- Better error checking in the pam patch (bug #158189).

This commit is contained in:
Tim Waugh 2005-05-20 12:10:24 +00:00
parent a9153b8deb
commit f1ce78fd83
2 changed files with 17 additions and 12 deletions

View File

@ -91,7 +91,7 @@
Return 1 if the user gives the correct password for entry PW,
0 if not. Return 1 without asking for a password if run by UID 0
or if PW has an empty password. */
@@ -279,6 +319,42 @@
@@ -279,6 +319,44 @@
static int
correct_password (const struct passwd *pw)
{
@ -113,12 +113,14 @@
+ }
+
+ ttyn = ttyname(0);
+ if (ttyn) {
+ if (strncmp(ttyn, "/dev/", 5) == 0)
+ tty_name = ttyn+5;
+ else
+ tty_name = ttyn;
+ retval = pam_set_item(pamh, PAM_TTY, tty_name);
+ PAM_BAIL_P;
+ }
+ retval = pam_authenticate(pamh, 0);
+ PAM_BAIL_P;
+ retval = pam_acct_mgmt(pamh, 0);
@ -134,7 +136,7 @@
char *unencrypted, *encrypted, *correct;
#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
/* Shadow passwd stuff for SVR3 and maybe other systems. */
@@ -303,6 +379,7 @@
@@ -303,6 +381,7 @@
encrypted = crypt (unencrypted, correct);
memset (unencrypted, 0, strlen (unencrypted));
return strcmp (encrypted, correct) == 0;
@ -142,7 +144,7 @@
}
/* Update `environ' for the new shell based on PW, with SHELL being
@@ -312,16 +389,24 @@
@@ -312,16 +391,24 @@
modify_environment (const struct passwd *pw, const char *shell)
{
char *term;
@ -168,7 +170,7 @@
xputenv (concat ("HOME", "=", pw->pw_dir));
xputenv (concat ("SHELL", "=", shell));
xputenv (concat ("USER", "=", pw->pw_name));
@@ -354,8 +439,13 @@
@@ -354,8 +441,13 @@
{
#ifdef HAVE_INITGROUPS
errno = 0;
@ -183,7 +185,7 @@
endgrent ();
#endif
if (setgid (pw->pw_gid))
@@ -364,16 +454,69 @@
@@ -364,16 +456,69 @@
error (EXIT_FAIL, errno, _("cannot set user id"));
}
@ -254,7 +256,7 @@
if (additional_args)
args = xmalloc (sizeof (char *)
@@ -385,6 +528,9 @@
@@ -385,6 +530,9 @@
char *arg0;
char *shell_basename;
@ -264,7 +266,7 @@
shell_basename = base_name (shell);
arg0 = xmalloc (strlen (shell_basename) + 2);
arg0[0] = '-';
@@ -411,6 +557,66 @@
@@ -411,6 +559,66 @@
error (0, errno, "%s", shell);
exit (exit_status);
}
@ -331,7 +333,7 @@
}
/* Return 1 if SHELL is a restricted shell (one not returned by
@@ -586,9 +792,10 @@
@@ -586,9 +794,10 @@
}
modify_environment (pw, shell);

View File

@ -248,6 +248,9 @@ fi
/sbin/runuser
%changelog
* Fri May 20 2005 Tim Waugh <twaugh@redhat.com>
- Better error checking in the pam patch (bug #158189).
* Mon May 16 2005 Dan Walsh <dwalsh@redhat.com> 5.2.1-46
- Fix SELinux patch to better handle MLS integration