rpms/krb5/devel krb5-1.7-pam.patch,1.3,1.4
Nalin Dahyabhai
nalin at fedoraproject.org
Thu Dec 3 23:23:54 UTC 2009
- Previous message: rpms/gflags/devel .cvsignore, 1.4, 1.5 gflags.spec, 1.7, 1.8 import.log, 1.3, 1.4 sources, 1.4, 1.5
- Next message: rpms/krb5/devel krb5.spec,1.215,1.216
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/extras/rpms/krb5/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31609
Modified Files:
krb5-1.7-pam.patch
Log Message:
- ksu: move account management checks to before we drop privileges, like
su does (#540769)
krb5-1.7-pam.patch:
aclocal.m4 | 83 ++++++++
appl/bsd/Makefile.in | 11 -
appl/bsd/configure.in | 1
appl/bsd/krshd.c | 64 +++++-
appl/bsd/login.c | 61 ++++++
appl/bsd/pam.c | 433 +++++++++++++++++++++++++++++++++++++++++++
appl/bsd/pam.h | 65 ++++++
appl/gssftp/configure.in | 1
appl/gssftp/ftpd/Makefile.in | 8
appl/gssftp/ftpd/ftpd.c | 72 ++++++-
clients/ksu/Makefile.in | 7
clients/ksu/main.c | 75 +++++++
config/pre.in | 1
configure.in | 2
14 files changed, 862 insertions(+), 22 deletions(-)
Index: krb5-1.7-pam.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5-1.7-pam.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- krb5-1.7-pam.patch 26 Jun 2009 22:08:03 -0000 1.3
+++ krb5-1.7-pam.patch 3 Dec 2009 23:23:54 -0000 1.4
@@ -1092,45 +1092,61 @@ diff -up krb5-1.7/src/clients/ksu/main.c
#include "ksu.h"
#include "adm_proto.h"
#include <sys/types.h>
-@@ -32,6 +33,11 @@
+@@ -32,6 +33,10 @@
#include <signal.h>
#include <grp.h>
+#ifdef USE_PAM
+#include "../../appl/bsd/pam.h"
-+int force_fork = 0;
+#endif
+
/* globals */
char * prog_name;
int auth_debug =0;
-@@ -791,7 +797,24 @@ main (argc, argv)
- fprintf(stderr, "program to be execed %s\n",params[0]);
- }
-
-- if( keep_target_cache ) {
+@@ -39,6 +44,7 @@
+ char k5users_path[MAXPATHLEN];
+ char * gb_err = NULL;
+ int quiet = 0;
++int force_fork = 0;
+ /***********/
+
+ #define _DEF_CSH "/bin/csh"
+@@ -585,6 +591,25 @@
+ prog_name,target_user,client_name,
+ source_user,ontty());
+
+#ifdef USE_PAM
-+ if (appl_pam_enabled(ksu_context, "ksu")) {
-+ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL,
-+ NULL, source_user, ttyname(STDERR_FILENO)) != 0) {
-+ fprintf(stderr, "Access denied for %s.\n", target_user);
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
-+ if (appl_pam_requires_chauthtok()) {
-+ fprintf(stderr, "Password change required for %s.\n", target_user);
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
++ if (appl_pam_enabled(ksu_context, "ksu")) {
++ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL,
++ NULL, source_user,
++ ttyname(STDERR_FILENO)) != 0) {
++ fprintf(stderr, "Access denied for %s.\n", target_user);
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ if (appl_pam_requires_chauthtok()) {
++ fprintf(stderr, "Password change required for %s.\n",
++ target_user);
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ force_fork++;
+ }
-+ force_fork++;
-+ }
+#endif
+
+ /* Run authorization as target.*/
+ if (krb5_seteuid(target_uid)) {
+ com_err(prog_name, errno, "while switching to target for authorization check");
+@@ -791,7 +816,7 @@
+ fprintf(stderr, "program to be execed %s\n",params[0]);
+ }
+
+- if( keep_target_cache ) {
+ if( keep_target_cache && !force_fork ) {
execv(params[0], params);
com_err(prog_name, errno, "while trying to execv %s",
params[0]);
-@@ -799,6 +822,33 @@ main (argc, argv)
+@@ -799,6 +824,33 @@
exit(1);
}else{
statusp = 1;
@@ -1164,7 +1180,7 @@ diff -up krb5-1.7/src/clients/ksu/main.c
switch ((child_pid = fork())) {
default:
if (auth_debug){
-@@ -822,15 +872,34 @@ main (argc, argv)
+@@ -822,15 +874,34 @@
if (ret_pid == -1) {
com_err(prog_name, errno, "while calling waitpid");
}
- Previous message: rpms/gflags/devel .cvsignore, 1.4, 1.5 gflags.spec, 1.7, 1.8 import.log, 1.3, 1.4 sources, 1.4, 1.5
- Next message: rpms/krb5/devel krb5.spec,1.215,1.216
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list