[cronie] check for NULL pamh on two more places (#1176215)

Fri Jan 2 10:38:46 UTC 2015

commit fc778cf11f2017b731ace3a58b100b1c4ec5f26d
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Fri Jan 2 11:38:53 2015 +0100

    check for NULL pamh on two more places (#1176215)

 cronie-1.4.12-pam-no-root.patch |   47 ++++++++++++++++++++++++++++++++++++++-
 cronie.spec                     |    5 +++-
 2 files changed, 50 insertions(+), 2 deletions(-)
---

diff --git a/cronie-1.4.12-pam-no-root.patch b/cronie-1.4.12-pam-no-root.patch
index 8a1c664..464d83b 100644
--- a/cronie-1.4.12-pam-no-root.patch
+++ b/cronie-1.4.12-pam-no-root.patch
@@ -12,7 +12,7 @@ index 22571ff..d165a06 100644
  			"You (%s) are not allowed to access to (%s) because of pam configuration.\n",
  			User, ProgramName);
 diff --git a/src/security.c b/src/security.c
-index 4eee004..079ea2a 100644
+index 4eee004..1668890 100644
 --- a/src/security.c
 +++ b/src/security.c
 @@ -88,6 +88,7 @@ static int cron_open_pam_session(struct passwd *pw);
@@ -54,6 +54,51 @@ index 4eee004..079ea2a 100644
  #endif
  }
  
+@@ -243,7 +248,9 @@ int cron_change_groups(struct passwd *pw) {
+ #if defined(WITH_PAM)
+ 	/* credentials may take form of supplementary groups so reinitialize
+ 	 * them here */
+-	pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
++	if (pamh != NULL) {
++		pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
++	}
+ #endif
+ 
+ 	return 0;
+@@ -614,18 +621,19 @@ int crontab_security_access(void) {
+ * crontab environment 
+ */
+ static char **build_env(char **cronenv) {
++	char **jobenv;
+ #ifdef WITH_PAM
+-	char **jobenv = pam_getenvlist(pamh);
+ 	char *cronvar;
+ 	int count = 0;
+ 
+-	if (jobenv == NULL) {
+-		jobenv = env_init();
+-		if (jobenv == NULL) {
++	if (pamh == NULL || (jobenv=pam_getenvlist(pamh)) == NULL) {
++#endif
++		jobenv = env_copy(cronenv);
++		if (jobenv == NULL)
+ 			log_it("CRON", getpid(),
+ 				"ERROR", "Initialization of cron environment variables failed", 0);
+-			return NULL;
+-		}
++		return jobenv;
++#ifdef WITH_PAM
+ 	}
+ 
+ 	/* Now add the cron environment variables. Since env_set()
+@@ -640,7 +648,5 @@ static char **build_env(char **cronenv) {
+ 		}
+ 	}
+ 	return jobenv;
+-#else
+-	return env_copy(cronenv);
+ #endif
+ }
 diff --git a/src/structs.h b/src/structs.h
 index 272777a..6d3c15b 100644
 --- a/src/structs.h
diff --git a/cronie.spec b/cronie.spec
index 73ea1fb..4bc694e 100644
--- a/cronie.spec
+++ b/cronie.spec
@@ -6,7 +6,7 @@
 Summary:   Cron daemon for executing programs at set times
 Name:      cronie
 Version:   1.4.12
-Release:   3%{?dist}
+Release:   4%{?dist}
 License:   MIT and BSD and ISC and GPLv2+
 Group:     System Environment/Base
 URL:       https://fedorahosted.org/cronie
@@ -205,6 +205,9 @@ exit 0
 %attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs
 
 %changelog
+* Fri Jan  2 2015 Tomáš Mráz <tmraz at redhat.com> - 1.4.12-4
+- check for NULL pamh on two more places (#1176215)
+
 * Tue Dec  2 2014 Tomáš Mráz <tmraz at redhat.com> - 1.4.12-3
 - call PAM only for non-root user or non-system crontabs (#956157)
 - bypass the PAM check in crontab for root (#1169175)
