rpms/at
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- 446004 hope adding || into scriptlets fix removing old package after

Browse Source 
upgrade
- fixes for fuzz=0
This commit is contained in:
Marcela Mašláňová 2008-07-18 14:34:48 +00:00
parent 2a31c011e3
commit c1bcbeddb1
6 changed files with 226 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

321
at-3.1.10-pam.patch
View File

@ -1,116 +1,22 @@
--- at-3.1.10/perm.c.pam 2005-08-05 05:16:01.000000000 +0200 --- at-3.1.10/pam_atd.pam 2007-07-03 13:29:24.000000000 +0200
+++ at-3.1.10/perm.c 2007-07-03 13:29:24.000000000 +0200 +++ at-3.1.10/pam_atd 2007-07-03 13:29:24.000000000 +0200
@@ -51,6 +51,14 @@ @@ -0,0 +1,13 @@
#define PRIV_END while(0) +# The PAM configuration file for the at daemon
#endif +#
+#
+#ifdef WITH_PAM +auth sufficient pam_rootok.so
+#include <security/pam_appl.h> +auth include system-auth
+static pam_handle_t *pamh = NULL; +auth required pam_env.so
+static const struct pam_conv conv = { +account include system-auth
+ NULL +session required pam_loginuid.so
+}; +session include system-auth
+#endif +# Sets up user limits, please uncomment and read /etc/security/limits.conf
+ +# to enable this functionality.
/* Structures and unions */ +# session required pam_limits.so
+#
diff -up at-3.1.10/atd.c.pam at-3.1.10/atd.c
@@ -109,18 +117,54 @@ --- at-3.1.10/atd.c.pam 2008-07-18 15:47:52.000000000 +0200
int +++ at-3.1.10/atd.c 2008-07-18 16:02:32.000000000 +0200
check_permission()
{
- uid_t uid = geteuid();
+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
struct passwd *pentry;
int allow = 0, deny = 1;
-
- if (uid == 0)
+ int retcode = 0;
+ if (euid == 0)
return 1;
- if ((pentry = getpwuid(uid)) == NULL) {
+ if ((pentry = getpwuid(euid)) == NULL) {
perror("Cannot access user database");
exit(EXIT_FAILURE);
}
+#ifdef WITH_PAM
+/*
+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
+ */
+ setreuid(daemon_uid, daemon_uid);
+ setregid(daemon_gid, daemon_gid);
+
+# define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"PAM authentication failure: %s\n",pam_strerror(pamh, retcode)); \
+ pam_close_session(pamh,PAM_SILENT); \
+ pam_end(pamh, retcode); \
+ setregid(gid,egid); \
+ setreuid(uid,euid); \
+ return(0); \
+ }
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
+ PAM_FAIL_CHECK;
+ retcode = pam_set_item(pamh, PAM_TTY, "atd");
+ PAM_FAIL_CHECK;
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_open_session(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+ PAM_FAIL_CHECK;
+
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
+ pam_close_session(pamh,PAM_SILENT);
+ pam_end(pamh, PAM_ABORT);
+
+ setregid(gid,egid);
+ setreuid(uid,euid);
+
+#endif
+
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
if (allow==0 || allow==1)
return allow;
--- at-3.1.10/config.h.in.pam 2005-08-05 05:16:02.000000000 +0200
+++ at-3.1.10/config.h.in 2007-07-03 13:29:24.000000000 +0200
@@ -181,3 +181,10 @@
#undef HAVE_ATTRIBUTE_NORETURN
#undef HAVE_PAM
+
+/* Define if you are building with_pam */
+#undef WITH_PAM
+
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
--- at-3.1.10/configure.in.pam 2005-08-05 05:16:02.000000000 +0200
+++ at-3.1.10/configure.in 2007-07-03 13:29:24.000000000 +0200
@@ -316,4 +316,19 @@
)
AC_SUBST(DAEMON_GROUPNAME)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
+AC_ARG_WITH(pam,
+[ --with-pam Define to enable pam support ],
+AC_DEFINE(WITH_PAM),
+)
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB)
+
AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)
--- at-3.1.10/atd.c.pam 2007-07-03 13:29:24.000000000 +0200
+++ at-3.1.10/atd.c 2007-07-03 13:52:38.000000000 +0200
@@ -74,6 +74,14 @@ @@ -74,6 +74,14 @@
#include <syslog.h> #include <syslog.h>
#endif #endif
@ -137,7 +43,7 @@
/* Macros */ /* Macros */
#define BATCH_INTERVAL_DEFAULT 60 #define BATCH_INTERVAL_DEFAULT 60
@@ -121,6 +133,7 @@ @@ -121,6 +133,7 @@ static const struct pam_conv conv = {
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ #define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
@ -145,7 +51,7 @@
pam_end(pamh, retcode); exit(1); \ pam_end(pamh, retcode); exit(1); \
} }
#define PAM_END { retcode = pam_close_session(pamh,0); \ #define PAM_END { retcode = pam_close_session(pamh,0); \
@@ -196,6 +209,19 @@ @@ -196,6 +209,19 @@ myfork()
#define fork myfork #define fork myfork
#endif #endif
@ -165,7 +71,7 @@
static void static void
run_file(const char *filename, uid_t uid, gid_t gid) run_file(const char *filename, uid_t uid, gid_t gid)
{ {
@@ -378,18 +404,22 @@ @@ -380,18 +406,22 @@ run_file(const char *filename, uid_t uid
fstat(fd_out, &buf); fstat(fd_out, &buf);
size = buf.st_size; size = buf.st_size;
@ -191,7 +97,7 @@
close(STDIN_FILENO); close(STDIN_FILENO);
close(STDOUT_FILENO); close(STDOUT_FILENO);
@@ -402,6 +432,14 @@ @@ -404,6 +434,14 @@ run_file(const char *filename, uid_t uid
else if (pid == 0) { else if (pid == 0) {
char *nul = NULL; char *nul = NULL;
char **nenvp = &nul; char **nenvp = &nul;
@ -206,7 +112,7 @@
/* Set up things for the child; we want standard input from the /* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file. * input file, and standard output and error sent to our output file.
@@ -423,8 +461,6 @@ @@ -425,8 +463,6 @@ run_file(const char *filename, uid_t uid
if (chdir(ATJOB_DIR) < 0) if (chdir(ATJOB_DIR) < 0)
perr("Cannot chdir to " ATJOB_DIR); perr("Cannot chdir to " ATJOB_DIR);
@ -215,7 +121,7 @@
nice((tolower((int) queue) - 'a' + 1) * 2); nice((tolower((int) queue) - 'a' + 1) * 2);
if (initgroups(pentry->pw_name, pentry->pw_gid)) if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -441,10 +477,90 @@ @@ -443,10 +479,91 @@ run_file(const char *filename, uid_t uid
chdir("/"); chdir("/");
@ -281,7 +187,7 @@
+ +
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh"); perr("Exec failed for /bin/sh");
-
+//add for fedora +//add for fedora
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+ if (selinux_enabled>0) + if (selinux_enabled>0)
@ -303,20 +209,19 @@
+ } + }
+#endif +#endif
PRIV_END PRIV_END
+//end +// end
} }
/* We're the parent. Let's wait. /* We're the parent. Let's wait.
*/ */
@@ -456,7 +572,7 @@ @@ -459,6 +576,7 @@ run_file(const char *filename, uid_t uid
return with an ECHILD error.
*/ */
waitpid(pid, (int *) NULL, 0); waitpid(pid, (int *) NULL, 0);
-
+/* remove because WITH_PAM +/* remove because WITH_PAM
#ifdef HAVE_PAM #ifdef HAVE_PAM
PRIV_START PRIV_START
pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
@@ -464,7 +580,7 @@ @@ -466,7 +584,7 @@ run_file(const char *filename, uid_t uid
pam_end(pamh, retcode); pam_end(pamh, retcode);
PRIV_END PRIV_END
#endif #endif
@ -325,7 +230,7 @@
/* Send mail. Unlink the output file after opening it, so it /* Send mail. Unlink the output file after opening it, so it
* doesn't hang around after the run. * doesn't hang around after the run.
*/ */
@@ -472,6 +588,13 @@ @@ -474,6 +592,13 @@ run_file(const char *filename, uid_t uid
if (open(filename, O_RDONLY) != STDIN_FILENO) if (open(filename, O_RDONLY) != STDIN_FILENO)
perr("Open of jobfile failed"); perr("Open of jobfile failed");
@ -339,7 +244,7 @@
unlink(filename); unlink(filename);
/* The job is now finished. We can delete its input file. /* The job is now finished. We can delete its input file.
@@ -480,8 +603,30 @@ @@ -482,8 +607,30 @@ run_file(const char *filename, uid_t uid
unlink(newname); unlink(newname);
free(newname); free(newname);
@ -370,14 +275,13 @@
PRIV_START PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid)) if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -495,16 +640,80 @@ @@ -497,15 +644,80 @@ run_file(const char *filename, uid_t uid
chdir ("/"); chdir ("/");
-#if defined(SENDMAIL) -#if defined(SENDMAIL)
- execl(SENDMAIL, "sendmail", mailname, (char *) NULL); - execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
-#else -#else
-/*#error "No mail command specified."*/
- perr("No mail command specified."); - perr("No mail command specified.");
+#ifdef WITH_SELINUX +#ifdef WITH_SELINUX
+ if (selinux_enabled>0) { + if (selinux_enabled>0) {
@ -457,7 +361,7 @@
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
} }
@@ -702,6 +911,10 @@ @@ -703,6 +915,10 @@ main(int argc, char *argv[])
struct passwd *pwe; struct passwd *pwe;
struct group *ge; struct group *ge;
@ -468,7 +372,7 @@
/* We don't need root privileges all the time; running under uid and gid /* We don't need root privileges all the time; running under uid and gid
* daemon is fine. * daemon is fine.
*/ */
@@ -718,18 +931,13 @@ @@ -719,18 +935,14 @@ main(int argc, char *argv[])
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
@ -477,38 +381,70 @@
-#endif -#endif
- -
- openlog("atd", LOG_PID, LOG_CRON); - openlog("atd", LOG_PID, LOG_CRON);
-
+ openlog("atd", LOG_PID, LOG_ATD); + openlog("atd", LOG_PID, LOG_ATD);
opterr = 0; opterr = 0;
errno = 0; errno = 0;
run_as_daemon = 1; run_as_daemon = 1;
batch_interval = BATCH_INTERVAL_DEFAULT; batch_interval = BATCH_INTERVAL_DEFAULT;
- while ((c = getopt(argc, argv, "sdl:b:")) != EOF) { - while ((c = getopt(argc, argv, "sdl:b:")) != EOF) {
+ while ((c = getopt(argc, argv, "sdl:b:n:")) != EOF) { + while ((c = getopt(argc, argv, "sdl:b:n")) != EOF) {
switch (c) { switch (c) {
case 'l': case 'l':
if (sscanf(optarg, "%lf", &load_avg) != 1) if (sscanf(optarg, "%lf", &load_avg) != 1)
@@ -742,10 +950,15 @@ @@ -745,7 +957,10 @@ main(int argc, char *argv[])
if (sscanf(optarg, "%ud", &batch_interval) != 1)
pabort("garbled option -b");
break; break;
+
case 'd': case 'd':
daemon_debug++; daemon_debug++;
- break;
+ /* go through another option*/ + /* go through another option*/
+
+ case 'n': + case 'n':
+ daemon_nofork++; + daemon_nofork++;
break; + break;
-
+
case 's': case 's':
run_as_daemon = 0; run_as_daemon = 0;
break; diff -up at-3.1.10/config.h.in.pam at-3.1.10/config.h.in
--- at-3.1.10/Makefile.in.pam 2007-07-03 13:29:24.000000000 +0200 --- at-3.1.10/config.h.in.pam 2008-07-18 16:04:41.000000000 +0200
+++ at-3.1.10/Makefile.in 2007-07-03 13:29:24.000000000 +0200 +++ at-3.1.10/config.h.in 2008-07-18 16:05:13.000000000 +0200
@@ -41,6 +41,7 @@ @@ -181,3 +181,9 @@
#undef HAVE_ATTRIBUTE_NORETURN
#undef HAVE_PAM
+
+/* Define if you are building with_pam */
+#undef WITH_PAM
+
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
diff -up at-3.1.10/configure.in.pam at-3.1.10/configure.in
--- at-3.1.10/configure.in.pam 2008-07-18 16:05:28.000000000 +0200
+++ at-3.1.10/configure.in 2008-07-18 16:06:01.000000000 +0200
@@ -316,4 +316,19 @@ AC_ARG_WITH(daemon_groupname,
)
AC_SUBST(DAEMON_GROUPNAME)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
+AC_ARG_WITH(pam,
+[ --with-pam Define to enable pam support ],
+AC_DEFINE(WITH_PAM),
+)
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB)
+
AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)
diff -up at-3.1.10/Makefile.in.pam at-3.1.10/Makefile.in
--- at-3.1.10/Makefile.in.pam 2008-07-18 15:47:52.000000000 +0200
+++ at-3.1.10/Makefile.in 2008-07-18 16:04:19.000000000 +0200
@@ -41,6 +41,7 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@ LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@ INSTALL = @INSTALL@
PAMLIB = @PAMLIB@ PAMLIB = @PAMLIB@
@ -516,7 +452,7 @@
CLONES = atq atrm CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o y.tab.o lex.yy.o ATOBJECTS = at.o panic.o perm.o y.tab.o lex.yy.o
@@ -67,13 +68,13 @@ @@ -67,13 +68,13 @@ LIST = Filelist Filelist.asc
all: at atd atrun all: at atd atrun
at: $(ATOBJECTS) at: $(ATOBJECTS)
@ -532,19 +468,80 @@
y.tab.c y.tab.h: parsetime.y y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y $(YACC) -d parsetime.y
--- at-3.1.10/pam_atd.pam 2007-07-03 13:29:24.000000000 +0200 diff -up at-3.1.10/perm.c.pam at-3.1.10/perm.c
+++ at-3.1.10/pam_atd 2007-07-03 13:29:24.000000000 +0200 --- at-3.1.10/perm.c.pam 2008-07-18 16:06:14.000000000 +0200
@@ -0,0 +1,13 @@ +++ at-3.1.10/perm.c 2008-07-18 16:08:05.000000000 +0200
+# The PAM configuration file for the at daemon @@ -51,6 +51,14 @@
+# #define PRIV_END while(0)
+# #endif
+auth sufficient pam_rootok.so
+auth include system-auth +#ifdef WITH_PAM
+auth required pam_env.so +#include <security/pam_appl.h>
+account include system-auth +static pam_handle_t *pamh = NULL;
+session required pam_loginuid.so +static const struct pam_conv conv = {
+session include system-auth + NULL
+# Sets up user limits, please uncomment and read /etc/security/limits.conf +};
+# to enable this functionality. +#endif
+# session required pam_limits.so +
+# /* Structures and unions */
@@ -109,18 +117,55 @@ user_in_file(const char *path, const cha
int
check_permission()
{
- uid_t uid = geteuid();
+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
struct passwd *pentry;
int allow = 0, deny = 1;
- if (uid == 0)
+ int retcode = 0;
+ if (euid == 0)
return 1;
- if ((pentry = getpwuid(uid)) == NULL) {
+ if ((pentry = getpwuid(euid)) == NULL) {
perror("Cannot access user database");
exit(EXIT_FAILURE);
}
+#ifdef WITH_PAM
+/*
+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
+ */
+ setreuid(daemon_uid, daemon_uid);
+ setregid(daemon_gid, daemon_gid);
+
+# define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"PAM authentication failure: %s\n",pam_strerror(pamh, retcode)); \
+ pam_close_session(pamh,PAM_SILENT); \
+ pam_end(pamh, retcode); \
+ setregid(gid,egid); \
+ setreuid(uid,euid); \
+ return(0); \
+ }
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
+ PAM_FAIL_CHECK;
+ retcode = pam_set_item(pamh, PAM_TTY, "atd");
+ PAM_FAIL_CHECK;
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_open_session(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+ PAM_FAIL_CHECK;
+
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
+ pam_close_session(pamh,PAM_SILENT);
+ pam_end(pamh, PAM_ABORT);
+
+ setregid(gid,egid);
+ setreuid(uid,euid);
+
+#endif
+
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
if (allow==0 || allow==1)
return allow;

12
at-3.1.10-pam_keyring.patch
View File

@ -1,13 +1,13 @@
diff -up at-3.1.10/pam_atd.old at-3.1.10/pam_atd diff -up at-3.1.10/pam_atd.pamkeyring at-3.1.10/pam_atd
--- at-3.1.10/pam_atd.old 2007-10-05 13:32:16.000000000 +0200 --- at-3.1.10/pam_atd.pamkeyring 2008-07-18 16:15:07.000000000 +0200
+++ at-3.1.10/pam_atd 2007-10-05 13:35:31.000000000 +0200 +++ at-3.1.10/pam_atd 2008-07-18 16:16:48.000000000 +0200
@@ -2,8 +2,8 @@ @@ -2,8 +2,8 @@
# #
# #
auth sufficient pam_rootok.so auth sufficient pam_rootok.so
+auth required pam_env.so -auth include system-auth
auth include system-auth auth required pam_env.so
-auth required pam_env.so +auth include system-auth
account include system-auth account include system-auth
session required pam_loginuid.so session required pam_loginuid.so
session include system-auth session include system-auth

17
at-3.1.10-pamfix.patch
View File

@ -1,6 +1,6 @@
diff -up at-3.1.10/atd.c.pamfix at-3.1.10/atd.c diff -up at-3.1.10/atd.c.pamfix at-3.1.10/atd.c
--- at-3.1.10/atd.c.pamfix 2008-01-09 14:56:57.000000000 +0100 --- at-3.1.10/atd.c.pamfix 2008-07-18 16:23:11.000000000 +0200
+++ at-3.1.10/atd.c 2008-01-09 14:56:57.000000000 +0100 +++ at-3.1.10/atd.c 2008-07-18 16:23:11.000000000 +0200
@@ -131,15 +131,17 @@ static const struct pam_conv conv = { @@ -131,15 +131,17 @@ static const struct pam_conv conv = {
}; };
@ -44,7 +44,7 @@ diff -up at-3.1.10/atd.c.pamfix at-3.1.10/atd.c
PAM_FAIL_CHECK; PAM_FAIL_CHECK;
closelog(); closelog();
openlog("atd", LOG_PID, LOG_ATD); openlog("atd", LOG_PID, LOG_ATD);
@@ -610,6 +615,7 @@ run_file(const char *filename, uid_t uid @@ -612,6 +617,7 @@ run_file(const char *filename, uid_t uid
int mail_pid = -1; int mail_pid = -1;
//add for fedora //add for fedora
#ifdef WITH_PAM #ifdef WITH_PAM
@ -52,7 +52,7 @@ diff -up at-3.1.10/atd.c.pamfix at-3.1.10/atd.c
retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
PAM_FAIL_CHECK; PAM_FAIL_CHECK;
retcode = pam_set_item(pamh, PAM_TTY, "atd"); retcode = pam_set_item(pamh, PAM_TTY, "atd");
@@ -617,8 +623,10 @@ run_file(const char *filename, uid_t uid @@ -619,8 +625,10 @@ run_file(const char *filename, uid_t uid
retcode = pam_acct_mgmt(pamh, PAM_SILENT); retcode = pam_acct_mgmt(pamh, PAM_SILENT);
PAM_FAIL_CHECK; PAM_FAIL_CHECK;
retcode = pam_open_session(pamh, PAM_SILENT); retcode = pam_open_session(pamh, PAM_SILENT);
@ -64,9 +64,9 @@ diff -up at-3.1.10/atd.c.pamfix at-3.1.10/atd.c
/* PAM has now re-opened our log to auth.info ! */ /* PAM has now re-opened our log to auth.info ! */
closelog(); closelog();
diff -up at-3.1.10/perm.c.pamfix at-3.1.10/perm.c diff -up at-3.1.10/perm.c.pamfix at-3.1.10/perm.c
--- at-3.1.10/perm.c.pamfix 2008-01-09 14:56:57.000000000 +0100 --- at-3.1.10/perm.c.pamfix 2008-07-18 16:23:11.000000000 +0200
+++ at-3.1.10/perm.c 2008-01-09 15:58:54.000000000 +0100 +++ at-3.1.10/perm.c 2008-07-18 16:26:16.000000000 +0200
@@ -134,17 +134,34 @@ check_permission() @@ -135,34 +135,61 @@ check_permission()
* We must check if the atd daemon userid will be allowed to gain the job owner user's * We must check if the atd daemon userid will be allowed to gain the job owner user's
* credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
*/ */
@ -110,8 +110,9 @@ diff -up at-3.1.10/perm.c.pamfix at-3.1.10/perm.c
retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
PAM_FAIL_CHECK; PAM_FAIL_CHECK;
retcode = pam_set_item(pamh, PAM_TTY, "atd"); retcode = pam_set_item(pamh, PAM_TTY, "atd");
@@ -152,16 +169,25 @@ check_permission() PAM_FAIL_CHECK;
retcode = pam_acct_mgmt(pamh, PAM_SILENT); retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_SESSION_FAIL;
PAM_FAIL_CHECK; PAM_FAIL_CHECK;
retcode = pam_open_session(pamh, PAM_SILENT); retcode = pam_open_session(pamh, PAM_SILENT);
+ PAM_SESSION_FAIL; + PAM_SESSION_FAIL;

0
at-3.1.10-setuids.patch
View File

12
at-3.1.8-perr.patch
View File

@ -1,11 +1,11 @@
--- at-3.1.8/atd.c.org 2002-07-19 16:20:24.000000000 +0900 diff -up at-3.1.10/atd.c.bla at-3.1.10/atd.c
+++ at-3.1.8/atd.c 2002-07-19 16:22:30.000000000 +0900 --- at-3.1.10/atd.c.bla 2008-07-18 15:18:35.000000000 +0200
@@ -453,7 +453,8 @@ +++ at-3.1.10/atd.c 2008-07-18 15:19:41.000000000 +0200
#elif defined(MAILX) @@ -643,7 +643,7 @@ run_file(const char *filename, uid_t uid
execl(MAILX, "mailx", mailname, (char *) NULL); #if defined(SENDMAIL)
execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
#else #else
-#error "No mail command specified." -#error "No mail command specified."
+/*#error "No mail command specified."*/
+ perr("No mail command specified."); + perr("No mail command specified.");
#endif #endif
perr("Exec failed for mail command"); perr("Exec failed for mail command");

7
at.spec
View File

@ -31,8 +31,7 @@ Patch13: at-3.1.10-havepam.patch
Patch14: at-3.1.10-pam_keyring.patch Patch14: at-3.1.10-pam_keyring.patch
Patch15: at-3.1.10-PIE.patch Patch15: at-3.1.10-PIE.patch
Patch16: at-3.1.10-pamfix.patch Patch16: at-3.1.10-pamfix.patch
Patch17: at-3.1.10-setuids.patch Patch17: nonposix.patch
Patch18: nonposix.patch
BuildRequires: fileutils chkconfig /etc/init.d BuildRequires: fileutils chkconfig /etc/init.d
BuildRequires: flex bison autoconf BuildRequires: flex bison autoconf
@ -83,8 +82,7 @@ cp %{SOURCE1} .
%patch14 -p1 -b .pamkeyring %patch14 -p1 -b .pamkeyring
%patch15 -p1 -b .PIE %patch15 -p1 -b .PIE
%patch16 -p1 -b .pamfix %patch16 -p1 -b .pamfix
%patch17 -p1 -b .setuids %patch17 -p1 -b .nonposix
%patch18 -p1 -b .nonposix
%build %build
# patch10 touches configure.in # patch10 touches configure.in
@ -189,6 +187,7 @@ fi
%changelog %changelog
* Fri Jul 18 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-24 * Fri Jul 18 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-24
- 446004 hope adding || into scriptlets fix removing old package after upgrade - 446004 hope adding || into scriptlets fix removing old package after upgrade
- fixes for fuzz=0
* Tue Mar 25 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-23 * Tue Mar 25 2008 Marcela Maslanova <mmaslano@redhat.com> - 3.1.10-23
- 436952 use local instead of posix output date/time format. - 436952 use local instead of posix output date/time format.