pam_faillock: Fix regression in admin_group support

This commit is contained in:
Tomas Mraz 2019-12-18 13:36:44 +01:00
parent a9ef7f8676
commit 4957e6ce68
3 changed files with 24 additions and 26 deletions

View File

@ -21,25 +21,25 @@ index c7698cb..a94b49e 100644
<para> <para>
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c
index f541f89..0fd59fb 100644 index f541f89..660c7a1 100644
--- a/modules/pam_namespace/pam_namespace.c --- a/modules/pam_namespace/pam_namespace.c
+++ b/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c
@@ -230,6 +230,78 @@ static int parse_iscript_params(char *params, struct polydir_s *poly) @@ -230,6 +230,73 @@ static int parse_iscript_params(char *params, struct polydir_s *poly)
return 0; return 0;
} }
+struct mntflag { +struct mntflag {
+ const char *name; + const char *name;
+ size_t size; + size_t len;
+ unsigned long flag; + unsigned long flag;
+}; +};
+ +
+#define LITERAL_AND_SIZE(x) x, sizeof(x) +#define LITERAL_AND_LEN(x) x, sizeof(x) - 1
+ +
+static const struct mntflag mntflags[] = { +static const struct mntflag mntflags[] = {
+ { LITERAL_AND_SIZE("noexec"), MS_NOEXEC }, + { LITERAL_AND_LEN("noexec"), MS_NOEXEC },
+ { LITERAL_AND_SIZE("nosuid"), MS_NOSUID }, + { LITERAL_AND_LEN("nosuid"), MS_NOSUID },
+ { LITERAL_AND_SIZE("nodev"), MS_NODEV } + { LITERAL_AND_LEN("nodev"), MS_NODEV }
+ }; + };
+ +
+static int filter_mntopts(const char *opts, char **filtered, +static int filter_mntopts(const char *opts, char **filtered,
@ -49,16 +49,12 @@ index f541f89..0fd59fb 100644
+ const char *end; + const char *end;
+ char *dest; + char *dest;
+ +
+ *filtered = NULL; + dest = *filtered = NULL;
+ *mountflags = 0; + *mountflags = 0;
+ +
+ if (origlen == 0) + if (origlen == 0)
+ return 0; + return 0;
+ +
+ dest = *filtered = calloc(1, origlen);
+ if (*filtered == NULL)
+ return -1;
+
+ do { + do {
+ size_t len; + size_t len;
+ int i; + int i;
@ -71,9 +67,9 @@ index f541f89..0fd59fb 100644
+ } + }
+ +
+ for (i = 0; i < (int)(sizeof(mntflags)/sizeof(mntflags[0])); i++) { + for (i = 0; i < (int)(sizeof(mntflags)/sizeof(mntflags[0])); i++) {
+ if (mntflags[i].size - 1 != len) + if (mntflags[i].len != len)
+ continue; + continue;
+ if (strncmp(mntflags[i].name, opts, len) == 0) { + if (memcmp(mntflags[i].name, opts, len) == 0) {
+ *mountflags |= mntflags[i].flag; + *mountflags |= mntflags[i].flag;
+ opts = end; + opts = end;
+ break; + break;
@ -81,29 +77,28 @@ index f541f89..0fd59fb 100644
+ } + }
+ +
+ if (opts != end) { + if (opts != end) {
+ if (dest != *filtered) { + if (dest != NULL) {
+ *dest = ','; + *dest = ',';
+ ++dest; + ++dest;
+ } else {
+ dest = *filtered = calloc(1, origlen + 1);
+ if (dest == NULL)
+ return -1;
+ } + }
+ strncpy(dest, opts, len); + memcpy(dest, opts, len);
+ dest += len; + dest += len;
+ } + }
+ +
+ opts = end + 1; + opts = end + 1;
+ } while (end != NULL); + } while (end != NULL);
+ +
+ if (dest == *filtered) {
+ /* nothing left */
+ free(dest);
+ *filtered = NULL;
+ }
+ return 0; + return 0;
+} +}
+ +
static int parse_method(char *method, struct polydir_s *poly, static int parse_method(char *method, struct polydir_s *poly,
struct instance_data *idata) struct instance_data *idata)
{ {
@@ -289,7 +361,8 @@ static int parse_method(char *method, struct polydir_s *poly, @@ -289,7 +356,8 @@ static int parse_method(char *method, struct polydir_s *poly,
break; break;
} }
free(poly->mount_opts); /* if duplicate mntopts specified */ free(poly->mount_opts); /* if duplicate mntopts specified */
@ -113,7 +108,7 @@ index f541f89..0fd59fb 100644
pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error");
return -1; return -1;
} }
@@ -1484,7 +1557,7 @@ static int ns_setup(struct polydir_s *polyptr, @@ -1484,7 +1552,7 @@ static int ns_setup(struct polydir_s *polyptr,
} }
if (polyptr->method == TMPFS) { if (polyptr->method == TMPFS) {

View File

@ -1,9 +1,9 @@
%global pam_redhat_version 1.1.1 %global pam_redhat_version 1.1.2
Summary: An extensible library which provides authentication for applications Summary: An extensible library which provides authentication for applications
Name: pam Name: pam
Version: 1.3.1 Version: 1.3.1
Release: 20%{?dist} Release: 21%{?dist}
# The library is BSD licensed with option to relicense as GPLv2+ # The library is BSD licensed with option to relicense as GPLv2+
# - this option is redundant as the BSD license allows that anyway. # - this option is redundant as the BSD license allows that anyway.
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+. # pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
@ -399,6 +399,9 @@ done
%doc doc/specs/rfc86.0.txt %doc doc/specs/rfc86.0.txt
%changelog %changelog
* Wed Dec 17 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-21
- pam_faillock: Fix regression in admin_group support
* Wed Oct 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-20 * Wed Oct 16 2019 Tomáš Mráz <tmraz@redhat.com> 1.3.1-20
- pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts - pam_namespace: Support noexec, nosuid and nodev flags for tmpfs mounts
- Drop tallylog and pam_tally documentation - Drop tallylog and pam_tally documentation

View File

@ -1,3 +1,3 @@
SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e SHA512 (Linux-PAM-1.3.1.tar.xz) = 6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e
SHA512 (Linux-PAM-1.3.1.tar.xz.asc) = 8b3ad3f4f29fad663e375296dca00f736b3de764f11d7b7aa615d00efe1c702c9060f244967f2d84d8ef3a342c3a1f8eba6dd52847df427bb3ce0ff765a8108a SHA512 (Linux-PAM-1.3.1.tar.xz.asc) = 8b3ad3f4f29fad663e375296dca00f736b3de764f11d7b7aa615d00efe1c702c9060f244967f2d84d8ef3a342c3a1f8eba6dd52847df427bb3ce0ff765a8108a
SHA512 (pam-redhat-1.1.1.tar.bz2) = 45adff01e1a1370c5bcfa539e9eb98337301bf9b63446a433fb4d45b60cd631aae9d6afe0a92e8736836e44f6c7d099f97d26fcea06592ef769481908a82fc43 SHA512 (pam-redhat-1.1.2.tar.bz2) = 9e70376a4b33d0e0df1a2f8158b25b540559f3c952a435574e619262f0d2da71d381336a06edee08a032c5096d7ae24cb7fc91a8cf8518dd5ad4f93d62b7d582