rpms/cronie
7
0
Fork 1
Code Issues Pull Requests Releases Activity

check for NULL pamh on two more places (#1176215)

Browse Source
This commit is contained in:
Tomas Mraz 2015-01-02 11:38:53 +01:00
parent bc9aef5aa3
commit fc778cf11f
2 changed files with 50 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
cronie-1.4.12-pam-no-root.patch
View File

@ -12,7 +12,7 @@ index 22571ff..d165a06 100644
"You (%s) are not allowed to access to (%s) because of pam configuration.\n", "You (%s) are not allowed to access to (%s) because of pam configuration.\n",
User, ProgramName); User, ProgramName);
diff --git a/src/security.c b/src/security.c diff --git a/src/security.c b/src/security.c
index 4eee004..079ea2a 100644 index 4eee004..1668890 100644
--- a/src/security.c --- a/src/security.c
+++ b/src/security.c +++ b/src/security.c
@@ -88,6 +88,7 @@ static int cron_open_pam_session(struct passwd *pw); @@ -88,6 +88,7 @@ static int cron_open_pam_session(struct passwd *pw);
@ -54,6 +54,51 @@ index 4eee004..079ea2a 100644
#endif #endif
} }
@@ -243,7 +248,9 @@ int cron_change_groups(struct passwd *pw) {
#if defined(WITH_PAM)
/* credentials may take form of supplementary groups so reinitialize
* them here */
- pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
+ if (pamh != NULL) {
+ pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
+ }
#endif
return 0;
@@ -614,18 +621,19 @@ int crontab_security_access(void) {
* crontab environment
*/
static char **build_env(char **cronenv) {
+ char **jobenv;
#ifdef WITH_PAM
- char **jobenv = pam_getenvlist(pamh);
char *cronvar;
int count = 0;
- if (jobenv == NULL) {
- jobenv = env_init();
- if (jobenv == NULL) {
+ if (pamh == NULL || (jobenv=pam_getenvlist(pamh)) == NULL) {
+#endif
+ jobenv = env_copy(cronenv);
+ if (jobenv == NULL)
log_it("CRON", getpid(),
"ERROR", "Initialization of cron environment variables failed", 0);
- return NULL;
- }
+ return jobenv;
+#ifdef WITH_PAM
}
/* Now add the cron environment variables. Since env_set()
@@ -640,7 +648,5 @@ static char **build_env(char **cronenv) {
}
}
return jobenv;
-#else
- return env_copy(cronenv);
#endif
}
diff --git a/src/structs.h b/src/structs.h diff --git a/src/structs.h b/src/structs.h
index 272777a..6d3c15b 100644 index 272777a..6d3c15b 100644
--- a/src/structs.h --- a/src/structs.h

5
cronie.spec
View File

@ -6,7 +6,7 @@
Summary: Cron daemon for executing programs at set times Summary: Cron daemon for executing programs at set times
Name: cronie Name: cronie
Version: 1.4.12 Version: 1.4.12
Release: 3%{?dist} Release: 4%{?dist}
License: MIT and BSD and ISC and GPLv2+ License: MIT and BSD and ISC and GPLv2+
Group: System Environment/Base Group: System Environment/Base
URL: https://fedorahosted.org/cronie URL: https://fedorahosted.org/cronie
@ -205,6 +205,9 @@ exit 0
%attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs %attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs
%changelog %changelog
* Fri Jan 2 2015 Tomáš Mráz <tmraz@redhat.com> - 1.4.12-4
- check for NULL pamh on two more places (#1176215)
* Tue Dec 2 2014 Tomáš Mráz <tmraz@redhat.com> - 1.4.12-3 * Tue Dec 2 2014 Tomáš Mráz <tmraz@redhat.com> - 1.4.12-3
- call PAM only for non-root user or non-system crontabs (#956157) - call PAM only for non-root user or non-system crontabs (#956157)
- bypass the PAM check in crontab for root (#1169175) - bypass the PAM check in crontab for root (#1169175)