SHA256
1
0
forked from pool/pam-config
Dominique Leuenberger 2021-06-12 18:05:25 +00:00 committed by Git OBS Bridge
commit 4dce58607f
4 changed files with 120 additions and 0 deletions

View File

@ -0,0 +1,42 @@
Index: pam-config-1.3/src/mod_pam_keyinit.c
===================================================================
--- pam-config-1.3.orig/src/mod_pam_keyinit.c
+++ pam-config-1.3/src/mod_pam_keyinit.c
@@ -47,20 +47,15 @@ write_config_keyinit (pam_module_t *this
fp = create_service_file (gl_service);
if (!fp) return 0;
- fprintf(stderr, "writeit=%d, is_written=%d\n", writeit, is_written);
while (cfg_content != NULL)
{
- fprintf(stderr, "cfg_content->line = >>%s", cfg_content->line);
if (writeit)
{
- fprintf(stderr, "writeit=%d\n", writeit);
if (!is_written)
{
- fprintf(stderr, "is_written=%d\n", is_written);
/* write this entry as the first in the session part */
if (strstr(cfg_content->line, "session") != NULL)
{
- fprintf(stderr, "strstr(cfg_content->line, \"session\") != NULL\n");
write_entry(fp, opt_set);
is_written = 1;
}
@@ -97,7 +92,6 @@ write_config_keyinit (pam_module_t *this
static void
write_entry(FILE *fp, option_set_t *opt_set)
{
- fprintf(stderr, "write_entry(fp, opt_set)\n");
fprintf (fp, "session optional\tpam_keyinit.so revoke ");
if (opt_set->is_enabled (opt_set, "force"))
fprintf (fp, "force ");
@@ -121,7 +115,7 @@ PRINT_ARGS("keyinit")
PRINT_XMLHELP("keyinit")
/* ---- contruct module object ---- */
-DECLARE_BOOL_OPTS_3 (is_enabled, debug, force);
+DECLARE_BOOL_OPTS_4 (is_enabled, debug, force, revoke);
DECLARE_STRING_OPTS_0;
DECLARE_OPT_SETS;

View File

@ -0,0 +1,54 @@
Index: pam-config-1.3/src/pam-config.c
===================================================================
--- pam-config-1.3.orig/src/pam-config.c
+++ pam-config-1.3/src/pam-config.c
@@ -1075,19 +1075,10 @@ main (int argc, char *argv[])
if (debug)
printf ("*** write_config (%s/pam.d/%s)\n", confdir, gl_service);
- /* Check if service file exists */
- char *conffile;
- if (asprintf (&conffile, "%s/pam.d/%s", confdir, gl_service) < 0)
- return 1;
-
- if (access (conffile, R_OK) != 0)
- {
- fprintf (stderr, _("Cannot access '%s': %m\n"), conffile);
- free (conffile);
- return 1;
- }
- free (conffile);
-
+ /*
+ * Note that the modules in service_module_list[]
+ * do not use the "op" and the "fp" parameters.
+ */
while (*modptr != NULL)
{
retval |= (*modptr)->write_config (*modptr, -1, NULL);
Index: pam-config-1.3/src/single_config.c
===================================================================
--- pam-config-1.3.orig/src/single_config.c
+++ pam-config-1.3/src/single_config.c
@@ -245,12 +245,15 @@ create_service_file (const char *service
return NULL;
if (stat (conffile, &f_stat) != 0)
- {
- fprintf (stderr, _("Cannot stat '%s': %m\n"), conffile);
- free (tmp_file);
- free (conffile);
- return NULL;
- }
+ {
+ /* Make them owned by root and writable only by root */
+ fprintf (stderr, _("Cannot stat '%s': %m\n"), conffile);
+
+ memset(&f_stat, 0, sizeof(struct stat)); /* To be on the safe side ... */
+ f_stat.st_mode = 0644;
+ f_stat.st_uid = 0;
+ f_stat.st_gid = 0;
+ }
free (conffile);
fd = mkstemp (tmp_file);

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Tue Jun 8 12:46:00 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
- Add "revoke" to the option list for pam_keyinit
(Remove some leftover debugs while we're at it)
[pam-config-fix-pam_keyinit-options.patch]
-------------------------------------------------------------------
Tue Jun 8 12:23:47 UTC 2021 - Josef Möllers <josef.moellers@suse.com>
- prior to writing an service-specific config file, the main function
calls access() on the destination file in /etc/pam.d.
This will fail and no config file will be written when the original
config file was installed in /usr/etc/pam.d.
A similar problem exists when creating the new service file:
create_service_file() wants to give the new service file the same
user, group and mode as the old one, but the old one may not exist.
In that case, set these to 0(root), 0(root), and 0644.
[pam-config-remove-bad-access-call.patch]
-------------------------------------------------------------------
Fri May 1 20:32:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>

View File

@ -24,6 +24,8 @@ License: GPL-2.0-only
Group: System/Management
URL: https://github.com/SUSE/pam-config
Source: %{name}-%{version}.tar.xz
Patch1: pam-config-remove-bad-access-call.patch
Patch2: pam-config-fix-pam_keyinit-options.patch
PreReq: pam >= 1.3.0
Recommends: pam_pwquality
@ -36,6 +38,8 @@ add/adjust/remove other PAM modules and their options.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%build
%configure