pam_faillock: Fix regression in admin_group support
This commit is contained in:
Tomas Mraz
parent
a9ef7f8676
commit
4957e6ce68
@ -21,25 +21,25 @@ index c7698cb..a94b49e 100644
|
||||
|
||||
<para>
|
||||
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
|
||||
index f541f89..0fd59fb 100644
|
||||
index f541f89..660c7a1 100644
|
||||
--- a/modules/pam_namespace/pam_namespace.c
|
||||
+++ b/modules/pam_namespace/pam_namespace.c
|
||||
@@ -230,6 +230,78 @@ static int parse_iscript_params(char *params, struct polydir_s *poly)
|
||||
@@ -230,6 +230,73 @@ static int parse_iscript_params(char *params, struct polydir_s *poly)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+struct mntflag {
|
||||
+ const char *name;
|
||||
+ size_t size;
|
||||
+ size_t len;
|
||||
+ unsigned long flag;
|
||||
+};
|
||||
+
|
||||
+#define LITERAL_AND_SIZE(x) x, sizeof(x)
|
||||
+#define LITERAL_AND_LEN(x) x, sizeof(x) - 1
|
||||
+
|
||||
+static const struct mntflag mntflags[] = {
|
||||
+ { LITERAL_AND_SIZE("noexec"), MS_NOEXEC },
|
||||
+ { LITERAL_AND_SIZE("nosuid"), MS_NOSUID },
|
||||
+ { LITERAL_AND_SIZE("nodev"), MS_NODEV }
|
||||
+ { LITERAL_AND_LEN("noexec"), MS_NOEXEC },
|
||||
+ { LITERAL_AND_LEN("nosuid"), MS_NOSUID },
|
||||
+ { LITERAL_AND_LEN("nodev"), MS_NODEV }
|
||||
+ };
|
||||
+
|
||||
+static int filter_mntopts(const char *opts, char **filtered,
|
||||
@ -49,16 +49,12 @@ index f541f89..0fd59fb 100644
|
||||
+ const char *end;
|
||||
+ char *dest;
|
||||
+
|
||||
+ *filtered = NULL;
|
||||
+ dest = *filtered = NULL;
|
||||
+ *mountflags = 0;
|
||||
+
|
||||
+ if (origlen == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ dest = *filtered = calloc(1, origlen);
|
||||
+ if (*filtered == NULL)
|
||||
+ return -1;
|
||||
+
|
||||
+ do {
|
||||
+ size_t len;
|
||||
+ int i;
|
||||
@ -71,9 +67,9 @@ index f541f89..0fd59fb 100644
|
||||
+ }
|
||||
+
|
||||
+ for (i = 0; i < (int)(sizeof(mntflags)/sizeof(mntflags[0])); i++) {
|
||||
+ if (mntflags[i].size - 1 != len)
|
||||
+ if (mntflags[i].len != len)
|
||||
+ continue;
|
||||
+ if (strncmp(mntflags[i].name, opts, len) == 0) {
|
||||
+ if (memcmp(mntflags[i].name, opts, len) == 0) {
|
||||
+ *mountflags |= mntflags[i].flag;
|
||||
+ opts = end;
|
||||
+ break;
|
||||
@ -81,29 +77,28 @@ index f541f89..0fd59fb 100644
|
||||
+ }
|
||||
+
|
||||
+ if (opts != end) {
|
||||
+ if (dest != *filtered) {
|
||||
+ if (dest != NULL) {
|
||||
+ *dest = ',';
|
||||
+ ++dest;
|
||||
+ } else {
|
||||
+ dest = *filtered = calloc(1, origlen + 1);
|
||||
+ if (dest == NULL)
|
||||
+ return -1;
|
||||
+ }
|
||||
+ strncpy(dest, opts, len);
|
||||
+ memcpy(dest, opts, len);
|
||||
+ dest += len;
|
||||
+ }
|
||||
+
|
||||
+ opts = end + 1;
|
||||
+ } while (end != NULL);
|
||||
+
|
||||
+ if (dest == *filtered) {
|
||||
+ /* nothing left */
|
||||
+ free(dest);
|
||||
+ *filtered = NULL;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
static int parse_method(char *method, struct polydir_s *poly,
|
||||
struct instance_data *idata)
|
||||
{
|
||||
@@ -289,7 +361,8 @@ static int parse_method(char *method, struct polydir_s *poly,
|
||||
@@ -289,7 +356,8 @@ static int parse_method(char *method, struct polydir_s *poly,
|
||||
break;
|
||||
}
|
||||
free(poly->mount_opts); /* if duplicate mntopts specified */
|
||||
@ -113,7 +108,7 @@ index f541f89..0fd59fb 100644
|
||||
pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
|
||||
return -1;
|
||||
}
|
||||
@@ -1484,7 +1557,7 @@ static int ns_setup(struct polydir_s *polyptr,
|
||||
@@ -1484,7 +1552,7 @@ static int ns_setup(struct polydir_s *polyptr,
|
||||
}
|
||||
|
||||
if (polyptr->method == TMPFS) {
|
||||
|
||||
7
pam.spec
7
pam.spec
@ -1,9 +1,9 @@
|
||||
%global pam_redhat_version 1.1.1
|
||||
%global pam_redhat_version 1.1.2
|
||||
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.3.1
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -399,6 +399,9 @@ done
|
||||
%doc doc/specs/rfc86.0.txt
|
||||
|
||||
%changelog
|
||||
* Wed Dec 17 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-21
|
||||
- pam_faillock: Fix regression in admin_group support
|
||||
|
||||
* Wed Oct 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-20
|
||||
- pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
|
||||
- Drop tallylog and pam_tally documentation
|
||||
|
||||
2
sources
2
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e
|
||||
SHA512 (Linux-PAM-1.3.1.tar.xz.asc) = 8b3ad3f4f29fad663e375296dca00f736b3de764f11d7b7aa615d00efe1c702c9060f244967f2d84d8ef3a342c3a1f8eba6dd52847df427bb3ce0ff765a8108a
|
||||
SHA512 (pam-redhat-1.1.1.tar.bz2) = 45adff01e1a1370c5bcfa539e9eb98337301bf9b63446a433fb4d45b60cd631aae9d6afe0a92e8736836e44f6c7d099f97d26fcea06592ef769481908a82fc43
|
||||
SHA512 (pam-redhat-1.1.2.tar.bz2) = 9e70376a4b33d0e0df1a2f8158b25b540559f3c952a435574e619262f0d2da71d381336a06edee08a032c5096d7ae24cb7fc91a8cf8518dd5ad4f93d62b7d582
|
||||
|
||||
Loading…
Reference in New Issue
Block a user