- Better error checking in the pam patch (bug #158189).

This commit is contained in:
Tim Waugh 2005-05-20 12:10:24 +00:00
parent a9153b8deb
commit f1ce78fd83
2 changed files with 17 additions and 12 deletions

View File

@ -91,7 +91,7 @@
Return 1 if the user gives the correct password for entry PW, Return 1 if the user gives the correct password for entry PW,
0 if not. Return 1 without asking for a password if run by UID 0 0 if not. Return 1 without asking for a password if run by UID 0
or if PW has an empty password. */ or if PW has an empty password. */
@@ -279,6 +319,42 @@ @@ -279,6 +319,44 @@
static int static int
correct_password (const struct passwd *pw) correct_password (const struct passwd *pw)
{ {
@ -113,12 +113,14 @@
+ } + }
+ +
+ ttyn = ttyname(0); + ttyn = ttyname(0);
+ if (ttyn) {
+ if (strncmp(ttyn, "/dev/", 5) == 0) + if (strncmp(ttyn, "/dev/", 5) == 0)
+ tty_name = ttyn+5; + tty_name = ttyn+5;
+ else + else
+ tty_name = ttyn; + tty_name = ttyn;
+ retval = pam_set_item(pamh, PAM_TTY, tty_name); + retval = pam_set_item(pamh, PAM_TTY, tty_name);
+ PAM_BAIL_P; + PAM_BAIL_P;
+ }
+ retval = pam_authenticate(pamh, 0); + retval = pam_authenticate(pamh, 0);
+ PAM_BAIL_P; + PAM_BAIL_P;
+ retval = pam_acct_mgmt(pamh, 0); + retval = pam_acct_mgmt(pamh, 0);
@ -134,7 +136,7 @@
char *unencrypted, *encrypted, *correct; char *unencrypted, *encrypted, *correct;
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
/* Shadow passwd stuff for SVR3 and maybe other systems. */ /* Shadow passwd stuff for SVR3 and maybe other systems. */
@@ -303,6 +379,7 @@ @@ -303,6 +381,7 @@
encrypted = crypt (unencrypted, correct); encrypted = crypt (unencrypted, correct);
memset (unencrypted, 0, strlen (unencrypted)); memset (unencrypted, 0, strlen (unencrypted));
return strcmp (encrypted, correct) == 0; return strcmp (encrypted, correct) == 0;
@ -142,7 +144,7 @@
} }
/* Update `environ' for the new shell based on PW, with SHELL being /* Update `environ' for the new shell based on PW, with SHELL being
@@ -312,16 +389,24 @@ @@ -312,16 +391,24 @@
modify_environment (const struct passwd *pw, const char *shell) modify_environment (const struct passwd *pw, const char *shell)
{ {
char *term; char *term;
@ -168,7 +170,7 @@
xputenv (concat ("HOME", "=", pw->pw_dir)); xputenv (concat ("HOME", "=", pw->pw_dir));
xputenv (concat ("SHELL", "=", shell)); xputenv (concat ("SHELL", "=", shell));
xputenv (concat ("USER", "=", pw->pw_name)); xputenv (concat ("USER", "=", pw->pw_name));
@@ -354,8 +439,13 @@ @@ -354,8 +441,13 @@
{ {
#ifdef HAVE_INITGROUPS #ifdef HAVE_INITGROUPS
errno = 0; errno = 0;
@ -183,7 +185,7 @@
endgrent (); endgrent ();
#endif #endif
if (setgid (pw->pw_gid)) if (setgid (pw->pw_gid))
@@ -364,16 +454,69 @@ @@ -364,16 +456,69 @@
error (EXIT_FAIL, errno, _("cannot set user id")); error (EXIT_FAIL, errno, _("cannot set user id"));
} }
@ -254,7 +256,7 @@
if (additional_args) if (additional_args)
args = xmalloc (sizeof (char *) args = xmalloc (sizeof (char *)
@@ -385,6 +528,9 @@ @@ -385,6 +530,9 @@
char *arg0; char *arg0;
char *shell_basename; char *shell_basename;
@ -264,7 +266,7 @@
shell_basename = base_name (shell); shell_basename = base_name (shell);
arg0 = xmalloc (strlen (shell_basename) + 2); arg0 = xmalloc (strlen (shell_basename) + 2);
arg0[0] = '-'; arg0[0] = '-';
@@ -411,6 +557,66 @@ @@ -411,6 +559,66 @@
error (0, errno, "%s", shell); error (0, errno, "%s", shell);
exit (exit_status); exit (exit_status);
} }
@ -331,7 +333,7 @@
} }
/* Return 1 if SHELL is a restricted shell (one not returned by /* Return 1 if SHELL is a restricted shell (one not returned by
@@ -586,9 +792,10 @@ @@ -586,9 +794,10 @@
} }
modify_environment (pw, shell); modify_environment (pw, shell);

View File

@ -248,6 +248,9 @@ fi
/sbin/runuser /sbin/runuser
%changelog %changelog
* Fri May 20 2005 Tim Waugh <twaugh@redhat.com>
- Better error checking in the pam patch (bug #158189).
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 5.2.1-46 * Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 5.2.1-46
- Fix SELinux patch to better handle MLS integration - Fix SELinux patch to better handle MLS integration