rpms/coreutils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Apply runuser PAM patch from bug #173807. Ship runuser PAM file.

Browse Source
This commit is contained in:
Tim Waugh 2005-11-24 23:00:49 +00:00
parent 60a97a8749
commit 2190ea78ce
2 changed files with 60 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
coreutils-5.2.1-runuser.patch
View File

@ -75,7 +75,7 @@
readlink.1: $(common_dep) $(srcdir)/readlink.x ../src/readlink.c readlink.1: $(common_dep) $(srcdir)/readlink.x ../src/readlink.c
rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/runuser.c +runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
shred.1: $(common_dep) $(srcdir)/shred.x ../src/shred.c shred.1: $(common_dep) $(srcdir)/shred.x ../src/shred.c
@ -86,11 +86,17 @@
+runuser \- run a shell with substitute user and group IDs +runuser \- run a shell with substitute user and group IDs
+[DESCRIPTION] +[DESCRIPTION]
+.\" Add any additional description here +.\" Add any additional description here
--- coreutils-5.93/src/su.c.runuser 2005-11-14 10:54:44.000000000 +0000 --- coreutils-5.93/src/su.c 2005-11-14 10:54:44.000000000 +0000
+++ coreutils-5.93/src/su.c 2005-11-14 10:54:44.000000000 +0000 +++ coreutils-5.93/src/su.c 2005-11-24 16:12:18.000000000 +0000
@@ -134,7 +134,9 @@ @@ -132,9 +132,15 @@
#include "error.h"
/* The official name of this program (e.g., no `g' prefix). */ /* The official name of this program (e.g., no `g' prefix). */
+#ifndef RUNUSER
#define PROGRAM_NAME "su" #define PROGRAM_NAME "su"
+#else
+#define PROGRAM_NAME "runuser"
+#endif
+#ifndef AUTHORS +#ifndef AUTHORS
#define AUTHORS "David MacKenzie" #define AUTHORS "David MacKenzie"
@ -98,7 +104,7 @@
#if HAVE_PATHS_H #if HAVE_PATHS_H
# include <paths.h> # include <paths.h>
@@ -172,6 +174,10 @@ @@ -172,6 +178,10 @@
#ifndef USE_PAM #ifndef USE_PAM
char *crypt (); char *crypt ();
#endif #endif
@ -109,7 +115,40 @@
char *getpass (); char *getpass ();
char *getusershell (); char *getusershell ();
void endusershell (); void endusershell ();
@@ -746,7 +752,7 @@ @@ -303,10 +313,12 @@
retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
PAM_BAIL_P;
+#ifndef RUNUSER
if (getuid() != 0 && !isatty(0)) {
fprintf(stderr, "standard in must be a tty\n");
exit(1);
}
+#endif
caller = getpwuid(getuid());
if(caller != NULL && caller->pw_name != NULL) {
@@ -323,6 +335,11 @@
retval = pam_set_item(pamh, PAM_TTY, tty_name);
PAM_BAIL_P;
}
+#ifdef RUNUSER
+ if (getuid() != geteuid())
+ /* safety net: deny operation if we are suid by accident */
+ error(EXIT_FAIL, 1, "runuser may not be setuid");
+#else
retval = pam_authenticate(pamh, 0);
PAM_BAIL_P;
retval = pam_acct_mgmt(pamh, 0);
@@ -332,6 +349,7 @@
PAM_BAIL_P;
}
PAM_BAIL_P;
+#endif
/* must be authenticated if this point was reached */
return 1;
#else /* !USE_PAM */
@@ -746,7 +764,7 @@
: DEFAULT_SHELL); : DEFAULT_SHELL);
endpwent (); endpwent ();
@ -118,8 +157,8 @@
{ {
#ifdef SYSLOG_FAILURE #ifdef SYSLOG_FAILURE
log_su (pw, false); log_su (pw, false);
--- coreutils-5.93/src/Makefile.am.runuser 2005-11-14 10:54:44.000000000 +0000 --- coreutils-5.93/src/Makefile.am 2005-11-14 10:54:44.000000000 +0000
+++ coreutils-5.93/src/Makefile.am 2005-11-14 10:54:44.000000000 +0000 +++ coreutils-5.93/src/Makefile.am 2005-11-24 16:18:58.000000000 +0000
@@ -17,7 +17,7 @@ @@ -17,7 +17,7 @@
## along with this program; if not, write to the Free Software Foundation, ## along with this program; if not, write to the Free Software Foundation,
## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
@ -129,15 +168,16 @@
bin_SCRIPTS = groups bin_SCRIPTS = groups
bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \ bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
@@ -91,6 +91,7 @@ @@ -93,4 +93,8 @@
uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS)
su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@ su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
+runuser_LDADD = $(LDADD) $(LIB_CRYPT)
+runuser_SOURCES = su.c
+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
+runuser_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
+
$(PROGRAMS): ../lib/libcoreutils.a $(PROGRAMS): ../lib/libcoreutils.a
@@ -106,7 +107,7 @@ @@ -106,7 +110,7 @@
chmod +x $@-t chmod +x $@-t
mv $@-t $@ mv $@-t $@
@ -146,66 +186,6 @@
installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'` installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
--- /dev/null 2005-10-10 09:36:06.437701000 +0100
+++ coreutils-5.93/src/runuser.c 2005-11-14 10:55:29.000000000 +0000
@@ -0,0 +1,57 @@
+#define CHECKPASSWD 0
+#define pam_start my_pam_start
+#define pam_end my_pam_end
+#define pam_setcred my_pam_setcred
+#define pam_open_session my_pam_open_session
+#define pam_close_session my_pam_close_session
+#define pam_strerror my_pam_strerror
+#define pam_getenvlist my_pam_getenvlist
+#define AUTHORS "David MacKenzie, Dan Walsh"
+#include "su.c"
+int pam_start(const char *service_name, const char *user,
+ const struct pam_conv *pam_conversation,
+ pam_handle_t **pamh) {
+ return PAM_SUCCESS;
+}
+int pam_end(pam_handle_t *pamh, int pam_status) {
+ return PAM_SUCCESS;
+}
+int pam_setcred(pam_handle_t *pamh, int flags){
+ return PAM_SUCCESS;
+}
+int pam_open_session(pam_handle_t *pamh, int flags){
+ if (getuid() != geteuid())
+ /* safety net: deny operation if we are suid by accident */
+ error(EXIT_FAIL, 1, "runuser may not be setuid");
+ return PAM_SUCCESS;
+}
+int pam_close_session(pam_handle_t *pamh, int flags){
+ return PAM_SUCCESS;
+}
+const char *pam_strerror(pam_handle_t *pamh, int err){
+ return "";
+}
+char **pam_getenvlist(pam_handle_t *pamh){
+ return NULL;
+}
+
+int misc_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr) {
+ return PAM_SUCCESS;
+}
+
+int pam_authenticate(pam_handle_t *pamh, int flags) {
+ return PAM_SUCCESS;
+}
+
+int pam_acct_mgmt(pam_handle_t *pamh, int flags) {
+ return PAM_SUCCESS;
+}
+
+int pam_chauthtok (pam_handle_t *pamh, int flags) {
+ return PAM_SUCCESS;
+}
+
+int pam_set_item(pam_handle_t *pamh, int item_type, const void *item) {
+ return PAM_SUCCESS;
+}
--- coreutils-5.93/tests/help-version.runuser 2005-01-05 22:08:48.000000000 +0000 --- coreutils-5.93/tests/help-version.runuser 2005-01-05 22:08:48.000000000 +0000
+++ coreutils-5.93/tests/help-version 2005-11-14 10:54:45.000000000 +0000 +++ coreutils-5.93/tests/help-version 2005-11-14 10:54:45.000000000 +0000
@@ -136,6 +136,7 @@ @@ -136,6 +136,7 @@

8
coreutils.spec
View File

@ -14,6 +14,7 @@ Source102: DIR_COLORS.xterm
Source105: colorls.sh Source105: colorls.sh
Source106: colorls.csh Source106: colorls.csh
Source200: su.pamd Source200: su.pamd
Source201: runuser.pamd
# From upstream # From upstream
@ -110,7 +111,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
touch aclocal.m4 configure config.hin Makefile.in */Makefile.in */*/Makefile.in touch aclocal.m4 configure config.hin Makefile.in */Makefile.in */*/Makefile.in
aclocal -I m4 aclocal -I m4
autoconf --force autoconf --force
automake --copy --force automake --copy --add-missing
%configure --enable-largefile --with-afs %{?!nopam:--enable-pam} \ %configure --enable-largefile --with-afs %{?!nopam:--enable-pam} \
--enable-selinux \ --enable-selinux \
|| : || :
@ -171,6 +172,7 @@ for i in hostname uptime kill ; do
done done
%{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su} %{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
%{?!nopam:install -m 644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser}
bzip2 -f9 old/*/C* || : bzip2 -f9 old/*/C* || :
@ -216,6 +218,7 @@ fi
%config(noreplace) %{_sysconfdir}/DIR_COLORS* %config(noreplace) %{_sysconfdir}/DIR_COLORS*
%config(noreplace) %{_sysconfdir}/profile.d/* %config(noreplace) %{_sysconfdir}/profile.d/*
%{?!nopam:%config(noreplace) /etc/pam.d/su} %{?!nopam:%config(noreplace) /etc/pam.d/su}
%{?!nopam:%config(noreplace) /etc/pam.d/runuser}
%doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/* %doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/*
/bin/basename /bin/basename
/bin/cat /bin/cat
@ -256,6 +259,9 @@ fi
/sbin/runuser /sbin/runuser
%changelog %changelog
* Thu Nov 25 2005 Tim Waugh <twaugh@redhat.com>
- Apply runuser PAM patch from bug #173807. Ship runuser PAM file.
* Tue Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 5.93-3 * Tue Nov 14 2005 Dan Walsh <dwalsh@redhat.com> 5.93-3
- Remove multiple from su.pamd - Remove multiple from su.pamd