From 35f9128ba2bb7e3df25a367faa8e6fb7e42a3918 Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Fri, 27 Sep 2024 18:50:06 -0400 Subject: [PATCH] Fix crash with pam_lastlog Resolves: RHEL-53984 --- ...s-Root-conversation-and-closure-data.patch | 36 +++++++++++++++++++ python-pam.spec | 10 ++++-- 2 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 0001-internals-Root-conversation-and-closure-data.patch diff --git a/0001-internals-Root-conversation-and-closure-data.patch b/0001-internals-Root-conversation-and-closure-data.patch new file mode 100644 index 0000000..c7328de --- /dev/null +++ b/0001-internals-Root-conversation-and-closure-data.patch @@ -0,0 +1,36 @@ +commit 89ff31db581df98eb34f19471421f5cfcfb1cefd (HEAD -> master) +Author: Ray Strode +Date: Fri Sep 27 15:31:03 2024 -0400 + + internals: Root conversation and closure data + + If the conversation and closure data are not rooted to the class + then they can be garbage collected before the conversation function + is invoked. + + That leads to a crash in pam_lastlog during session open time. + + This commit addressed the issue by assigning the state to the class + as properties. + +diff --git a/src/pam/__internals.py b/src/pam/__internals.py +index 99a0397..9e33188 100644 +--- a/src/pam/__internals.py ++++ b/src/pam/__internals.py +@@ -311,11 +311,11 @@ class PamAuthenticator: + + # do this up front so we can safely throw an exception if there's + # anything wrong with it +- app_data = {'msgs': self.messages, 'password': password, 'encoding': encoding} +- conv = PamConv(__conv, c_void_p.from_buffer(py_object(app_data))) ++ self.app_data = {'msgs': self.messages, 'password': password, 'encoding': encoding} ++ self.conv = PamConv(__conv, c_void_p.from_buffer(py_object(self.app_data))) + + self.handle = PamHandle() +- retval = self.pam_start(service, username, byref(conv), ++ retval = self.pam_start(service, username, byref(self.conv), + byref(self.handle)) + + if retval != PAM_SUCCESS: # pragma: no cover + + diff --git a/python-pam.spec b/python-pam.spec index 1a94f9e..3e7b562 100644 --- a/python-pam.spec +++ b/python-pam.spec @@ -1,6 +1,6 @@ Name: python-pam Version: 2.0.2 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Pure Python interface to the Pluggable Authentication Modules system on Linux License: MIT URL: https://github.com/FirefighterBlu3/python-pam @@ -8,6 +8,8 @@ Source0: https://pypi.python.org/packages/source/p/%{name}/%{name}-%{vers BuildArch: noarch BuildRequires: python3-devel +Patch: 0001-internals-Root-conversation-and-closure-data.patch + %generate_buildrequires %pyproject_buildrequires @@ -24,7 +26,7 @@ This module provides an authenticate function that allows the caller to authenticate a given username / password against the PAM system on Linux. %prep -%autosetup +%autosetup -p1 %build %pyproject_wheel @@ -39,6 +41,10 @@ authenticate a given username / password against the PAM system on Linux. %{python3_sitelib}/python_pam-%{version}* %changelog +* Fri Sep 27 2024 Ray Strode - 2.0.2-9 +- Fix crash with pam_lastlog + Resolves: RHEL-53984 + * Mon Jun 24 2024 Troy Dawson - 2.0.2-8 - Bump release for June 2024 mass rebuild