[cronie] check for NULL pamh on two more places (#1176215)
Tomáš Mráz
tmraz at fedoraproject.org
Fri Jan 2 10:38:46 UTC 2015
commit fc778cf11f2017b731ace3a58b100b1c4ec5f26d
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Jan 2 11:38:53 2015 +0100
check for NULL pamh on two more places (#1176215)
cronie-1.4.12-pam-no-root.patch | 47 ++++++++++++++++++++++++++++++++++++++-
cronie.spec | 5 +++-
2 files changed, 50 insertions(+), 2 deletions(-)
---
diff --git a/cronie-1.4.12-pam-no-root.patch b/cronie-1.4.12-pam-no-root.patch
index 8a1c664..464d83b 100644
--- a/cronie-1.4.12-pam-no-root.patch
+++ b/cronie-1.4.12-pam-no-root.patch
@@ -12,7 +12,7 @@ index 22571ff..d165a06 100644
"You (%s) are not allowed to access to (%s) because of pam configuration.\n",
User, ProgramName);
diff --git a/src/security.c b/src/security.c
-index 4eee004..079ea2a 100644
+index 4eee004..1668890 100644
--- a/src/security.c
+++ b/src/security.c
@@ -88,6 +88,7 @@ static int cron_open_pam_session(struct passwd *pw);
@@ -54,6 +54,51 @@ index 4eee004..079ea2a 100644
#endif
}
+@@ -243,7 +248,9 @@ int cron_change_groups(struct passwd *pw) {
+ #if defined(WITH_PAM)
+ /* credentials may take form of supplementary groups so reinitialize
+ * them here */
+- pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
++ if (pamh != NULL) {
++ pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
++ }
+ #endif
+
+ return 0;
+@@ -614,18 +621,19 @@ int crontab_security_access(void) {
+ * crontab environment
+ */
+ static char **build_env(char **cronenv) {
++ char **jobenv;
+ #ifdef WITH_PAM
+- char **jobenv = pam_getenvlist(pamh);
+ char *cronvar;
+ int count = 0;
+
+- if (jobenv == NULL) {
+- jobenv = env_init();
+- if (jobenv == NULL) {
++ if (pamh == NULL || (jobenv=pam_getenvlist(pamh)) == NULL) {
++#endif
++ jobenv = env_copy(cronenv);
++ if (jobenv == NULL)
+ log_it("CRON", getpid(),
+ "ERROR", "Initialization of cron environment variables failed", 0);
+- return NULL;
+- }
++ return jobenv;
++#ifdef WITH_PAM
+ }
+
+ /* Now add the cron environment variables. Since env_set()
+@@ -640,7 +648,5 @@ static char **build_env(char **cronenv) {
+ }
+ }
+ return jobenv;
+-#else
+- return env_copy(cronenv);
+ #endif
+ }
diff --git a/src/structs.h b/src/structs.h
index 272777a..6d3c15b 100644
--- a/src/structs.h
diff --git a/cronie.spec b/cronie.spec
index 73ea1fb..4bc694e 100644
--- a/cronie.spec
+++ b/cronie.spec
@@ -6,7 +6,7 @@
Summary: Cron daemon for executing programs at set times
Name: cronie
Version: 1.4.12
-Release: 3%{?dist}
+Release: 4%{?dist}
License: MIT and BSD and ISC and GPLv2+
Group: System Environment/Base
URL: https://fedorahosted.org/cronie
@@ -205,6 +205,9 @@ exit 0
%attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs
%changelog
+* Fri Jan 2 2015 Tomáš Mráz <tmraz at redhat.com> - 1.4.12-4
+- check for NULL pamh on two more places (#1176215)
+
* Tue Dec 2 2014 Tomáš Mráz <tmraz at redhat.com> - 1.4.12-3
- call PAM only for non-root user or non-system crontabs (#956157)
- bypass the PAM check in crontab for root (#1169175)
More information about the scm-commits
mailing list