rpms/krb5/devel krb5-1.8-pam.patch,1.3,1.4 krb5.spec,1.268,1.269
Nalin Dahyabhai
nalin at fedoraproject.org
Thu May 27 20:53:30 UTC 2010
- Previous message: rpms/virt-manager/F-13 virt-manager.spec,1.72,1.73
- Next message: rpms/schroot/devel schroot-default-config-path.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 schroot-pam.patch, 1.1, 1.2 schroot.spec, 1.5, 1.6 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/extras/rpms/krb5/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv18614
Modified Files:
krb5-1.8-pam.patch krb5.spec
Log Message:
don't skip the PAM account check for root or the same user (more of #477033)
krb5-1.8-pam.patch:
aclocal.m4 | 67 ++++++++
clients/ksu/Makefile.in | 8
clients/ksu/main.c | 94 +++++++++++
clients/ksu/pam.c | 389 ++++++++++++++++++++++++++++++++++++++++++++++++
clients/ksu/pam.h | 57 +++++++
configure.in | 2
6 files changed, 614 insertions(+), 3 deletions(-)
Index: krb5-1.8-pam.patch
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5-1.8-pam.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- krb5-1.8-pam.patch 27 May 2010 20:01:43 -0000 1.3
+++ krb5-1.8-pam.patch 27 May 2010 20:53:29 -0000 1.4
@@ -141,6 +141,33 @@ diff -up krb5-1.8/src/clients/ksu/main.c
/* Run authorization as target.*/
if (krb5_seteuid(target_uid)) {
com_err(prog_name, errno, "while switching to target for authorization check");
+@@ -651,6 +676,26 @@
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
++#ifdef USE_PAM
++ } else {
++ /* we always do PAM account management, even for root */
++ if (appl_pam_enabled(ksu_context, "ksu")) {
++ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL,
++ NULL, source_user,
++ ttyname(STDERR_FILENO)) != 0) {
++ fprintf(stderr, "Access denied for %s.\n", target_user);
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ if (appl_pam_requires_chauthtok()) {
++ fprintf(stderr, "Password change required for %s.\n",
++ target_user);
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ force_fork++;
++ }
++#endif
+ }
+
+ if( some_rest_copy){
@@ -720,6 +745,32 @@
exit(1);
}
Index: krb5.spec
===================================================================
RCS file: /cvs/extras/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.268
retrieving revision 1.269
diff -u -p -r1.268 -r1.269
--- krb5.spec 27 May 2010 20:01:43 -0000 1.268
+++ krb5.spec 27 May 2010 20:53:30 -0000 1.269
@@ -627,7 +627,8 @@ exit 0
%changelog
* Thu May 27 2010 Nalin Dahyabhai <nalin at redhat.com>
- ksu: move session management calls to before we drop privileges, like
- su does (#596887)
+ su does (#596887), and don't skip the PAM account check for root or the
+ same user (more of #477033)
* Mon May 24 2010 Nalin Dahyabhai <nalin at redhat.com> 1.8.1-6
- make krb5-server-ldap also depend on the same version-release of krb5-libs,
- Previous message: rpms/virt-manager/F-13 virt-manager.spec,1.72,1.73
- Next message: rpms/schroot/devel schroot-default-config-path.patch, NONE, 1.1 .cvsignore, 1.2, 1.3 schroot-pam.patch, 1.1, 1.2 schroot.spec, 1.5, 1.6 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list