- Better error checking in the pam patch (bug #158189).
This commit is contained in:
Tim Waugh
parent
a9153b8deb
commit
f1ce78fd83
@ -91,7 +91,7 @@
|
|||||||
Return 1 if the user gives the correct password for entry PW,
|
Return 1 if the user gives the correct password for entry PW,
|
||||||
0 if not. Return 1 without asking for a password if run by UID 0
|
0 if not. Return 1 without asking for a password if run by UID 0
|
||||||
or if PW has an empty password. */
|
or if PW has an empty password. */
|
||||||
@@ -279,6 +319,42 @@
|
@@ -279,6 +319,44 @@
|
||||||
static int
|
static int
|
||||||
correct_password (const struct passwd *pw)
|
correct_password (const struct passwd *pw)
|
||||||
{
|
{
|
||||||
@ -113,12 +113,14 @@
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ ttyn = ttyname(0);
|
+ ttyn = ttyname(0);
|
||||||
+ if (strncmp(ttyn, "/dev/", 5) == 0)
|
+ if (ttyn) {
|
||||||
|
+ if (strncmp(ttyn, "/dev/", 5) == 0)
|
||||||
+ tty_name = ttyn+5;
|
+ tty_name = ttyn+5;
|
||||||
+ else
|
+ else
|
||||||
+ tty_name = ttyn;
|
+ tty_name = ttyn;
|
||||||
+ retval = pam_set_item(pamh, PAM_TTY, tty_name);
|
+ retval = pam_set_item(pamh, PAM_TTY, tty_name);
|
||||||
+ PAM_BAIL_P;
|
+ PAM_BAIL_P;
|
||||||
|
+ }
|
||||||
+ retval = pam_authenticate(pamh, 0);
|
+ retval = pam_authenticate(pamh, 0);
|
||||||
+ PAM_BAIL_P;
|
+ PAM_BAIL_P;
|
||||||
+ retval = pam_acct_mgmt(pamh, 0);
|
+ retval = pam_acct_mgmt(pamh, 0);
|
||||||
@ -134,7 +136,7 @@
|
|||||||
char *unencrypted, *encrypted, *correct;
|
char *unencrypted, *encrypted, *correct;
|
||||||
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
|
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
|
||||||
/* Shadow passwd stuff for SVR3 and maybe other systems. */
|
/* Shadow passwd stuff for SVR3 and maybe other systems. */
|
||||||
@@ -303,6 +379,7 @@
|
@@ -303,6 +381,7 @@
|
||||||
encrypted = crypt (unencrypted, correct);
|
encrypted = crypt (unencrypted, correct);
|
||||||
memset (unencrypted, 0, strlen (unencrypted));
|
memset (unencrypted, 0, strlen (unencrypted));
|
||||||
return strcmp (encrypted, correct) == 0;
|
return strcmp (encrypted, correct) == 0;
|
||||||
@ -142,7 +144,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Update `environ' for the new shell based on PW, with SHELL being
|
/* Update `environ' for the new shell based on PW, with SHELL being
|
||||||
@@ -312,16 +389,24 @@
|
@@ -312,16 +391,24 @@
|
||||||
modify_environment (const struct passwd *pw, const char *shell)
|
modify_environment (const struct passwd *pw, const char *shell)
|
||||||
{
|
{
|
||||||
char *term;
|
char *term;
|
||||||
@ -168,7 +170,7 @@
|
|||||||
xputenv (concat ("HOME", "=", pw->pw_dir));
|
xputenv (concat ("HOME", "=", pw->pw_dir));
|
||||||
xputenv (concat ("SHELL", "=", shell));
|
xputenv (concat ("SHELL", "=", shell));
|
||||||
xputenv (concat ("USER", "=", pw->pw_name));
|
xputenv (concat ("USER", "=", pw->pw_name));
|
||||||
@@ -354,8 +439,13 @@
|
@@ -354,8 +441,13 @@
|
||||||
{
|
{
|
||||||
#ifdef HAVE_INITGROUPS
|
#ifdef HAVE_INITGROUPS
|
||||||
errno = 0;
|
errno = 0;
|
||||||
@ -183,7 +185,7 @@
|
|||||||
endgrent ();
|
endgrent ();
|
||||||
#endif
|
#endif
|
||||||
if (setgid (pw->pw_gid))
|
if (setgid (pw->pw_gid))
|
||||||
@@ -364,16 +454,69 @@
|
@@ -364,16 +456,69 @@
|
||||||
error (EXIT_FAIL, errno, _("cannot set user id"));
|
error (EXIT_FAIL, errno, _("cannot set user id"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -254,7 +256,7 @@
|
|||||||
|
|
||||||
if (additional_args)
|
if (additional_args)
|
||||||
args = xmalloc (sizeof (char *)
|
args = xmalloc (sizeof (char *)
|
||||||
@@ -385,6 +528,9 @@
|
@@ -385,6 +530,9 @@
|
||||||
char *arg0;
|
char *arg0;
|
||||||
char *shell_basename;
|
char *shell_basename;
|
||||||
|
|
||||||
@ -264,7 +266,7 @@
|
|||||||
shell_basename = base_name (shell);
|
shell_basename = base_name (shell);
|
||||||
arg0 = xmalloc (strlen (shell_basename) + 2);
|
arg0 = xmalloc (strlen (shell_basename) + 2);
|
||||||
arg0[0] = '-';
|
arg0[0] = '-';
|
||||||
@@ -411,6 +557,66 @@
|
@@ -411,6 +559,66 @@
|
||||||
error (0, errno, "%s", shell);
|
error (0, errno, "%s", shell);
|
||||||
exit (exit_status);
|
exit (exit_status);
|
||||||
}
|
}
|
||||||
@ -331,7 +333,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Return 1 if SHELL is a restricted shell (one not returned by
|
/* Return 1 if SHELL is a restricted shell (one not returned by
|
||||||
@@ -586,9 +792,10 @@
|
@@ -586,9 +794,10 @@
|
||||||
}
|
}
|
||||||
modify_environment (pw, shell);
|
modify_environment (pw, shell);
|
||||||
|
|
||||||
|
|||||||
@ -248,6 +248,9 @@ fi
|
|||||||
/sbin/runuser
|
/sbin/runuser
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri May 20 2005 Tim Waugh <twaugh@redhat.com>
|
||||||
|
- Better error checking in the pam patch (bug #158189).
|
||||||
|
|
||||||
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 5.2.1-46
|
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 5.2.1-46
|
||||||
- Fix SELinux patch to better handle MLS integration
|
- Fix SELinux patch to better handle MLS integration
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user