
while (cfg_content != NULL)
|
||||
{
|
||||
- fprintf(stderr, "cfg_content->line = >>%s", cfg_content->line);
|
||||
if (writeit)
|
||||
{
|
||||
- fprintf(stderr, "writeit=%d\n", writeit);
|
||||
if (!is_written)
|
||||
{
|
||||
- fprintf(stderr, "is_written=%d\n", is_written);
|
||||
/* write this entry as the first in the session part */
|
||||
if (strstr(cfg_content->line, "session") != NULL)
|
||||
{
|
||||
- fprintf(stderr, "strstr(cfg_content->line, \"session\") != NULL\n");
|
||||
write_entry(fp, opt_set);
|
||||
is_written = 1;
|
||||
}
|
||||
@@ -97,7 +92,6 @@ write_config_keyinit (pam_module_t *this
|
||||
static void
|
||||
write_entry(FILE *fp, option_set_t *opt_set)
|
||||
{
|
||||
- fprintf(stderr, "write_entry(fp, opt_set)\n");
|
||||
fprintf (fp, "session optional\tpam_keyinit.so revoke ");
|
||||
if (opt_set->is_enabled (opt_set, "force"))
|
||||
fprintf (fp, "force ");
|
||||
@@ -121,7 +115,7 @@ PRINT_ARGS("keyinit")
|
||||
PRINT_XMLHELP("keyinit")
|
||||
|
||||
/* ---- contruct module object ---- */
|
||||
-DECLARE_BOOL_OPTS_3 (is_enabled, debug, force);
|
||||
+DECLARE_BOOL_OPTS_4 (is_enabled, debug, force, revoke);
|
||||
DECLARE_STRING_OPTS_0;
|
||||
DECLARE_OPT_SETS;
|
||||
|
54
pam-config-remove-bad-access-call.patch
Normal file
54
pam-config-remove-bad-access-call.patch
Normal file
@ -0,0 +1,54 @@
|
||||
Index: pam-config-1.3/src/pam-config.c
|
||||
===================================================================
|
||||
--- pam-config-1.3.orig/src/pam-config.c
|
||||
+++ pam-config-1.3/src/pam-config.c
|
||||
@@ -1075,19 +1075,10 @@ main (int argc, char *argv[])
|
||||
if (debug)
|
||||
printf ("*** write_config (%s/pam.d/%s)\n", confdir, gl_service);
|
||||
|
||||
- /* Check if service file exists */
|
||||
- char *conffile;
|
||||
- if (asprintf (&conffile, "%s/pam.d/%s", confdir, gl_service) < 0)
|
||||
- return 1;
|
||||
-
|
||||
- if (access (conffile, R_OK) != 0)
|
||||
- {
|
||||
- fprintf (stderr, _("Cannot access '%s': %m\n"), conffile);
|
||||
- free (conffile);
|
||||
- return 1;
|
||||
- }
|
||||
- free (conffile);
|
||||
-
|
||||
+ /*
|
||||
+ * Note that the modules in service_module_list[]
|
||||
+ * do not use the "op" and the "fp" parameters.
|
||||
+ */
|
||||
while (*modptr != NULL)
|
||||
{
|
||||
retval |= (*modptr)->write_config (*modptr, -1, NULL);
|
||||
Index: pam-config-1.3/src/single_config.c
|
||||
===================================================================
|
||||
--- pam-config-1.3.orig/src/single_config.c
|
||||
+++ pam-config-1.3/src/single_config.c
|
||||
@@ -245,12 +245,15 @@ create_service_file (const char *service
|
||||
return NULL;
|
||||
|
||||
if (stat (conffile, &f_stat) != 0)
|
||||
- {
|
||||
- fprintf (stderr, _("Cannot stat '%s': %m\n"), conffile);
|
||||
- free (tmp_file);
|
||||
- free (conffile);
|
||||
- return NULL;
|
||||
- }
|
||||
+ {
|
||||
+ /* Make them owned by root and writable only by root */
|
||||
+ fprintf (stderr, _("Cannot stat '%s': %m\n"), conffile);
|
||||
+
|
||||
+ memset(&f_stat, 0, sizeof(struct stat)); /* To be on the safe side ... */
|
||||
+ f_stat.st_mode = 0644;
|
||||
+ f_stat.st_uid = 0;
|
||||
+ f_stat.st_gid = 0;
|
||||
+ }
|
||||
|
||||
free (conffile);
|
||||
fd = mkstemp (tmp_file);
|
@ -1,3 +1,23 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 8 12:46:00 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
|
||||
|
||||
- Add "revoke" to the option list for pam_keyinit
|
||||
(Remove some leftover debugs while we're at it)
|
||||
[pam-config-fix-pam_keyinit-options.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 8 12:23:47 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
|
||||
|
||||
- prior to writing an service-specific config file, the main function
|
||||
calls access() on the destination file in /etc/pam.d.
|
||||
This will fail and no config file will be written when the original
|
||||
config file was installed in /usr/etc/pam.d.
|
||||
A similar problem exists when creating the new service file:
|
||||
create_service_file() wants to give the new service file the same
|
||||
user, group and mode as the old one, but the old one may not exist.
|
||||
In that case, set these to 0(root), 0(root), and 0644.
|
||||
[pam-config-remove-bad-access-call.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 1 20:32:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
|
@ -24,6 +24,8 @@ License: GPL-2.0-only
|
||||
Group: System/Management
|
||||
URL: https://github.com/SUSE/pam-config
|
||||
Source: %{name}-%{version}.tar.xz
|
||||
Patch1: pam-config-remove-bad-access-call.patch
|
||||
Patch2: pam-config-fix-pam_keyinit-options.patch
|
||||
PreReq: pam >= 1.3.0
|
||||
Recommends: pam_pwquality
|
||||
|
||||
@ -36,6 +38,8 @@ add/adjust/remove other PAM modules and their options.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
%configure
|
||||
|
Loading…
Reference in New Issue
Block a user