rpms/coreutils/devel runuser.pamd, NONE, 1.1 coreutils-5.2.1-runuser.patch, 1.7, 1.8 coreutils.spec, 1.95, 1.96
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Nov 24 23:01:22 UTC 2005
Author: twaugh
Update of /cvs/dist/rpms/coreutils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27852
Modified Files:
coreutils-5.2.1-runuser.patch coreutils.spec
Added Files:
runuser.pamd
Log Message:
* Thu Nov 25 2005 Tim Waugh <twaugh at redhat.com>
- Apply runuser PAM patch from bug #173807. Ship runuser PAM file.
--- NEW FILE runuser.pamd ---
#%PAM-1.0
auth sufficient pam_rootok.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
coreutils-5.2.1-runuser.patch:
AUTHORS | 1
README | 2 -
man/Makefile.am | 3 +-
man/runuser.1 | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
man/runuser.x | 4 +++
src/Makefile.am | 8 +++++--
src/su.c | 20 +++++++++++++++++
tests/help-version | 1
8 files changed, 93 insertions(+), 5 deletions(-)
Index: coreutils-5.2.1-runuser.patch
===================================================================
RCS file: /cvs/dist/rpms/coreutils/devel/coreutils-5.2.1-runuser.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- coreutils-5.2.1-runuser.patch 14 Nov 2005 10:57:28 -0000 1.7
+++ coreutils-5.2.1-runuser.patch 24 Nov 2005 23:00:49 -0000 1.8
@@ -75,7 +75,7 @@
readlink.1: $(common_dep) $(srcdir)/readlink.x ../src/readlink.c
rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c
rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c
-+runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/runuser.c
++runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c
seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c
sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c
shred.1: $(common_dep) $(srcdir)/shred.x ../src/shred.c
@@ -86,11 +86,17 @@
+runuser \- run a shell with substitute user and group IDs
+[DESCRIPTION]
+.\" Add any additional description here
---- coreutils-5.93/src/su.c.runuser 2005-11-14 10:54:44.000000000 +0000
-+++ coreutils-5.93/src/su.c 2005-11-14 10:54:44.000000000 +0000
-@@ -134,7 +134,9 @@
+--- coreutils-5.93/src/su.c 2005-11-14 10:54:44.000000000 +0000
++++ coreutils-5.93/src/su.c 2005-11-24 16:12:18.000000000 +0000
+@@ -132,9 +132,15 @@
+ #include "error.h"
+
/* The official name of this program (e.g., no `g' prefix). */
++#ifndef RUNUSER
#define PROGRAM_NAME "su"
++#else
++#define PROGRAM_NAME "runuser"
++#endif
+#ifndef AUTHORS
#define AUTHORS "David MacKenzie"
@@ -98,7 +104,7 @@
#if HAVE_PATHS_H
# include <paths.h>
-@@ -172,6 +174,10 @@
+@@ -172,6 +178,10 @@
#ifndef USE_PAM
char *crypt ();
#endif
@@ -109,7 +115,40 @@
char *getpass ();
char *getusershell ();
void endusershell ();
-@@ -746,7 +752,7 @@
+@@ -303,10 +313,12 @@
+ retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
+ PAM_BAIL_P;
+
++#ifndef RUNUSER
+ if (getuid() != 0 && !isatty(0)) {
+ fprintf(stderr, "standard in must be a tty\n");
+ exit(1);
+ }
++#endif
+
+ caller = getpwuid(getuid());
+ if(caller != NULL && caller->pw_name != NULL) {
+@@ -323,6 +335,11 @@
+ retval = pam_set_item(pamh, PAM_TTY, tty_name);
+ PAM_BAIL_P;
+ }
++#ifdef RUNUSER
++ if (getuid() != geteuid())
++ /* safety net: deny operation if we are suid by accident */
++ error(EXIT_FAIL, 1, "runuser may not be setuid");
++#else
+ retval = pam_authenticate(pamh, 0);
+ PAM_BAIL_P;
+ retval = pam_acct_mgmt(pamh, 0);
+@@ -332,6 +349,7 @@
+ PAM_BAIL_P;
+ }
+ PAM_BAIL_P;
++#endif
+ /* must be authenticated if this point was reached */
+ return 1;
+ #else /* !USE_PAM */
+@@ -746,7 +764,7 @@
: DEFAULT_SHELL);
endpwent ();
@@ -118,8 +157,8 @@
{
#ifdef SYSLOG_FAILURE
log_su (pw, false);
---- coreutils-5.93/src/Makefile.am.runuser 2005-11-14 10:54:44.000000000 +0000
-+++ coreutils-5.93/src/Makefile.am 2005-11-14 10:54:44.000000000 +0000
+--- coreutils-5.93/src/Makefile.am 2005-11-14 10:54:44.000000000 +0000
++++ coreutils-5.93/src/Makefile.am 2005-11-24 16:18:58.000000000 +0000
@@ -17,7 +17,7 @@
## along with this program; if not, write to the Free Software Foundation,
## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
@@ -129,15 +168,16 @@
bin_SCRIPTS = groups
bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
-@@ -91,6 +91,7 @@
- uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS)
-
+@@ -93,4 +93,8 @@
su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
-+runuser_LDADD = $(LDADD) $(LIB_CRYPT)
++runuser_SOURCES = su.c
++runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
++runuser_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
++
$(PROGRAMS): ../lib/libcoreutils.a
-@@ -106,7 +107,7 @@
+@@ -106,7 +110,7 @@
chmod +x $@-t
mv $@-t $@
@@ -146,66 +186,6 @@
installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
---- /dev/null 2005-10-10 09:36:06.437701000 +0100
-+++ coreutils-5.93/src/runuser.c 2005-11-14 10:55:29.000000000 +0000
-@@ -0,0 +1,57 @@
-+#define CHECKPASSWD 0
-+#define pam_start my_pam_start
-+#define pam_end my_pam_end
-+#define pam_setcred my_pam_setcred
-+#define pam_open_session my_pam_open_session
-+#define pam_close_session my_pam_close_session
-+#define pam_strerror my_pam_strerror
-+#define pam_getenvlist my_pam_getenvlist
-+#define AUTHORS "David MacKenzie, Dan Walsh"
-+#include "su.c"
-+int pam_start(const char *service_name, const char *user,
-+ const struct pam_conv *pam_conversation,
-+ pam_handle_t **pamh) {
-+ return PAM_SUCCESS;
-+}
-+int pam_end(pam_handle_t *pamh, int pam_status) {
-+ return PAM_SUCCESS;
-+}
-+int pam_setcred(pam_handle_t *pamh, int flags){
-+ return PAM_SUCCESS;
-+}
-+int pam_open_session(pam_handle_t *pamh, int flags){
-+ if (getuid() != geteuid())
-+ /* safety net: deny operation if we are suid by accident */
-+ error(EXIT_FAIL, 1, "runuser may not be setuid");
-+ return PAM_SUCCESS;
-+}
-+int pam_close_session(pam_handle_t *pamh, int flags){
-+ return PAM_SUCCESS;
-+}
-+const char *pam_strerror(pam_handle_t *pamh, int err){
-+ return "";
-+}
-+char **pam_getenvlist(pam_handle_t *pamh){
-+ return NULL;
-+}
-+
-+int misc_conv(int num_msg, const struct pam_message **msgm,
-+ struct pam_response **response, void *appdata_ptr) {
-+ return PAM_SUCCESS;
-+}
-+
-+int pam_authenticate(pam_handle_t *pamh, int flags) {
-+ return PAM_SUCCESS;
-+}
-+
-+int pam_acct_mgmt(pam_handle_t *pamh, int flags) {
-+ return PAM_SUCCESS;
-+}
-+
-+int pam_chauthtok (pam_handle_t *pamh, int flags) {
-+ return PAM_SUCCESS;
-+}
-+
-+int pam_set_item(pam_handle_t *pamh, int item_type, const void *item) {
-+ return PAM_SUCCESS;
-+}
--- coreutils-5.93/tests/help-version.runuser 2005-01-05 22:08:48.000000000 +0000
+++ coreutils-5.93/tests/help-version 2005-11-14 10:54:45.000000000 +0000
@@ -136,6 +136,7 @@
Index: coreutils.spec
===================================================================
RCS file: /cvs/dist/rpms/coreutils/devel/coreutils.spec,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- coreutils.spec 15 Nov 2005 14:06:09 -0000 1.95
+++ coreutils.spec 24 Nov 2005 23:00:49 -0000 1.96
@@ -14,6 +14,7 @@
Source105: colorls.sh
Source106: colorls.csh
Source200: su.pamd
+Source201: runuser.pamd
# From upstream
@@ -110,7 +111,7 @@
touch aclocal.m4 configure config.hin Makefile.in */Makefile.in */*/Makefile.in
aclocal -I m4
autoconf --force
-automake --copy --force
+automake --copy --add-missing
%configure --enable-largefile --with-afs %{?!nopam:--enable-pam} \
--enable-selinux \
|| :
@@ -171,6 +172,7 @@
done
%{?!nopam:install -m 644 %SOURCE200 $RPM_BUILD_ROOT%_sysconfdir/pam.d/su}
+%{?!nopam:install -m 644 %SOURCE201 $RPM_BUILD_ROOT%_sysconfdir/pam.d/runuser}
bzip2 -f9 old/*/C* || :
@@ -216,6 +218,7 @@
%config(noreplace) %{_sysconfdir}/DIR_COLORS*
%config(noreplace) %{_sysconfdir}/profile.d/*
%{?!nopam:%config(noreplace) /etc/pam.d/su}
+%{?!nopam:%config(noreplace) /etc/pam.d/runuser}
%doc ABOUT-NLS ChangeLog.bz2 NEWS README THANKS TODO old/*
/bin/basename
/bin/cat
@@ -256,6 +259,9 @@
/sbin/runuser
%changelog
+* Thu Nov 25 2005 Tim Waugh <twaugh at redhat.com>
+- Apply runuser PAM patch from bug #173807. Ship runuser PAM file.
+
* Tue Nov 14 2005 Dan Walsh <dwalsh at redhat.com> 5.93-3
- Remove multiple from su.pamd
More information about the fedora-cvs-commits
mailing list