[rsh] rshd: close pam session correctly

Michal Sekletar msekleta at fedoraproject.org
Mon Apr 15 13:19:08 UTC 2013 

commit c1be0dc4110aff85293db4b45fda8b92ee13840c
Author: Michal Sekletar <msekleta at redhat.com>
Date:   Thu Apr 11 13:29:07 2013 +0200

    rshd: close pam session correctly
    
    When client does not ask for separate error channel rshd will execute
    the requested command on top of itself, thus is never able to close
    opened pam session. In addition it then closes all file descriptors
    except stdin, stdout and stderr. This closing of descriptors will
    close descriptor used by pam_systemd module and triggers logind to
    kill the process.
    
    Patch contributed by Tom Hughes, <tom at compton.nu>
    
    Resolves RHBZ #896583.
    
    Signed-off-by: Michal Sekletar <msekleta at redhat.com>

 netkit-rsh-0.17-rh896583.patch |   22 ++++++++++++++++++++++
 rsh.spec                       |    2 ++
 2 files changed, 24 insertions(+), 0 deletions(-)
---
diff --git a/netkit-rsh-0.17-rh896583.patch b/netkit-rsh-0.17-rh896583.patch
new file mode 100644
index 0000000..447c79a
--- /dev/null
+++ b/netkit-rsh-0.17-rh896583.patch
@@ -0,0 +1,22 @@
+--- rshd/rshd.c.orig	2013-01-17 14:33:14.694727753 +0000
++++ rshd/rshd.c	2013-01-17 14:43:53.302906217 +0000
+@@ -531,6 +531,19 @@
+ 		close(pv[0]);
+ 		dup2(pv[1], 2);
+ 		close(pv[1]);
++	} else {
++		pid = fork();
++		if (pid == -1)  {
++			error("Can't fork; try again.\n");
++			exit(1);
++		}
++		if (pid) {
++			waitpid(pid, NULL, 0);
++			pam_close_session(pamh, 0);
++			pam_end(pamh, PAM_SUCCESS);
++			exit(0);
++		}
++		setpgrp();
+ 	}
+ 	theshell = pwd->pw_shell;
+ 	if (!theshell || !*theshell) {
diff --git a/rsh.spec b/rsh.spec
index 86185c2..3e8f8ba 100644
--- a/rsh.spec
+++ b/rsh.spec
@@ -81,6 +81,7 @@ Patch40: netkit-rsh-0.17-rh473492.patch
 Patch41: netkit-rsh-0.17-rh650119.patch
 Patch42: netkit-rsh-0.17-rh710987.patch
 Patch43: netkit-rsh-0.17-rh784467.patch
+Patch44: netkit-rsh-0.17-rh896583.patch
 
 %description
 The rsh package contains a set of programs which allow users to run
@@ -152,6 +153,7 @@ from other machines
 %patch41 -p1 -b .rh650119
 %patch42 -p1 -b .rh710987
 %patch43 -p1 -b .rh784467
+%patch44 -b .rh896583
 
 # No, I don't know what this is doing in the tarball.
 rm -f rexec/rexec

More information about the scm-commits mailing list