pam_faillock: Fix regression in admin_group support
This commit is contained in:
parent
a9ef7f8676
commit
4957e6ce68
@ -21,25 +21,25 @@ index c7698cb..a94b49e 100644
|
|||||||
|
|
||||||
<para>
|
<para>
|
||||||
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
|
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
|
||||||
index f541f89..0fd59fb 100644
|
index f541f89..660c7a1 100644
|
||||||
--- a/modules/pam_namespace/pam_namespace.c
|
--- a/modules/pam_namespace/pam_namespace.c
|
||||||
+++ b/modules/pam_namespace/pam_namespace.c
|
+++ b/modules/pam_namespace/pam_namespace.c
|
||||||
@@ -230,6 +230,78 @@ static int parse_iscript_params(char *params, struct polydir_s *poly)
|
@@ -230,6 +230,73 @@ static int parse_iscript_params(char *params, struct polydir_s *poly)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
+struct mntflag {
|
+struct mntflag {
|
||||||
+ const char *name;
|
+ const char *name;
|
||||||
+ size_t size;
|
+ size_t len;
|
||||||
+ unsigned long flag;
|
+ unsigned long flag;
|
||||||
+};
|
+};
|
||||||
+
|
+
|
||||||
+#define LITERAL_AND_SIZE(x) x, sizeof(x)
|
+#define LITERAL_AND_LEN(x) x, sizeof(x) - 1
|
||||||
+
|
+
|
||||||
+static const struct mntflag mntflags[] = {
|
+static const struct mntflag mntflags[] = {
|
||||||
+ { LITERAL_AND_SIZE("noexec"), MS_NOEXEC },
|
+ { LITERAL_AND_LEN("noexec"), MS_NOEXEC },
|
||||||
+ { LITERAL_AND_SIZE("nosuid"), MS_NOSUID },
|
+ { LITERAL_AND_LEN("nosuid"), MS_NOSUID },
|
||||||
+ { LITERAL_AND_SIZE("nodev"), MS_NODEV }
|
+ { LITERAL_AND_LEN("nodev"), MS_NODEV }
|
||||||
+ };
|
+ };
|
||||||
+
|
+
|
||||||
+static int filter_mntopts(const char *opts, char **filtered,
|
+static int filter_mntopts(const char *opts, char **filtered,
|
||||||
@ -49,16 +49,12 @@ index f541f89..0fd59fb 100644
|
|||||||
+ const char *end;
|
+ const char *end;
|
||||||
+ char *dest;
|
+ char *dest;
|
||||||
+
|
+
|
||||||
+ *filtered = NULL;
|
+ dest = *filtered = NULL;
|
||||||
+ *mountflags = 0;
|
+ *mountflags = 0;
|
||||||
+
|
+
|
||||||
+ if (origlen == 0)
|
+ if (origlen == 0)
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+
|
+
|
||||||
+ dest = *filtered = calloc(1, origlen);
|
|
||||||
+ if (*filtered == NULL)
|
|
||||||
+ return -1;
|
|
||||||
+
|
|
||||||
+ do {
|
+ do {
|
||||||
+ size_t len;
|
+ size_t len;
|
||||||
+ int i;
|
+ int i;
|
||||||
@ -71,9 +67,9 @@ index f541f89..0fd59fb 100644
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ for (i = 0; i < (int)(sizeof(mntflags)/sizeof(mntflags[0])); i++) {
|
+ for (i = 0; i < (int)(sizeof(mntflags)/sizeof(mntflags[0])); i++) {
|
||||||
+ if (mntflags[i].size - 1 != len)
|
+ if (mntflags[i].len != len)
|
||||||
+ continue;
|
+ continue;
|
||||||
+ if (strncmp(mntflags[i].name, opts, len) == 0) {
|
+ if (memcmp(mntflags[i].name, opts, len) == 0) {
|
||||||
+ *mountflags |= mntflags[i].flag;
|
+ *mountflags |= mntflags[i].flag;
|
||||||
+ opts = end;
|
+ opts = end;
|
||||||
+ break;
|
+ break;
|
||||||
@ -81,29 +77,28 @@ index f541f89..0fd59fb 100644
|
|||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ if (opts != end) {
|
+ if (opts != end) {
|
||||||
+ if (dest != *filtered) {
|
+ if (dest != NULL) {
|
||||||
+ *dest = ',';
|
+ *dest = ',';
|
||||||
+ ++dest;
|
+ ++dest;
|
||||||
|
+ } else {
|
||||||
|
+ dest = *filtered = calloc(1, origlen + 1);
|
||||||
|
+ if (dest == NULL)
|
||||||
|
+ return -1;
|
||||||
+ }
|
+ }
|
||||||
+ strncpy(dest, opts, len);
|
+ memcpy(dest, opts, len);
|
||||||
+ dest += len;
|
+ dest += len;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+ opts = end + 1;
|
+ opts = end + 1;
|
||||||
+ } while (end != NULL);
|
+ } while (end != NULL);
|
||||||
+
|
+
|
||||||
+ if (dest == *filtered) {
|
|
||||||
+ /* nothing left */
|
|
||||||
+ free(dest);
|
|
||||||
+ *filtered = NULL;
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
static int parse_method(char *method, struct polydir_s *poly,
|
static int parse_method(char *method, struct polydir_s *poly,
|
||||||
struct instance_data *idata)
|
struct instance_data *idata)
|
||||||
{
|
{
|
||||||
@@ -289,7 +361,8 @@ static int parse_method(char *method, struct polydir_s *poly,
|
@@ -289,7 +356,8 @@ static int parse_method(char *method, struct polydir_s *poly,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
free(poly->mount_opts); /* if duplicate mntopts specified */
|
free(poly->mount_opts); /* if duplicate mntopts specified */
|
||||||
@ -113,7 +108,7 @@ index f541f89..0fd59fb 100644
|
|||||||
pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
|
pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -1484,7 +1557,7 @@ static int ns_setup(struct polydir_s *polyptr,
|
@@ -1484,7 +1552,7 @@ static int ns_setup(struct polydir_s *polyptr,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (polyptr->method == TMPFS) {
|
if (polyptr->method == TMPFS) {
|
||||||
|
7
pam.spec
7
pam.spec
@ -1,9 +1,9 @@
|
|||||||
%global pam_redhat_version 1.1.1
|
%global pam_redhat_version 1.1.2
|
||||||
|
|
||||||
Summary: An extensible library which provides authentication for applications
|
Summary: An extensible library which provides authentication for applications
|
||||||
Name: pam
|
Name: pam
|
||||||
Version: 1.3.1
|
Version: 1.3.1
|
||||||
Release: 20%{?dist}
|
Release: 21%{?dist}
|
||||||
# The library is BSD licensed with option to relicense as GPLv2+
|
# The library is BSD licensed with option to relicense as GPLv2+
|
||||||
# - this option is redundant as the BSD license allows that anyway.
|
# - this option is redundant as the BSD license allows that anyway.
|
||||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||||
@ -399,6 +399,9 @@ done
|
|||||||
%doc doc/specs/rfc86.0.txt
|
%doc doc/specs/rfc86.0.txt
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 17 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-21
|
||||||
|
- pam_faillock: Fix regression in admin_group support
|
||||||
|
|
||||||
* Wed Oct 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-20
|
* Wed Oct 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-20
|
||||||
- pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
|
- pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
|
||||||
- Drop tallylog and pam_tally documentation
|
- Drop tallylog and pam_tally documentation
|
||||||
|
2
sources
2
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e
|
SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e
|
||||||
SHA512 (Linux-PAM-1.3.1.tar.xz.asc) = 8b3ad3f4f29fad663e375296dca00f736b3de764f11d7b7aa615d00efe1c702c9060f244967f2d84d8ef3a342c3a1f8eba6dd52847df427bb3ce0ff765a8108a
|
SHA512 (Linux-PAM-1.3.1.tar.xz.asc) = 8b3ad3f4f29fad663e375296dca00f736b3de764f11d7b7aa615d00efe1c702c9060f244967f2d84d8ef3a342c3a1f8eba6dd52847df427bb3ce0ff765a8108a
|
||||||
SHA512 (pam-redhat-1.1.1.tar.bz2) = 45adff01e1a1370c5bcfa539e9eb98337301bf9b63446a433fb4d45b60cd631aae9d6afe0a92e8736836e44f6c7d099f97d26fcea06592ef769481908a82fc43
|
SHA512 (pam-redhat-1.1.2.tar.bz2) = 9e70376a4b33d0e0df1a2f8158b25b540559f3c952a435574e619262f0d2da71d381336a06edee08a032c5096d7ae24cb7fc91a8cf8518dd5ad4f93d62b7d582
|
||||||
|
Loading…
Reference in New Issue
Block a user