rpms/at/devel at-3.1.10-pam.patch, 1.3, 1.4 at-3.1.10-pam_keyring.patch, 1.1, 1.2 at-3.1.10-pamfix.patch, 1.1, 1.2 at-3.1.8-perr.patch, 1.1, 1.2 at.spec, 1.66, 1.67 at-3.1.10-setuids.patch, 1.1, NONE
Marcela Mašláňová (mmaslano)
fedora-extras-commits at redhat.com
Fri Jul 18 14:35:38 UTC 2008
Author: mmaslano
Update of /cvs/pkgs/rpms/at/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6453
Modified Files:
at-3.1.10-pam.patch at-3.1.10-pam_keyring.patch
at-3.1.10-pamfix.patch at-3.1.8-perr.patch at.spec
Removed Files:
at-3.1.10-setuids.patch
Log Message:
* Fri Jul 18 2008 Marcela Maslanova <mmaslano at redhat.com> - 3.1.10-24
- 446004 hope adding || into scriptlets fix removing old package after upgrade
- fixes for fuzz=0
at-3.1.10-pam.patch:
Index: at-3.1.10-pam.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.10-pam.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- at-3.1.10-pam.patch 3 Jul 2007 14:24:48 -0000 1.3
+++ at-3.1.10-pam.patch 18 Jul 2008 14:34:48 -0000 1.4
@@ -1,116 +1,22 @@
---- at-3.1.10/perm.c.pam 2005-08-05 05:16:01.000000000 +0200
-+++ at-3.1.10/perm.c 2007-07-03 13:29:24.000000000 +0200
-@@ -51,6 +51,14 @@
- #define PRIV_END while(0)
- #endif
-
-+#ifdef WITH_PAM
-+#include <security/pam_appl.h>
-+static pam_handle_t *pamh = NULL;
-+static const struct pam_conv conv = {
-+ NULL
-+};
-+#endif
-+
- /* Structures and unions */
-
-
-@@ -109,18 +117,54 @@
- int
- check_permission()
- {
-- uid_t uid = geteuid();
-+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
- struct passwd *pentry;
- int allow = 0, deny = 1;
--
-- if (uid == 0)
-+ int retcode = 0;
-+ if (euid == 0)
- return 1;
-
-- if ((pentry = getpwuid(uid)) == NULL) {
-+ if ((pentry = getpwuid(euid)) == NULL) {
- perror("Cannot access user database");
- exit(EXIT_FAILURE);
- }
-
-+#ifdef WITH_PAM
-+/*
-+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
-+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
-+ */
-+ setreuid(daemon_uid, daemon_uid);
-+ setregid(daemon_gid, daemon_gid);
-+
-+# define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
-+ fprintf(stderr,"PAM authentication failure: %s\n",pam_strerror(pamh, retcode)); \
-+ pam_close_session(pamh,PAM_SILENT); \
-+ pam_end(pamh, retcode); \
-+ setregid(gid,egid); \
-+ setreuid(uid,euid); \
-+ return(0); \
-+ }
-+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
-+ PAM_FAIL_CHECK;
-+ retcode = pam_set_item(pamh, PAM_TTY, "atd");
-+ PAM_FAIL_CHECK;
-+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
-+ PAM_FAIL_CHECK;
-+ retcode = pam_open_session(pamh, PAM_SILENT);
-+ PAM_FAIL_CHECK;
-+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
-+ PAM_FAIL_CHECK;
-+
-+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
-+ pam_close_session(pamh,PAM_SILENT);
-+ pam_end(pamh, PAM_ABORT);
-+
-+ setregid(gid,egid);
-+ setreuid(uid,euid);
-+
-+#endif
-+
- allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
- if (allow==0 || allow==1)
- return allow;
---- at-3.1.10/config.h.in.pam 2005-08-05 05:16:02.000000000 +0200
-+++ at-3.1.10/config.h.in 2007-07-03 13:29:24.000000000 +0200
-@@ -181,3 +181,10 @@
-
- #undef HAVE_ATTRIBUTE_NORETURN
- #undef HAVE_PAM
-+
-+/* Define if you are building with_pam */
-+#undef WITH_PAM
-+
-+/* Define if you are building with_selinux */
-+#undef WITH_SELINUX
-+
---- at-3.1.10/configure.in.pam 2005-08-05 05:16:02.000000000 +0200
-+++ at-3.1.10/configure.in 2007-07-03 13:29:24.000000000 +0200
-@@ -316,4 +316,19 @@
- )
- AC_SUBST(DAEMON_GROUPNAME)
-
-+AC_ARG_WITH(selinux,
-+[ --with-selinux Define to run with selinux],
-+AC_DEFINE(WITH_SELINUX),
-+)
-+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
-+AC_SUBST(SELINUXLIB)
-+AC_SUBST(WITH_SELINUX)
-+
-+AC_ARG_WITH(pam,
-+[ --with-pam Define to enable pam support ],
-+AC_DEFINE(WITH_PAM),
-+)
-+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
-+AC_SUBST(PAMLIB)
-+
- AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)
---- at-3.1.10/atd.c.pam 2007-07-03 13:29:24.000000000 +0200
-+++ at-3.1.10/atd.c 2007-07-03 13:52:38.000000000 +0200
+--- at-3.1.10/pam_atd.pam 2007-07-03 13:29:24.000000000 +0200
++++ at-3.1.10/pam_atd 2007-07-03 13:29:24.000000000 +0200
+@@ -0,0 +1,13 @@
++# The PAM configuration file for the at daemon
++#
++#
++auth sufficient pam_rootok.so
++auth include system-auth
++auth required pam_env.so
++account include system-auth
++session required pam_loginuid.so
++session include system-auth
++# Sets up user limits, please uncomment and read /etc/security/limits.conf
++# to enable this functionality.
++# session required pam_limits.so
++#
+diff -up at-3.1.10/atd.c.pam at-3.1.10/atd.c
+--- at-3.1.10/atd.c.pam 2008-07-18 15:47:52.000000000 +0200
++++ at-3.1.10/atd.c 2008-07-18 16:02:32.000000000 +0200
@@ -74,6 +74,14 @@
#include <syslog.h>
#endif
@@ -137,7 +43,7 @@
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
-@@ -121,6 +133,7 @@
+@@ -121,6 +133,7 @@ static const struct pam_conv conv = {
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
@@ -145,7 +51,7 @@
pam_end(pamh, retcode); exit(1); \
}
#define PAM_END { retcode = pam_close_session(pamh,0); \
-@@ -196,6 +209,19 @@
+@@ -196,6 +209,19 @@ myfork()
#define fork myfork
#endif
@@ -165,7 +71,7 @@
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
-@@ -378,18 +404,22 @@
+@@ -380,18 +406,22 @@ run_file(const char *filename, uid_t uid
fstat(fd_out, &buf);
size = buf.st_size;
@@ -191,22 +97,22 @@
close(STDIN_FILENO);
close(STDOUT_FILENO);
-@@ -402,6 +432,14 @@
+@@ -404,6 +434,14 @@ run_file(const char *filename, uid_t uid
else if (pid == 0) {
char *nul = NULL;
char **nenvp = &nul;
+ char **pam_envp=0L;
+
-+ PRIV_START
++ PRIV_START
+#ifdef WITH_PAM
-+ pam_envp = pam_getenvlist(pamh);
-+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
-+ nenvp = pam_envp;
++ pam_envp = pam_getenvlist(pamh);
++ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
++ nenvp = pam_envp;
+#endif
/* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file.
-@@ -423,8 +461,6 @@
+@@ -425,8 +463,6 @@ run_file(const char *filename, uid_t uid
if (chdir(ATJOB_DIR) < 0)
perr("Cannot chdir to " ATJOB_DIR);
@@ -215,13 +121,13 @@
nice((tolower((int) queue) - 'a' + 1) * 2);
if (initgroups(pentry->pw_name, pentry->pw_gid))
-@@ -441,10 +477,90 @@
+@@ -443,10 +479,91 @@ run_file(const char *filename, uid_t uid
chdir("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
-+ security_context_t user_context=NULL;
++ security_context_t user_context=NULL;
+ security_context_t file_context=NULL;
+ int retval=0;
+ struct av_decision avd;
@@ -249,7 +155,7 @@
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
-+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) {
++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) {
+ if (security_getenforce() > 0) {
+ perr("fgetfilecon FAILED %s", filename);
+ } else {
@@ -281,13 +187,13 @@
+
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
--
+
+//add for fedora
+#ifdef WITH_SELINUX
-+ if (selinux_enabled>0)
-+ if (setexeccon(NULL) < 0)
-+ if (security_getenforce()==1)
-+ perr("Could not resset exec context for user %s\n", pentry->pw_name);
++ if (selinux_enabled>0)
++ if (setexeccon(NULL) < 0)
++ if (security_getenforce()==1)
++ perr("Could not resset exec context for user %s\n", pentry->pw_name);
+
+#endif
+//end
@@ -303,20 +209,19 @@
+ }
+#endif
PRIV_END
-+//end
++// end
}
/* We're the parent. Let's wait.
*/
-@@ -456,7 +572,7 @@
- return with an ECHILD error.
+@@ -459,6 +576,7 @@ run_file(const char *filename, uid_t uid
*/
waitpid(pid, (int *) NULL, 0);
--
-+/* remove because WITH_PAM
+
++/* remove because WITH_PAM
#ifdef HAVE_PAM
PRIV_START
pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
-@@ -464,7 +580,7 @@
+@@ -466,7 +584,7 @@ run_file(const char *filename, uid_t uid
pam_end(pamh, retcode);
PRIV_END
#endif
@@ -325,7 +230,7 @@
/* Send mail. Unlink the output file after opening it, so it
* doesn't hang around after the run.
*/
-@@ -472,6 +588,13 @@
+@@ -474,6 +592,13 @@ run_file(const char *filename, uid_t uid
if (open(filename, O_RDONLY) != STDIN_FILENO)
perr("Open of jobfile failed");
@@ -339,13 +244,13 @@
unlink(filename);
/* The job is now finished. We can delete its input file.
-@@ -480,8 +603,30 @@
+@@ -482,8 +607,30 @@ run_file(const char *filename, uid_t uid
unlink(newname);
free(newname);
+#ifdef ATD_MAIL_PROGRAM
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
-+ int mail_pid = -1;
++ int mail_pid = -1;
+//add for fedora
+#ifdef WITH_PAM
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
@@ -363,22 +268,21 @@
+ openlog("atd", LOG_PID, LOG_ATD);
+#endif
+//end
-+ mail_pid = fork();
++ mail_pid = fork();
-+ if ( mail_pid == 0 )
-+ {
++ if ( mail_pid == 0 )
++ {
PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid))
-@@ -495,16 +640,80 @@
+@@ -497,15 +644,80 @@ run_file(const char *filename, uid_t uid
chdir ("/");
-#if defined(SENDMAIL)
- execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
-#else
--/*#error "No mail command specified."*/
-- perr("No mail command specified.");
+- perr("No mail command specified.");
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
+ security_context_t user_context=NULL;
@@ -405,13 +309,13 @@
+ &avd);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
-+ if (security_getenforce()==1) {
++ if (security_getenforce()==1) {
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
+ } else {
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
+ goto out;
+ }
-+ }
++ }
+
+ if (setexeccon(user_context) < 0) {
+ if (security_getenforce()==1) {
@@ -420,34 +324,34 @@
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
+ }
+ }
-+ out:
-+ freecon(user_context);
++ out:
++ freecon(user_context);
+ }
+#endif
+ execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL);
-+ perr("Exec faile for mail command");
-+ exit(-1);
++ perr("Exec faile for mail command");
++ exit(-1);
+
+#ifdef WITH_SELINUX
-+ if (selinux_enabled>0)
-+ if (setexeccon(NULL) < 0)
-+ if (security_getenforce()==1)
-+ perr("Could not resset exec context for user %s\n", pentry->pw_name);
++ if (selinux_enabled>0)
++ if (setexeccon(NULL) < 0)
++ if (security_getenforce()==1)
++ perr("Could not resset exec context for user %s\n", pentry->pw_name);
#endif
- perr("Exec failed for mail command");
PRIV_END
-+ }
-+ else if ( mail_pid == -1 ) {
++ }
++ else if ( mail_pid == -1 ) {
+ perr("fork of mailer failed");
+ }
-+ else {
++ else {
+ /* Parent */
+ waitpid(mail_pid, (int *) NULL, 0);
-+ }
++ }
+#ifdef WITH_PAM
-+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
-+ pam_close_session(pamh, PAM_SILENT);
++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
++ pam_close_session(pamh, PAM_SILENT);
+ pam_end(pamh, PAM_ABORT);
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
@@ -457,7 +361,7 @@
exit(EXIT_SUCCESS);
}
-@@ -702,6 +911,10 @@
+@@ -703,6 +915,10 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
@@ -468,7 +372,7 @@
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
-@@ -718,18 +931,13 @@
+@@ -719,18 +935,14 @@ main(int argc, char *argv[])
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
@@ -477,46 +381,78 @@
-#endif
-
- openlog("atd", LOG_PID, LOG_CRON);
--
+ openlog("atd", LOG_PID, LOG_ATD);
+
opterr = 0;
errno = 0;
run_as_daemon = 1;
batch_interval = BATCH_INTERVAL_DEFAULT;
- while ((c = getopt(argc, argv, "sdl:b:")) != EOF) {
-+ while ((c = getopt(argc, argv, "sdl:b:n:")) != EOF) {
++ while ((c = getopt(argc, argv, "sdl:b:n")) != EOF) {
switch (c) {
case 'l':
if (sscanf(optarg, "%lf", &load_avg) != 1)
-@@ -742,10 +950,15 @@
- if (sscanf(optarg, "%ud", &batch_interval) != 1)
- pabort("garbled option -b");
+@@ -745,7 +957,10 @@ main(int argc, char *argv[])
break;
-+
case 'd':
daemon_debug++;
-+ /* go through another option*/
-+
-+ case 'n':
-+ daemon_nofork++;
- break;
--
-+
+- break;
++ /* go through another option*/
++ case 'n':
++ daemon_nofork++;
++ break;
+
case 's':
run_as_daemon = 0;
- break;
---- at-3.1.10/Makefile.in.pam 2007-07-03 13:29:24.000000000 +0200
-+++ at-3.1.10/Makefile.in 2007-07-03 13:29:24.000000000 +0200
-@@ -41,6 +41,7 @@
+diff -up at-3.1.10/config.h.in.pam at-3.1.10/config.h.in
+--- at-3.1.10/config.h.in.pam 2008-07-18 16:04:41.000000000 +0200
++++ at-3.1.10/config.h.in 2008-07-18 16:05:13.000000000 +0200
+@@ -181,3 +181,9 @@
+
+ #undef HAVE_ATTRIBUTE_NORETURN
+ #undef HAVE_PAM
++
++/* Define if you are building with_pam */
++#undef WITH_PAM
++
++/* Define if you are building with_selinux */
++#undef WITH_SELINUX
+diff -up at-3.1.10/configure.in.pam at-3.1.10/configure.in
+--- at-3.1.10/configure.in.pam 2008-07-18 16:05:28.000000000 +0200
++++ at-3.1.10/configure.in 2008-07-18 16:06:01.000000000 +0200
+@@ -316,4 +316,19 @@ AC_ARG_WITH(daemon_groupname,
+ )
+ AC_SUBST(DAEMON_GROUPNAME)
+
++AC_ARG_WITH(selinux,
++[ --with-selinux Define to run with selinux],
++AC_DEFINE(WITH_SELINUX),
++)
++AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
++AC_SUBST(SELINUXLIB)
++AC_SUBST(WITH_SELINUX)
++
++AC_ARG_WITH(pam,
++[ --with-pam Define to enable pam support ],
++AC_DEFINE(WITH_PAM),
++)
++AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
++AC_SUBST(PAMLIB)
++
+ AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)
+diff -up at-3.1.10/Makefile.in.pam at-3.1.10/Makefile.in
+--- at-3.1.10/Makefile.in.pam 2008-07-18 15:47:52.000000000 +0200
++++ at-3.1.10/Makefile.in 2008-07-18 16:04:19.000000000 +0200
+@@ -41,6 +41,7 @@ LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
-+SELINUXLIB = @SELINUXLIB@
++SELINUXLIB = @SELINUXLIB@
CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o y.tab.o lex.yy.o
-@@ -67,13 +68,13 @@
+@@ -67,13 +68,13 @@ LIST = Filelist Filelist.asc
all: at atd atrun
at: $(ATOBJECTS)
@@ -532,19 +468,80 @@
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
---- at-3.1.10/pam_atd.pam 2007-07-03 13:29:24.000000000 +0200
-+++ at-3.1.10/pam_atd 2007-07-03 13:29:24.000000000 +0200
-@@ -0,0 +1,13 @@
-+# The PAM configuration file for the at daemon
-+#
-+#
-+auth sufficient pam_rootok.so
-+auth include system-auth
-+auth required pam_env.so
-+account include system-auth
-+session required pam_loginuid.so
-+session include system-auth
-+# Sets up user limits, please uncomment and read /etc/security/limits.conf
-+# to enable this functionality.
-+# session required pam_limits.so
-+#
+diff -up at-3.1.10/perm.c.pam at-3.1.10/perm.c
+--- at-3.1.10/perm.c.pam 2008-07-18 16:06:14.000000000 +0200
++++ at-3.1.10/perm.c 2008-07-18 16:08:05.000000000 +0200
+@@ -51,6 +51,14 @@
+ #define PRIV_END while(0)
+ #endif
+
++#ifdef WITH_PAM
++#include <security/pam_appl.h>
++static pam_handle_t *pamh = NULL;
++static const struct pam_conv conv = {
++ NULL
++};
++#endif
++
+ /* Structures and unions */
+
+
+@@ -109,18 +117,55 @@ user_in_file(const char *path, const cha
+ int
+ check_permission()
+ {
+- uid_t uid = geteuid();
++ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
+ struct passwd *pentry;
+ int allow = 0, deny = 1;
+
+- if (uid == 0)
++ int retcode = 0;
++ if (euid == 0)
+ return 1;
+
+- if ((pentry = getpwuid(uid)) == NULL) {
++ if ((pentry = getpwuid(euid)) == NULL) {
+ perror("Cannot access user database");
+ exit(EXIT_FAILURE);
+ }
+
++#ifdef WITH_PAM
++/*
++ * We must check if the atd daemon userid will be allowed to gain the job owner user's
++ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
++ */
++ setreuid(daemon_uid, daemon_uid);
++ setregid(daemon_gid, daemon_gid);
++
++# define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
++ fprintf(stderr,"PAM authentication failure: %s\n",pam_strerror(pamh, retcode)); \
++ pam_close_session(pamh,PAM_SILENT); \
++ pam_end(pamh, retcode); \
++ setregid(gid,egid); \
++ setreuid(uid,euid); \
++ return(0); \
++ }
++ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
++ PAM_FAIL_CHECK;
++ retcode = pam_set_item(pamh, PAM_TTY, "atd");
++ PAM_FAIL_CHECK;
++ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
++ PAM_FAIL_CHECK;
++ retcode = pam_open_session(pamh, PAM_SILENT);
++ PAM_FAIL_CHECK;
++ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
++ PAM_FAIL_CHECK;
++
++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
++ pam_close_session(pamh,PAM_SILENT);
++ pam_end(pamh, PAM_ABORT);
++
++ setregid(gid,egid);
++ setreuid(uid,euid);
++
++#endif
++
+ allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
+ if (allow==0 || allow==1)
+ return allow;
at-3.1.10-pam_keyring.patch:
Index: at-3.1.10-pam_keyring.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.10-pam_keyring.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- at-3.1.10-pam_keyring.patch 5 Oct 2007 11:58:14 -0000 1.1
+++ at-3.1.10-pam_keyring.patch 18 Jul 2008 14:34:48 -0000 1.2
@@ -1,13 +1,13 @@
-diff -up at-3.1.10/pam_atd.old at-3.1.10/pam_atd
---- at-3.1.10/pam_atd.old 2007-10-05 13:32:16.000000000 +0200
-+++ at-3.1.10/pam_atd 2007-10-05 13:35:31.000000000 +0200
+diff -up at-3.1.10/pam_atd.pamkeyring at-3.1.10/pam_atd
+--- at-3.1.10/pam_atd.pamkeyring 2008-07-18 16:15:07.000000000 +0200
++++ at-3.1.10/pam_atd 2008-07-18 16:16:48.000000000 +0200
@@ -2,8 +2,8 @@
#
#
- auth sufficient pam_rootok.so
-+auth required pam_env.so
- auth include system-auth
--auth required pam_env.so
- account include system-auth
- session required pam_loginuid.so
- session include system-auth
+ auth sufficient pam_rootok.so
+-auth include system-auth
+ auth required pam_env.so
++auth include system-auth
+ account include system-auth
+ session required pam_loginuid.so
+ session include system-auth
at-3.1.10-pamfix.patch:
Index: at-3.1.10-pamfix.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.10-pamfix.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- at-3.1.10-pamfix.patch 14 Jan 2008 09:08:45 -0000 1.1
+++ at-3.1.10-pamfix.patch 18 Jul 2008 14:34:48 -0000 1.2
@@ -1,6 +1,6 @@
diff -up at-3.1.10/atd.c.pamfix at-3.1.10/atd.c
---- at-3.1.10/atd.c.pamfix 2008-01-09 14:56:57.000000000 +0100
-+++ at-3.1.10/atd.c 2008-01-09 14:56:57.000000000 +0100
+--- at-3.1.10/atd.c.pamfix 2008-07-18 16:23:11.000000000 +0200
++++ at-3.1.10/atd.c 2008-07-18 16:23:11.000000000 +0200
@@ -131,15 +131,17 @@ static const struct pam_conv conv = {
};
@@ -44,15 +44,15 @@
PAM_FAIL_CHECK;
closelog();
openlog("atd", LOG_PID, LOG_ATD);
-@@ -610,6 +615,7 @@ run_file(const char *filename, uid_t uid
- int mail_pid = -1;
+@@ -612,6 +617,7 @@ run_file(const char *filename, uid_t uid
+ int mail_pid = -1;
//add for fedora
#ifdef WITH_PAM
+ pamh = NULL;
retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
PAM_FAIL_CHECK;
retcode = pam_set_item(pamh, PAM_TTY, "atd");
-@@ -617,8 +623,10 @@ run_file(const char *filename, uid_t uid
+@@ -619,8 +625,10 @@ run_file(const char *filename, uid_t uid
retcode = pam_acct_mgmt(pamh, PAM_SILENT);
PAM_FAIL_CHECK;
retcode = pam_open_session(pamh, PAM_SILENT);
@@ -64,9 +64,9 @@
/* PAM has now re-opened our log to auth.info ! */
closelog();
diff -up at-3.1.10/perm.c.pamfix at-3.1.10/perm.c
---- at-3.1.10/perm.c.pamfix 2008-01-09 14:56:57.000000000 +0100
-+++ at-3.1.10/perm.c 2008-01-09 15:58:54.000000000 +0100
-@@ -134,17 +134,34 @@ check_permission()
+--- at-3.1.10/perm.c.pamfix 2008-07-18 16:23:11.000000000 +0200
++++ at-3.1.10/perm.c 2008-07-18 16:26:16.000000000 +0200
+@@ -135,34 +135,61 @@ check_permission()
* We must check if the atd daemon userid will be allowed to gain the job owner user's
* credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
*/
@@ -83,7 +83,7 @@
# define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
- fprintf(stderr,"PAM authentication failure: %s\n",pam_strerror(pamh, retcode)); \
-- pam_close_session(pamh,PAM_SILENT); \
+- pam_close_session(pamh,PAM_SILENT); \
- pam_end(pamh, retcode); \
- setregid(gid,egid); \
- setreuid(uid,euid); \
@@ -110,8 +110,9 @@
retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
PAM_FAIL_CHECK;
retcode = pam_set_item(pamh, PAM_TTY, "atd");
-@@ -152,16 +169,25 @@ check_permission()
+ PAM_FAIL_CHECK;
retcode = pam_acct_mgmt(pamh, PAM_SILENT);
++ PAM_SESSION_FAIL;
PAM_FAIL_CHECK;
retcode = pam_open_session(pamh, PAM_SILENT);
+ PAM_SESSION_FAIL;
at-3.1.8-perr.patch:
Index: at-3.1.8-perr.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.8-perr.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- at-3.1.8-perr.patch 9 Sep 2004 03:15:31 -0000 1.1
+++ at-3.1.8-perr.patch 18 Jul 2008 14:34:48 -0000 1.2
@@ -1,12 +1,12 @@
---- at-3.1.8/atd.c.org 2002-07-19 16:20:24.000000000 +0900
-+++ at-3.1.8/atd.c 2002-07-19 16:22:30.000000000 +0900
-@@ -453,7 +453,8 @@
- #elif defined(MAILX)
- execl(MAILX, "mailx", mailname, (char *) NULL);
+diff -up at-3.1.10/atd.c.bla at-3.1.10/atd.c
+--- at-3.1.10/atd.c.bla 2008-07-18 15:18:35.000000000 +0200
++++ at-3.1.10/atd.c 2008-07-18 15:19:41.000000000 +0200
+@@ -643,7 +643,7 @@ run_file(const char *filename, uid_t uid
+ #if defined(SENDMAIL)
+ execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
#else
-#error "No mail command specified."
-+/*#error "No mail command specified."*/
-+ perr("No mail command specified.");
++ perr("No mail command specified.");
#endif
perr("Exec failed for mail command");
Index: at.spec
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at.spec,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- at.spec 18 Jul 2008 12:55:00 -0000 1.66
+++ at.spec 18 Jul 2008 14:34:48 -0000 1.67
@@ -31,8 +31,7 @@
Patch14: at-3.1.10-pam_keyring.patch
Patch15: at-3.1.10-PIE.patch
Patch16: at-3.1.10-pamfix.patch
-Patch17: at-3.1.10-setuids.patch
-Patch18: nonposix.patch
+Patch17: nonposix.patch
BuildRequires: fileutils chkconfig /etc/init.d
BuildRequires: flex bison autoconf
@@ -83,8 +82,7 @@
%patch14 -p1 -b .pamkeyring
%patch15 -p1 -b .PIE
%patch16 -p1 -b .pamfix
-%patch17 -p1 -b .setuids
-%patch18 -p1 -b .nonposix
+%patch17 -p1 -b .nonposix
%build
# patch10 touches configure.in
@@ -189,6 +187,7 @@
%changelog
* Fri Jul 18 2008 Marcela Maslanova <mmaslano at redhat.com> - 3.1.10-24
- 446004 hope adding || into scriptlets fix removing old package after upgrade
+- fixes for fuzz=0
* Tue Mar 25 2008 Marcela Maslanova <mmaslano at redhat.com> - 3.1.10-23
- 436952 use local instead of posix output date/time format.
--- at-3.1.10-setuids.patch DELETED ---
More information about the fedora-extras-commits
mailing list