- Apply runuser PAM patch from bug #173807. Ship runuser PAM file.
This commit is contained in:
Tim Waugh
parent
60a97a8749
commit
2190ea78ce
@ -75,7 +75,7 @@
|
||||
readlink.1: $(common_dep) $(srcdir)/readlink.x ../src/readlink.c
|
||||
rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
|
||||
rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
|
||||
+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/runuser.c
|
||||
+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
|
||||
seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
|
||||
sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
|
||||
shred.1: $(common_dep) $(srcdir)/shred.x ../src/shred.c
|
||||
@ -86,11 +86,17 @@
|
||||
+runuser \- run a shell with substitute user and group IDs
|
||||
+[DESCRIPTION]
|
||||
+.\" Add any additional description here
|
||||
--- coreutils-5.93/src/su.c.runuser 2005-11-14 10:54:44.000000000 +0000
|
||||
+++ coreutils-5.93/src/su.c 2005-11-14 10:54:44.000000000 +0000
|
||||
@@ -134,7 +134,9 @@
|
||||
--- coreutils-5.93/src/su.c 2005-11-14 10:54:44.000000000 +0000
|
||||
+++ coreutils-5.93/src/su.c 2005-11-24 16:12:18.000000000 +0000
|
||||
@@ -132,9 +132,15 @@
|
||||
#include "error.h"
|
||||
|
||||
/* The official name of this program (e.g., no `g' prefix). */
|
||||
+#ifndef RUNUSER
|
||||
#define PROGRAM_NAME "su"
|
||||
+#else
|
||||
+#define PROGRAM_NAME "runuser"
|
||||
+#endif
|
||||
|
||||
+#ifndef AUTHORS
|
||||
#define AUTHORS "David MacKenzie"
|
||||
@ -98,7 +104,7 @@
|
||||
|
||||
#if HAVE_PATHS_H
|
||||
# include <paths.h>
|
||||
@@ -172,6 +174,10 @@
|
||||
@@ -172,6 +178,10 @@
|
||||
#ifndef USE_PAM
|
||||
char *crypt ();
|
||||
#endif
|
||||
@ -109,7 +115,40 @@
|
||||
char *getpass ();
|
||||
char *getusershell ();
|
||||
void endusershell ();
|
||||
@@ -746,7 +752,7 @@
|
||||
@@ -303,10 +313,12 @@
|
||||
retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
|
||||
PAM_BAIL_P;
|
||||
|
||||
+#ifndef RUNUSER
|
||||
if (getuid() != 0 && !isatty(0)) {
|
||||
fprintf(stderr, "standard in must be a tty\n");
|
||||
exit(1);
|
||||
}
|
||||
+#endif
|
||||
|
||||
caller = getpwuid(getuid());
|
||||
if(caller != NULL && caller->pw_name != NULL) {
|
||||
@@ -323,6 +335,11 @@
|
||||
retval = pam_set_item(pamh, PAM_TTY, tty_name);
|
||||
PAM_BAIL_P;
|
||||
}
|
||||
+#ifdef RUNUSER
|
||||
+ if (getuid() != geteuid())
|
||||
+ /* safety net: deny operation if we are suid by accident */
|
||||
+ error(EXIT_FAIL, 1, "runuser may not be setuid");
|
||||
+#else
|
||||
retval = pam_authenticate(pamh, 0);
|
||||
PAM_BAIL_P;
|
||||
retval = pam_acct_mgmt(pamh, 0);
|
||||
@@ -332,6 +349,7 @@
|
||||
PAM_BAIL_P;
|
||||
}
|
||||
PAM_BAIL_P;
|
||||
+#endif
|
||||
/* must be authenticated if this point was reached */
|
||||
return 1;
|
||||
#else /* !USE_PAM */
|
||||
@@ -746,7 +764,7 @@
|
||||
: DEFAULT_SHELL);
|
||||
endpwent ();
|
||||
|
||||
@ -118,8 +157,8 @@
|
||||
{
|
||||
#ifdef SYSLOG_FAILURE
|
||||
log_su (pw, false);
|
||||
--- coreutils-5.93/src/Makefile.am.runuser 2005-11-14 10:54:44.000000000 +0000
|
||||
+++ coreutils-5.93/src/Makefile.am 2005-11-14 10:54:44.000000000 +0000
|
||||
--- coreutils-5.93/src/Makefile.am 2005-11-14 10:54:44.000000000 +0000
|
||||
+++ coreutils-5.93/src/Makefile.am 2005-11-24 16:18:58.000000000 +0000
|
||||
@@ -17,7 +17,7 @@
|
||||
## along with this program; if not, write to the Free Software Foundation,
|
||||
## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
@ -129,15 +168,16 @@
|
||||
|
||||
bin_SCRIPTS = groups
|
||||
bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
|
||||
@@ -91,6 +91,7 @@
|
||||
uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS)
|
||||
|
||||
@@ -93,4 +93,8 @@
|
||||
su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
|
||||
+runuser_LDADD = $(LDADD) $(LIB_CRYPT)
|
||||
|
||||
+runuser_SOURCES = su.c
|
||||
+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
|
||||
+runuser_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
|
||||
+
|
||||
$(PROGRAMS): ../lib/libcoreutils.a
|
||||
|
||||
@@ -106,7 +107,7 @@
|
||||
@@ -106,7 +110,7 @@
|
||||
chmod +x $@-t
|
||||
mv $@-t $@
|
||||
|
||||
@ -146,66 +186,6 @@
|
||||
|
||||
installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
|
||||
|
||||
--- /dev/null 2005-10-10 09:36:06.437701000 +0100
|
||||
+++ coreutils-5.93/src/runuser.c 2005-11-14 10:55:29.000000000 +0000
|
||||
@@ -0,0 +1,57 @@
|
||||
+#define CHECKPASSWD 0
|
||||
+#define pam_start my_pam_start
|
||||
+#define pam_end my_pam_end
|
||||
+#define pam_setcred my_pam_setcred
|
||||
+#define pam_open_session my_pam_open_session
|
||||
+#define pam_close_session my_pam_close_session
|
||||
+#define pam_strerror my_pam_strerror
|
||||
+#define pam_getenvlist my_pam_getenvlist
|
||||
+#define AUTHORS "David MacKenzie, Dan Walsh"
|
||||
+#include "su.c"
|
||||
+int pam_start(const char *service_name, const char *user,
|
||||
+ const struct pam_conv *pam_conversation,
|
||||
+ pam_handle_t **pamh) {
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+int pam_end(pam_handle_t *pamh, int pam_status) {
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+int pam_setcred(pam_handle_t *pamh, int flags){
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+int pam_open_session(pam_handle_t *pamh, int flags){
|
||||
+ if (getuid() != geteuid())
|
||||
+ /* safety net: deny operation if we are suid by accident */
|
||||
+ error(EXIT_FAIL, 1, "runuser may not be setuid");
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+int pam_close_session(pam_handle_t *pamh, int flags){
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+const char *pam_strerror(pam_handle_t *pamh, int err){
|
||||
+ return "";
|
||||
+}
|
||||
+char **pam_getenvlist(pam_handle_t *pamh){
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+int misc_conv(int num_msg, const struct pam_message **msgm,
|
||||
+ struct pam_response **response, void *appdata_ptr) {
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+int pam_authenticate(pam_handle_t *pamh, int flags) {
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+int pam_acct_mgmt(pam_handle_t *pamh, int flags) {
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+int pam_chauthtok (pam_handle_t *pamh, int flags) {
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+int pam_set_item(pam_handle_t *pamh, int item_type, const void *item) {
|
||||
+ return PAM_SUCCESS;
|
||||
+}
|
||||
--- coreutils-5.93/tests/help-version.runuser 2005-01-05 22:08:48.000000000 +0000
|
||||
+++ coreutils-5.93/tests/help-version 2005-11-14 10:54:45.000000000 +0000
|
||||
@@ -136,6 +136,7 @@
|
||||
|
||||
@ -14,6 +14,7 @@ Source102: DIR_COLORS.xterm
|
||||
Source105: colorls.sh
|
||||
Source106: colorls.csh
|
||||
Source200: su.pamd
|
||||
Source201: runuser.pamd
|
||||
|
||||
# From upstream
|
||||
|
||||
@ -110,7 +111,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
|
||||
touch aclocal.m4 configure config.hin Makefile.in */Makefile.in */*/Makefile.in
|
||||
aclocal -I m4
|
||||
autoconf --force
|
||||
automake --copy --force
|
||||
automake --copy --add-missing
|
||||
%configure --enable-largefile --with-afs %{?!nopam:--enable-pam} \
|
||||
--enable-selinux \
|
||||
|| :
|
||||
@ -171,6 +172,7 @@ for i in hostname uptime kill ; do
|
||||
done
|
||||
|
||||
%{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
|
||||
%{?!nopam:install -m 644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser}
|
||||
|
||||
bzip2 -f9 old/*/C* || :
|
||||
|
||||
@ -216,6 +218,7 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/DIR_COLORS*
|
||||
%config(noreplace) %{_sysconfdir}/profile.d/*
|
||||
%{?!nopam:%config(noreplace) /etc/pam.d/su}
|
||||
%{?!nopam:%config(noreplace) /etc/pam.d/runuser}
|
||||
%doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/*
|
||||
/bin/basename
|
||||
/bin/cat
|
||||
@ -256,6 +259,9 @@ fi
|
||||
/sbin/runuser
|
||||
|
||||
%changelog
|
||||
* Thu Nov 25 2005 Tim Waugh <twaugh@redhat.com>
|
||||
- Apply runuser PAM patch from bug #173807. Ship runuser PAM file.
|
||||
|
||||
* Tue Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 5.93-3
|
||||
- Remove multiple from su.pamd
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user