rpms/gdm/devel gdm-2.16.0-security-tokens.patch, 1.1, 1.2 gdm.spec, 1.197, 1.198
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 15 21:03:02 UTC 2006
- Previous message (by thread): rpms/selinux-policy/devel policy-20060915.patch, 1.2, 1.3 selinux-policy.spec, 1.283, 1.284
- Next message (by thread): rpms/virt-manager/devel virt-manager.console, NONE, 1.1 virt-manager.pam, NONE, 1.1 virt-manager.spec, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rstrode
Update of /cvs/dist/rpms/gdm/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8003
Modified Files:
gdm-2.16.0-security-tokens.patch gdm.spec
Log Message:
- don't leak pipe fds (bug 206709)
gdm-2.16.0-security-tokens.patch:
config/Makefile.am | 31
config/gdm.conf.in | 4
config/securitytokens.conf.in | 3
configure.ac | 3
daemon/Makefile.am | 7
daemon/gdm.c | 93 ++
daemon/securitytoken.c | 580 +++++++++++++++
daemon/securitytoken.h | 91 ++
daemon/securitytokenmonitor.c | 1612 ++++++++++++++++++++++++++++++++++++++++++
daemon/securitytokenmonitor.h | 84 ++
daemon/verify-pam.c | 136 +++
11 files changed, 2638 insertions(+), 6 deletions(-)
Index: gdm-2.16.0-security-tokens.patch
===================================================================
RCS file: /cvs/dist/rpms/gdm/devel/gdm-2.16.0-security-tokens.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- gdm-2.16.0-security-tokens.patch 14 Sep 2006 06:40:24 -0000 1.1
+++ gdm-2.16.0-security-tokens.patch 15 Sep 2006 21:03:00 -0000 1.2
@@ -1,11 +1,11 @@
---- /dev/null 2006-09-13 20:54:02.327692725 -0400
-+++ gdm-2.16.0/config/securitytokens.conf.in 2006-09-14 02:16:20.000000000 -0400
+--- /dev/null 2006-09-15 14:34:25.793453720 -0400
++++ gdm-2.16.0/config/securitytokens.conf.in 2006-09-14 02:40:07.000000000 -0400
@@ -0,0 +1,3 @@
+[SecurityTokens]
+Enable=true
+#Driver=@libdir@/pkcs11/libcoolkeypk11.so
--- gdm-2.16.0/config/Makefile.am.security-tokens 2006-05-18 14:39:13.000000000 -0400
-+++ gdm-2.16.0/config/Makefile.am 2006-09-14 02:16:20.000000000 -0400
++++ gdm-2.16.0/config/Makefile.am 2006-09-14 02:40:07.000000000 -0400
@@ -34,9 +34,10 @@
XKeepsCrashing \
gettextfoo.h \
@@ -67,8 +67,8 @@
$(INSTALL_SCRIPT) $(srcdir)/XKeepsCrashing $(DESTDIR)$(confdir)/XKeepsCrashing
$(INSTALL_SCRIPT) Xsession $(DESTDIR)$(confdir)/Xsession
---- gdm-2.16.0/config/gdm.conf.in.security-tokens 2006-09-14 02:16:20.000000000 -0400
-+++ gdm-2.16.0/config/gdm.conf.in 2006-09-14 02:16:20.000000000 -0400
+--- gdm-2.16.0/config/gdm.conf.in.security-tokens 2006-09-14 02:40:07.000000000 -0400
++++ gdm-2.16.0/config/gdm.conf.in 2006-09-14 02:40:07.000000000 -0400
@@ -199,6 +199,10 @@
# kills it. 10 seconds should be long enough for X, but Xgl may need 20 or 25.
GdmXserverTimeout=10
@@ -80,8 +80,8 @@
[security]
# Allow root to login. It makes sense to turn this off for kiosk use, when
# you want to minimize the possibility of break in.
---- gdm-2.16.0/configure.ac.security-tokens 2006-09-14 02:16:20.000000000 -0400
-+++ gdm-2.16.0/configure.ac 2006-09-14 02:16:20.000000000 -0400
+--- gdm-2.16.0/configure.ac.security-tokens 2006-09-14 02:40:07.000000000 -0400
++++ gdm-2.16.0/configure.ac 2006-09-14 02:40:07.000000000 -0400
@@ -19,6 +19,7 @@
LIBXML_REQUIRED=2.4.12
LIBART_REQUIRED=2.3.11
@@ -99,9 +99,9 @@
AC_SUBST(DAEMON_CFLAGS)
AC_SUBST(DAEMON_LIBS)
---- /dev/null 2006-09-13 20:54:02.327692725 -0400
-+++ gdm-2.16.0/daemon/securitytokenmonitor.c 2006-09-14 02:16:53.000000000 -0400
-@@ -0,0 +1,1578 @@
+--- /dev/null 2006-09-15 14:34:25.793453720 -0400
++++ gdm-2.16.0/daemon/securitytokenmonitor.c 2006-09-15 17:01:08.000000000 -0400
+@@ -0,0 +1,1612 @@
+/* securitytokenmonitor.c - monitor for security token insertion and
+ * removal events
+ *
@@ -658,17 +658,19 @@
+{
+ pid_t child_pid;
+ GPid grandchild_pid;
-+ gint pid_pipe[2] = { -1, -1 };
++ gint input_fd, output_fd;
+ gint saved_errno;
+
-+ if (pipe (pid_pipe) < 0)
++ input_fd = -1;
++ output_fd = -1;
++ if (!sc_open_pipe (&input_fd, &output_fd))
+ return (GPid) -1;
+
+ child_pid = fork ();
+
+ if (child_pid < 0) {
-+ close (pid_pipe[0]);
-+ close (pid_pipe[1]);
++ close (input_fd);
++ close (output_fd);
+ return (GPid) child_pid;
+ }
+
@@ -676,7 +678,7 @@
+
+ /* close the end of the pipe we're not going to use
+ */
-+ close (pid_pipe[0]);
++ close (output_fd);
+
+ /* fork again
+ */
@@ -687,20 +689,20 @@
+ if (child_pid < 0) {
+ child_pid = -1 * errno;
+
-+ sc_write_bytes (pid_pipe[1], &child_pid, sizeof (child_pid));
-+ close (pid_pipe[1]);
++ sc_write_bytes (input_fd, &child_pid, sizeof (child_pid));
++ close (input_fd);
+ _exit (1);
+ }
+
+ /* otherwise write out the pid of the child and exit
+ */
+ if (child_pid != 0) {
-+ if (!sc_write_bytes (pid_pipe[1], &child_pid, sizeof (child_pid)))
++ if (!sc_write_bytes (input_fd, &child_pid, sizeof (child_pid)))
+ _exit (2);
-+ close (pid_pipe[1]);
++ close (input_fd);
+ _exit (0);
+ }
-+ close (pid_pipe[1]);
++ close (input_fd);
+
+ /* we're done, we've forked without having to worry about
+ * reaping the child later
@@ -711,17 +713,17 @@
+
+ /* close the end of the pipe we're not going to use
+ */
-+ close (pid_pipe[1]);
++ close (output_fd);
+
+ grandchild_pid = -1;
-+ if (!sc_read_bytes (pid_pipe[0], &grandchild_pid, sizeof (grandchild_pid))) {
++ if (!sc_read_bytes (output_fd, &grandchild_pid, sizeof (grandchild_pid))) {
+ grandchild_pid = -1;
+ saved_errno = errno;
+ }
+
+ /* close the other end of the pipe since we're done with it
+ */
-+ close (pid_pipe[0]);
++ close (output_fd);
+
+ /* wait for child to die (and emancipate the grandchild)
+ */
@@ -731,6 +733,36 @@
+ return (GPid) grandchild_pid;
+}
+
++static gboolean
++sc_open_pipe (gint *input_fd,
++ gint *output_fd)
++{
++ gint pipe_fds[2] = { -1, -1 };
++
++ g_assert (input_fd != NULL);
++ g_assert (output_fd != NULL);
++
++ if (pipe (event_pipe) < 0)
++ return FALSE;
++
++ if (fcntl (pipe_fds[0], F_SETFD, FD_CLOEXEC) < 0) {
++ close (pipe_fds[0]);
++ close (pipe_fds[1]);
++ return FALSE;
++ }
++
++ if (fcntl (pipe_fds[1], F_SETFD, FD_CLOEXEC) < 0) {
++ close (pipe_fds[0]);
++ close (pipe_fds[1]);
++ return FALSE;
++ }
++
++ *output_fd = pipe_fds[0];
++ *input_fd = pipe_fds[1];
++
++ return TRUE;
++}
++
+static void
+sc_security_token_monitor_stop_watching_for_events (ScSecurityTokenMonitor *monitor)
+{
@@ -1515,9 +1547,11 @@
+ gint *worker_fd, GPid *worker_pid)
+{
+ GPid child_pid;
-+ gint event_pipe[2] = { -1, -1 };
++ gint input_fd, output_fd;
+
-+ if (pipe (event_pipe) < 0)
++ input_fd = -1;
++ output_fd = -1;
++ if (!sc_open_pipe (&input_fd, &output_fd))
+ return FALSE;
+
+ child_pid = sc_fork_and_disown ();
@@ -1539,9 +1573,9 @@
+
+ NSS_Shutdown ();
+
-+ fds_to_keep_open[0] = event_pipe[1];
++ fds_to_keep_open[0] = input_fd;
+ sc_close_open_fds (fds_to_keep_open);
-+ event_pipe[0] = -1;
++ output_fd = -1;
+
+ if (!sc_load_nss (&error)) {
+ sc_debug ("could not load nss - %s", error->message);
@@ -1556,7 +1590,7 @@
+#endif
+ error = NULL;
+
-+ worker = sc_security_token_monitor_worker_new (event_pipe[1]);
++ worker = sc_security_token_monitor_worker_new (input_fd);
+
+ worker->module = sc_load_driver (monitor->priv->module_path, &error);
+
@@ -1573,17 +1607,17 @@
+
+ _exit (0);
+ }
-+ close (event_pipe[1]);
++ close (input_fd);
+
+#ifndef SC_SECURITY_TOKEN_MONITOR_DRIVER_CAN_BE_RELOADED_AFTER_BEING_DESTROYED
-+ g_array_append_val (monitor->priv->fds_to_close_on_fork, event_pipe[0]);
++ g_array_append_val (monitor->priv->fds_to_close_on_fork, output_fd);
+#endif
+
+ if (worker_pid)
+ *worker_pid = child_pid;
+
+ if (worker_fd)
-+ *worker_fd = event_pipe[0];
++ *worker_fd = output_fd;
+
+ return TRUE;
+}
@@ -1680,8 +1714,8 @@
+ return 0;
+}
+#endif
---- /dev/null 2006-09-13 20:54:02.327692725 -0400
-+++ gdm-2.16.0/daemon/securitytoken.h 2006-09-14 02:16:53.000000000 -0400
+--- /dev/null 2006-09-15 14:34:25.793453720 -0400
++++ gdm-2.16.0/daemon/securitytoken.h 2006-09-14 02:40:07.000000000 -0400
@@ -0,0 +1,91 @@
+/* securitytoken.h - api for reading and writing data to a security token
+ *
@@ -1774,8 +1808,8 @@
+
+G_END_DECLS
+#endif /* SC_SECURITY_TOKEN_H */
---- /dev/null 2006-09-13 20:54:02.327692725 -0400
-+++ gdm-2.16.0/daemon/securitytoken.c 2006-09-14 02:16:53.000000000 -0400
+--- /dev/null 2006-09-15 14:34:25.793453720 -0400
++++ gdm-2.16.0/daemon/securitytoken.c 2006-09-14 02:40:07.000000000 -0400
@@ -0,0 +1,580 @@
+/* securitytoken.c - security token
+ *
@@ -2358,7 +2392,7 @@
+}
+#endif
--- gdm-2.16.0/daemon/Makefile.am.security-tokens 2006-03-28 18:43:21.000000000 -0500
-+++ gdm-2.16.0/daemon/Makefile.am 2006-09-14 02:16:20.000000000 -0400
++++ gdm-2.16.0/daemon/Makefile.am 2006-09-14 02:40:07.000000000 -0400
@@ -9,6 +9,7 @@
-DAUTHDIR=\"$(authdir)\" \
-DBINDIR=\"$(bindir)\" \
@@ -2380,8 +2414,8 @@
EXTRA_gdm_binary_SOURCES = verify-pam.c verify-crypt.c verify-shadow.c
---- gdm-2.16.0/daemon/gdm.c.security-tokens 2006-09-14 02:16:20.000000000 -0400
-+++ gdm-2.16.0/daemon/gdm.c 2006-09-14 02:16:20.000000000 -0400
+--- gdm-2.16.0/daemon/gdm.c.security-tokens 2006-09-14 02:40:07.000000000 -0400
++++ gdm-2.16.0/daemon/gdm.c 2006-09-14 02:40:07.000000000 -0400
@@ -63,6 +63,8 @@
#include "cookie.h"
#include "filecheck.h"
@@ -2522,18 +2556,34 @@
+ ve_config_destroy (cfg);
+}
/* EOF */
---- gdm-2.16.0/daemon/verify-pam.c.security-tokens 2006-09-14 02:16:20.000000000 -0400
-+++ gdm-2.16.0/daemon/verify-pam.c 2006-09-14 02:16:20.000000000 -0400
-@@ -55,6 +55,8 @@
+--- gdm-2.16.0/daemon/verify-pam.c.security-tokens 2006-09-14 02:40:07.000000000 -0400
++++ gdm-2.16.0/daemon/verify-pam.c 2006-09-14 02:40:07.000000000 -0400
+@@ -29,6 +29,7 @@
+ #ifdef sun
+ #include <fcntl.h>
+ #endif
++#include <utmp.h>
+
+ #include <glib/gi18n.h>
+
+@@ -55,6 +56,16 @@
#define log_to_audit_system(l,h,d,s) do { ; } while (0)
#endif
+gboolean gdm_should_use_security_tokens_pam_stack (void);
+
++#ifndef GDM_BAD_RECORDS_FILE
++#define GDM_BAD_RECORDS_FILE "/var/log/btmp"
++#endif
++
++#ifndef GDM_NEW_RECORDS_FILE
++#define GDM_NEW_RECORDS_FILE "/var/log/wtmp"
++#endif
++
/* Evil, but this way these things are passed to the child session */
static pam_handle_t *pamh = NULL;
-@@ -78,7 +80,6 @@
+@@ -78,7 +89,6 @@
static adt_session_data_t *adt_ah = NULL; /* audit session handle */
@@ -2541,8 +2591,146 @@
/*
* audit_success_login - audit successful login
*
---- /dev/null 2006-09-13 20:54:02.327692725 -0400
-+++ gdm-2.16.0/daemon/securitytokenmonitor.h 2006-09-14 02:16:53.000000000 -0400
+@@ -417,6 +427,125 @@
+ selected_user = g_strdup (user);
+ }
+
++void
++gdm_verify_write_record (GdmDisplay *d,
++ GdmVerifyRecordType record_type,
++ const gchar *username,
++ const gchar *console_name,
++ const gchar *host_name,
++ GPid pid)
++{
++ struct utmp record = { 0 };
++ GTimeVal now = { 0 };
++ gchar *host;
++
++ gdm_debug ("writing %s record",
++ record_type == GDM_VERIFY_RECORD_TYPE_LOGIN? "session" :
++ record_type == GDM_VERIFY_RECORD_TYPE_LOGOUT? "logout" :
++ "failed session attempt");
++
++ if (record_type != GDM_VERIFY_RECORD_TYPE_LOGOUT)
++ {
++ /* it's possible that PAM failed before
++ * it mapped the user input into a valid username
++ * so we fallback to try using "(unknown)"
++ */
++ if (username != NULL)
++ strncpy (record.ut_user,
++ username,
++ sizeof (record.ut_user));
++ else
++ strncpy (record.ut_user,
++ "(unknown)",
++ sizeof (record.ut_user));
++ }
++
++ gdm_debug ("using username %.*s",
++ sizeof (record.ut_user),
++ record.ut_user);
++
++ strncpy (record.ut_id,
++ console_name +
++ strlen (console_name) -
++ sizeof (record.ut_id),
++ sizeof (record.ut_id));
++
++ gdm_debug ("using id %.*s",
++ sizeof (record.ut_id),
++ record.ut_id);
++
++ if (g_str_has_prefix (console_name, "/dev/")) {
++ strncpy (record.ut_line,
++ console_name + strlen ("/dev/"),
++ sizeof (record.ut_line));
++ } else if (g_str_has_prefix (console_name, ":")) {
++ strncpy (record.ut_line,
++ console_name,
++ sizeof (record.ut_line));
++ }
++
++ gdm_debug ("using line %.*s",
++ sizeof (record.ut_line),
++ record.ut_line);
++
++ host = NULL;
++ if ((host_name != NULL) &&
++ g_str_has_prefix (console_name, ":"))
++ host = g_strdup_printf ("%s%s",
++ host_name,
++ console_name);
++ else if ((host_name != NULL) &&
++ !strstr (console_name, ":"))
++ host = g_strdup (host_name);
++ else if (!g_str_has_prefix (console_name, ":") &&
++ strstr (console_name, ":"))
++ host = g_strdup (console_name);
++
++ if (host)
++ {
++ strncpy (record.ut_host, host, sizeof (record.ut_host));
++ g_free (host);
++ gdm_debug ("using hostname %.*s",
++ sizeof (record.ut_host),
++ record.ut_host);
++ }
++
++ g_get_current_time (&now);
++ record.ut_tv.tv_sec = now.tv_sec;
++ record.ut_tv.tv_usec = now.tv_usec;
++
++ gdm_debug ("using time %ld", (glong) record.ut_tv.tv_sec);
++
++ record.ut_type = USER_PROCESS;
++ gdm_debug ("using type USER_PROCESS");
++
++ record.ut_pid = pid;
++
++ gdm_debug ("using pid %d", (gint) record.ut_pid);
++
++ switch (record_type)
++ {
++ case GDM_VERIFY_RECORD_TYPE_LOGIN:
++ gdm_debug ("writing session record to "
++ GDM_NEW_RECORDS_FILE);
++ updwtmp (GDM_NEW_RECORDS_FILE, &record);
++ break;
++
++ case GDM_VERIFY_RECORD_TYPE_LOGOUT:
++ gdm_debug ("writing logout record to "
++ GDM_NEW_RECORDS_FILE);
++ updwtmp (GDM_NEW_RECORDS_FILE, &record);
++ break;
++
++ case GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT:
++ gdm_debug ("writing failed session attempt record to "
++ GDM_BAD_RECORDS_FILE);
++ updwtmp (GDM_BAD_RECORDS_FILE, &record);
++ break;
++ }
++
++}
++
+ static const char *
+ perhaps_translate_message (const char *msg)
+ {
+@@ -1169,6 +1298,11 @@
+ audit_fail_login (d, pw_change, pwent, pamerr);
+ #endif /* HAVE_ADT */
+
++ gdm_verify_write_record (d, GDM_VERIFY_RECORD_TYPE_FAILED_ATTEMPT,
++ login == NULL? tmp_PAM_USER : login, display,
++ d->attached? NULL : d->hostname,
++ getpid ());
++
+ /* The verbose authentication is turned on, output the error
+ * message from the PAM subsystem */
+ if ( ! error_msg_given &&
+--- /dev/null 2006-09-15 14:34:25.793453720 -0400
++++ gdm-2.16.0/daemon/securitytokenmonitor.h 2006-09-14 02:40:07.000000000 -0400
@@ -0,0 +1,84 @@
+/* securitytokenmonitor.h - monitor for security token insertion and
+ * removal events
Index: gdm.spec
===================================================================
RCS file: /cvs/dist/rpms/gdm/devel/gdm.spec,v
retrieving revision 1.197
retrieving revision 1.198
diff -u -r1.197 -r1.198
--- gdm.spec 14 Sep 2006 06:40:24 -0000 1.197
+++ gdm.spec 15 Sep 2006 21:03:00 -0000 1.198
@@ -16,7 +16,7 @@
Summary: The GNOME Display Manager.
Name: gdm
Version: 2.16.0
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
License: LGPL/GPL
Group: User Interface/X
@@ -301,6 +301,9 @@
%attr(1770, root, gdm) %dir %{_localstatedir}/gdm
%changelog
+* Thu Sep 14 2006 Ray Strode <rstrode at redhat.com> - 1:2.16.0-5.fc6
+- don't leak pipe fds (bug 206709)
+
* Thu Sep 14 2006 Ray Strode <rstrode at redhat.com> - 1:2.16.0-4.fc6
- update security token patch to not poll
- Previous message (by thread): rpms/selinux-policy/devel policy-20060915.patch, 1.2, 1.3 selinux-policy.spec, 1.283, 1.284
- Next message (by thread): rpms/virt-manager/devel virt-manager.console, NONE, 1.1 virt-manager.pam, NONE, 1.1 virt-manager.spec, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list