r4932 - trunk/patches

randy at linuxfromscratch.org randy at linuxfromscratch.org
Sun Aug 14 18:11:48 PDT 2005


Author: randy
Date: 2005-08-14 19:11:48 -0600 (Sun, 14 Aug 2005)
New Revision: 4932

Removed:
   trunk/patches/shadow-4.0.9-Linux_PAM_fixes-1.patch
Log:
Removed obsolete patch

Deleted: trunk/patches/shadow-4.0.9-Linux_PAM_fixes-1.patch
===================================================================
--- trunk/patches/shadow-4.0.9-Linux_PAM_fixes-1.patch	2005-08-15 00:29:21 UTC (rev 4931)
+++ trunk/patches/shadow-4.0.9-Linux_PAM_fixes-1.patch	2005-08-15 01:11:48 UTC (rev 4932)
@@ -1,585 +0,0 @@
-Submitted By: DJ Lucas (dj AT linuxfromscratch DOT org)
-Date: 2005-07-06
-Initial Package Version: 4.0.9
-Origin: http://lists.pld.org.pl/mailman/pipermail/shadow/2005-June/000125.html
-Upstream Status: Accepted
-Description: Fixes erroneous warning messages when used with Linux-PAM,
-             backported from 4.0.10+ CVS.
-
-$LastChangedBy$
-$Date$
-
-
-diff -Naur shadow-4.0.9-orig/libmisc/setupenv.c shadow-4.0.9/libmisc/setupenv.c
---- shadow-4.0.9-orig/libmisc/setupenv.c	2005-03-30 23:14:50.000000000 -0600
-+++ shadow-4.0.9/libmisc/setupenv.c	2005-07-06 20:52:18.000000000 -0500
-@@ -238,7 +238,17 @@
- 	 * Create the PATH environmental variable and export it.
- 	 */
- 
-+	/*
-+	 * Export the user name.  For BSD derived systems, it's "USER", for
-+	 * all others it's "LOGNAME".  We set both of them.
-+	 */
-+
-+	addenv ("USER", info->pw_name);
-+	addenv ("LOGNAME", info->pw_name);
-+
-+#ifndef USE_PAM
- 	cp = getdef_str ((info->pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
-+
- 	if (!cp) {
- 		/* not specified, use a minimal default */
- 		addenv ("PATH=/bin:/usr/bin", NULL);
-@@ -251,14 +261,6 @@
- 	}
- 
- 	/*
--	 * Export the user name.  For BSD derived systems, it's "USER", for
--	 * all others it's "LOGNAME".  We set both of them.
--	 */
--
--	addenv ("USER", info->pw_name);
--	addenv ("LOGNAME", info->pw_name);
--
--	/*
- 	 * MAILDIR environment variable for Qmail
- 	 */
- 	if ((cp = getdef_str ("QMAIL_DIR")))
-@@ -274,6 +276,7 @@
- 	else if ((cp = getdef_str ("MAIL_FILE")))
- 		addenv_path ("MAIL", info->pw_dir, cp);
- 	else {
-+
- #if defined(MAIL_SPOOL_FILE)
- 		addenv_path ("MAIL", info->pw_dir, MAIL_SPOOL_FILE);
- #elif defined(MAIL_SPOOL_DIR)
-@@ -281,11 +284,10 @@
- #endif
- 	}
- 
--#ifndef USE_PAM
- 	/*
- 	 * Read environment from optional config file.  --marekm
- 	 */
- 	if ((envf = getdef_str ("ENVIRON_FILE")))
- 		read_env_file (envf);
--#endif
-+#endif /* !USE_PAM */
- }
-diff -Naur shadow-4.0.9-orig/libmisc/tz.c shadow-4.0.9/libmisc/tz.c
---- shadow-4.0.9-orig/libmisc/tz.c	2003-04-22 05:59:22.000000000 -0500
-+++ shadow-4.0.9/libmisc/tz.c	2005-07-06 20:52:18.000000000 -0500
-@@ -49,8 +49,10 @@
- 
- 	if ((fp = fopen (fname, "r")) == NULL ||
- 	    fgets (tzbuf, sizeof (tzbuf), fp) == NULL) {
-+#ifndef USE_PAM
- 		if (!(def_tz = getdef_str ("ENV_TZ")) || def_tz[0] == '/')
- 			def_tz = "TZ=CST6CDT";
-+#endif /* !USE_PAM */
- 
- 		strcpy (tzbuf, def_tz);
- 	} else
-diff -Naur shadow-4.0.9-orig/src/login.c shadow-4.0.9/src/login.c
---- shadow-4.0.9-orig/src/login.c	2005-04-18 09:10:30.000000000 -0500
-+++ shadow-4.0.9/src/login.c	2005-07-06 20:52:18.000000000 -0500
-@@ -30,7 +30,7 @@
- #include <config.h>
- 
- #include "rcsid.h"
--RCSID (PKG_VER "$Id: login.c,v 1.52 2005/04/17 15:38:56 kloczek Exp $")
-+RCSID (PKG_VER "$Id: login.c,v 1.59 2005/06/20 09:36:27 kloczek Exp $")
- #include "prototypes.h"
- #include "defines.h"
- #include <sys/stat.h>
-@@ -277,9 +277,11 @@
- 
- 	if ((tmp = getenv ("TZ"))) {
- 		addenv ("TZ", tmp);
--	} else if ((cp = getdef_str ("ENV_TZ")))
-+	} 
-+#ifndef USE_PAM
-+		else if ((cp = getdef_str ("ENV_TZ")))
- 		addenv (*cp == '/' ? tz (cp) : cp, NULL);
--
-+#endif /* !USE_PAM */
- 	/* 
- 	 * Add the clock frequency so that profiling commands work
- 	 * correctly.
-@@ -287,8 +289,11 @@
- 
- 	if ((tmp = getenv ("HZ"))) {
- 		addenv ("HZ", tmp);
--	} else if ((cp = getdef_str ("ENV_HZ")))
-+	} 
-+#ifndef USE_PAM
-+		else if ((cp = getdef_str ("ENV_HZ")))
- 		addenv (cp, NULL);
-+#endif /* !USE_PAM */
- }
- 
- 
-@@ -347,8 +352,7 @@
- 	int retcode;
- 	pid_t child;
- 	char *pam_user;
--#endif				/* USE_PAM */
--#if defined(SHADOWPWD) && !defined(USE_PAM)
-+#else
- 	struct spwd *spwd = NULL;
- #endif
- 	/*
-@@ -369,7 +373,7 @@
- 
- 	check_flags (argc, argv);
- 
--	while ((flag = getopt (argc, argv, "d:f:h:pr:")) != EOF) {
-+	while ((flag = getopt (argc, argv, "d:f::h:pr:")) != EOF) {
- 		switch (flag) {
- 		case 'p':
- 			pflg++;
-@@ -378,11 +382,16 @@
- 			/*
- 			 * username must be a separate token
- 			 * (-f root, *not* -froot).  --marekm
-+			 *
-+			 * if -f has an arg, use that, else use the
-+			 * normal user name passed after all options
-+			 * --benc
- 			 */
--			if (optarg != argv[optind - 1])
-+			if (optarg != NULL && optarg != argv[optind - 1])
- 				usage ();
- 			fflg++;
--			STRFCPY (username, optarg);
-+			if (optarg)
-+				STRFCPY (username, optarg);
- 			break;
- #ifdef	RLOGIN
- 		case 'r':
-@@ -418,7 +427,7 @@
- 	 */
- 
- 	if ((rflg || fflg || hflg) && !amroot) {
--		fprintf (stderr, _("%s: permission denied.\n"), Prog);
-+		fprintf (stderr, _("%s: Permission denied.\n"), Prog);
- 		exit (1);
- 	}
- 
-@@ -498,6 +507,8 @@
- 
- 		setup_tty ();
- 
-+#ifndef USE_PAM
-+
- 		umask (getdef_num ("UMASK", 077));
- 
- 		{
-@@ -514,6 +525,8 @@
- 				set_filesize_limit (limit);
- 		}
- 
-+#endif /* !USE_PAM */
-+
- 		/*
- 		 * The entire environment will be preserved if the -p flag
- 		 * is used.
-@@ -535,7 +548,7 @@
- 		init_env ();
- 
- 		if (optind < argc) {	/* get the user name */
--			if (rflg || fflg)
-+			if (rflg || (fflg && username[0]))
- 				usage ();
- 
- 			STRFCPY (username, argv[optind]);
-@@ -703,11 +716,14 @@
- 
- 		if (!pwd || setup_groups (pwd))
- 			exit (1);
-+		else
-+			pwent = *pwd;
- 
- 		retcode = pam_setcred (pamh, PAM_ESTABLISH_CRED);
- 		PAM_FAIL_CHECK;
- 
--		retcode = pam_open_session (pamh, 0);
-+		retcode = pam_open_session (pamh,
-+					    hushed (&pwent) ? PAM_SILENT : 0);
- 		PAM_FAIL_CHECK;
- 
- #else				/* ! USE_PAM */
-@@ -742,7 +758,6 @@
- 			pwent = *pwd;
- 		}
- #ifndef USE_PAM
--#ifdef SHADOWPWD
- 		spwd = NULL;
- 		if (pwd && strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) == 0) {
- 			spwd = getspnam (username);
-@@ -753,7 +768,6 @@
- 					 "no shadow password for `%s'%s",
- 					 username, fromhost));
- 		}
--#endif				/* SHADOWPWD */
- 
- 		/*
- 		 * If the encrypted password begins with a "!", the account
-@@ -918,9 +932,7 @@
- 		subroot++;	/* say i was here again */
- 		endpwent ();	/* close all of the file which were */
- 		endgrent ();	/* open in the original rooted file */
--#ifdef	SHADOWPWD
- 		endspent ();	/* system. they will be re-opened */
--#endif
- #ifdef	SHADOWGRP
- 		endsgent ();	/* in the new rooted file system */
- #endif
-@@ -938,7 +950,6 @@
- 	 * and changes to the user in the child before executing the passwd
- 	 * program.  --marekm
- 	 */
--#ifdef	SHADOWPWD
- 	if (spwd) {		/* check for age of password */
- 		if (expire (&pwent, spwd)) {
- 			pwd = getpwnam (username);
-@@ -947,11 +958,44 @@
- 				pwent = *pwd;
- 		}
- 	}
--#endif				/* SHADOWPWD */
- 	setup_limits (&pwent);	/* nice, ulimit etc. */
- #endif				/* ! USE_PAM */
- 	chown_tty (tty, &pwent);
- 
-+#ifdef USE_PAM
-+	/*
-+	 * We must fork before setuid() because we need to call
-+	 * pam_close_session() as root.
-+	 *
-+	 * Note: not true in other (non-Linux) PAM implementations, where
-+	 * the parent process of login (init, telnetd, ...) is responsible
-+	 * for calling pam_close_session(). This avoids an extra process for
-+	 * each login. Maybe we should do this on Linux too? We let the
-+	 * admin configure whether they need to keep login around to close
-+	 * sessions.
-+	 */
-+	if (getdef_bool ("CLOSE_SESSIONS")) {
-+		signal (SIGINT, SIG_IGN);
-+		child = fork ();
-+		if (child < 0) {
-+			/* error in fork() */
-+			fprintf (stderr,
-+				 "login: failure forking: %s",
-+				 strerror (errno));
-+			PAM_END;
-+			exit (0);
-+		} else if (child) {
-+			/*
-+			 * parent - wait for child to finish, then cleanup
-+			 * session
-+			 */
-+			wait (NULL);
-+			PAM_END;
-+			exit (0);
-+		}
-+		/* child */
-+	}
-+#endif
- 	/* We call set_groups() above because this clobbers pam_groups.so */
- #ifndef USE_PAM
- 	if (setup_uid_gid (&pwent, is_console))
-@@ -1021,11 +1065,7 @@
- #endif
- 			printf (".\n");
- 		}
--#ifdef	SHADOWPWD
- 		agecheck (&pwent, spwd);
--#else
--		agecheck (&pwent);
--#endif
- 
- 		mailcheck ();	/* report on the status of mail */
- #endif				/* !USE_PAM */
-@@ -1039,55 +1079,22 @@
- 	signal (SIGTERM, SIG_DFL);	/* default terminate signal */
- 	signal (SIGALRM, SIG_DFL);	/* default alarm signal */
- 	signal (SIGHUP, SIG_DFL);	/* added this.  --marekm */
--
--#ifdef USE_PAM
--	/*
--	 * We must fork before setuid() because we need to call
--	 * pam_close_session() as root.
--	 *
--	 * Note: not true in other (non-Linux) PAM implementations, where
--	 * the parent process of login (init, telnetd, ...) is responsible
--	 * for calling pam_close_session(). This avoids an extra process for
--	 * each login. Maybe we should do this on Linux too? We let the
--	 * admin configure whether they need to keep login around to close
--	 * sessions.
--	 */
--	if (getdef_bool ("CLOSE_SESSIONS")) {
--		signal (SIGINT, SIG_IGN);
--		child = fork ();
--		if (child < 0) {
--			/* error in fork() */
--			fprintf (stderr,
--				 "login: failure forking: %s",
--				 strerror (errno));
--			PAM_END;
--			exit (0);
--		} else if (child) {
--			/*
--			 * parent - wait for child to finish, then cleanup
--			 * session
--			 */
--			wait (NULL);
--			PAM_END;
--			exit (0);
--		}
--		/* child */
--	}
--#endif
- 	signal (SIGINT, SIG_DFL);	/* default interrupt signal */
- 
- 	endpwent ();		/* stop access to password file */
- 	endgrent ();		/* stop access to group file */
--#ifdef	SHADOWPWD
- 	endspent ();		/* stop access to shadow passwd file */
--#endif
- #ifdef	SHADOWGRP
- 	endsgent ();		/* stop access to shadow group file */
- #endif
- 	if (pwent.pw_uid == 0)
- 		SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost));
- 	else if (getdef_bool ("LOG_OK_LOGINS"))
-+#ifdef USE_PAM
-+		SYSLOG ((LOG_INFO, "`%s' logged in %s", pam_user, fromhost));
-+#else
- 		SYSLOG ((LOG_INFO, "`%s' logged in %s", username, fromhost));
-+#endif
- 	closelog ();
- 	if ((tmp = getdef_str ("FAKE_SHELL")) != NULL) {
- 		shell (tmp, pwent.pw_shell);	/* fake shell */
-diff -Naur shadow-4.0.9-orig/src/su.c shadow-4.0.9/src/su.c
---- shadow-4.0.9-orig/src/su.c	2005-04-02 08:09:48.000000000 -0600
-+++ shadow-4.0.9/src/su.c	2005-07-06 20:52:18.000000000 -0500
-@@ -30,17 +30,11 @@
- #include <config.h>
- 
- #include "rcsid.h"
--RCSID (PKG_VER "$Id: su.c,v 1.30 2005/04/02 14:09:48 kloczek Exp $")
-+RCSID (PKG_VER "$Id: su.c,v 1.34 2005/06/20 10:17:08 kloczek Exp $")
- #include <sys/types.h>
- #include <stdio.h>
- #ifdef USE_PAM
- #include "pam_defs.h"
--static const struct pam_conv conv = {
--	misc_conv,
--	NULL
--};
--
--static pam_handle_t *pamh = NULL;
- #endif
- 
- #include "prototypes.h"
-@@ -64,8 +58,18 @@
- static char name[BUFSIZ];
- static char oldname[BUFSIZ];
- 
--static char *Prog;
-+#ifdef USE_PAM
-+static const struct pam_conv conv = {
-+	misc_conv,
-+	NULL
-+};
- 
-+static pam_handle_t *pamh = NULL;
-+#endif 
-+
-+static int caught = 0;
-+
-+static char *Prog;
- extern struct passwd pwent;
- 
- /*
-@@ -73,9 +77,8 @@
-  */
- 
- extern char **newenvp;
--extern size_t newenvc;
--
- extern char **environ;
-+extern size_t newenvc;
- 
- /* local function prototypes */
- 
-@@ -125,7 +128,7 @@
- #ifdef USE_SYSLOG
- 	if (getdef_bool ("SYSLOG_SU_ENAB"))
- 		SYSLOG ((pwent.pw_uid ? LOG_INFO : LOG_NOTICE,
--			 "- %s %s-%s", tty,
-+			 "- %s %s:%s", tty,
- 			 oldname[0] ? oldname : "???", name[0] ? name : "???"));
- 	closelog ();
- #endif
-@@ -133,9 +136,8 @@
- 	exit (1);
- }
- 
--#ifdef USE_PAM
--static int caught = 0;
- 
-+#ifdef USE_PAM
- /* Signal handler for parent process later */
- static void su_catch_sig (int sig)
- {
-@@ -270,9 +272,8 @@
- 	RETSIGTYPE (*oldsig) ();
- 	int is_console = 0;
- 
--#ifdef	SHADOWPWD
- 	struct spwd *spwd = 0;
--#endif
-+
- #ifdef SU_ACCESS
- 	char *oldpass;
- #endif
-@@ -342,13 +343,6 @@
- 	 */
- 
- 	if (fakelogin) {
--		if ((cp = getdef_str ("ENV_TZ")))
--			addenv (*cp == '/' ? tz (cp) : cp, NULL);
--		/*
--		 * The clock frequency will be reset to the login value if required
--		 */
--		if ((cp = getdef_str ("ENV_HZ")))
--			addenv (cp, NULL);	/* set the default $HZ, if one */
- 		/*
- 		 * The terminal type will be left alone if it is present in
- 		 * the environment already.
-@@ -356,6 +350,13 @@
- 		if ((cp = getenv ("TERM")))
- 			addenv ("TERM", cp);
- #ifndef USE_PAM
-+		if ((cp = getdef_str ("ENV_TZ")))
-+			addenv (*cp == '/' ? tz (cp) : cp, NULL);
-+		/*
-+		 * The clock frequency will be reset to the login value if required
-+		 */
-+		if ((cp = getdef_str ("ENV_HZ")))
-+			addenv (cp, NULL);	/* set the default $HZ, if one */
- 		/*
- 		 * Also leave DISPLAY and XAUTHORITY if present, else
- 		 * pam_xauth will not work.
-@@ -405,10 +406,8 @@
- 	 * Sort out the password of user calling su, in case needed later
- 	 * -- chris
- 	 */
--#ifdef SHADOWPWD
- 	if ((spwd = getspnam (oldname)))
- 		pw->pw_passwd = spwd->sp_pwdp;
--#endif
- 	oldpass = xstrdup (pw->pw_passwd);
- #endif				/* SU_ACCESS */
- 
-@@ -449,12 +448,10 @@
- 		exit (1);
- 	}
- #ifndef USE_PAM
--#ifdef SHADOWPWD
- 	spwd = NULL;
- 	if (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) == 0
- 	    && (spwd = getspnam (name)))
- 		pw->pw_passwd = spwd->sp_pwdp;
--#endif
- #endif				/* !USE_PAM */
- 	pwent = *pw;
- 
-@@ -466,7 +463,7 @@
- 
- 	/* The original Shadow 3.3.2 did this differently. Do it like BSD:
- 	 *
--	 * - check for uid 0 instead of name "root" - there are systems with
-+	 * - check for UID 0 instead of name "root" - there are systems with
- 	 *   several root accounts under different names,
- 	 *
- 	 * - check the contents of /etc/group instead of the current group
-@@ -563,7 +560,6 @@
- 	 */
- 
- 	if (!amroot) {
--#ifdef	SHADOWPWD
- 		if (!spwd)
- 			spwd = pwd_to_spwd (&pwent);
- 
-@@ -572,7 +568,6 @@
- 				 "Expired account %s", name));
- 			su_failure (tty);
- 		}
--#endif
- 	}
- 
- 	/*
-@@ -593,6 +588,7 @@
- #endif				/* !USE_PAM */
- 
- 	signal (SIGINT, SIG_DFL);
-+#ifndef USE_PAM
- 	cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
- 
- 	/* XXX very similar code duplicated in libmisc/setupenv.c */
-@@ -604,10 +600,8 @@
- 		addenv ("PATH", cp);
- 	}
- 
--/* setup the environment for pam later on, else we run into auth problems */
--#ifndef USE_PAM
- 	environ = newenvp;	/* make new environment active */
--#endif
-+#endif /* !USE_PAM */
- 
- 	if (getenv ("IFS"))	/* don't export user IFS ... */
- 		addenv ("IFS= \t\n", NULL);	/* ... instead, set a safe IFS */
-@@ -616,20 +610,16 @@
- 		pwent.pw_shell++;	/* skip the '*' */
- 		subsystem (&pwent);	/* figure out what to execute */
- 		endpwent ();
--#ifdef SHADOWPWD
- 		endspent ();
--#endif
- 		goto top;
- 	}
- 
- 	sulog (tty, 1, oldname, name);	/* save SU information */
- 	endpwent ();
--#ifdef SHADOWPWD
- 	endspent ();
--#endif
- #ifdef USE_SYSLOG
- 	if (getdef_bool ("SYSLOG_SU_ENAB"))
--		SYSLOG ((LOG_INFO, "+ %s %s-%s", tty,
-+		SYSLOG ((LOG_INFO, "+ %s %s:%s", tty,
- 			 oldname[0] ? oldname : "???", name[0] ? name : "???"));
- #endif
- 
-diff -Naur shadow-4.0.9-orig/src/sulogin.c shadow-4.0.9/src/sulogin.c
---- shadow-4.0.9-orig/src/sulogin.c	2005-03-30 23:14:54.000000000 -0600
-+++ shadow-4.0.9/src/sulogin.c	2005-07-06 20:52:18.000000000 -0500
-@@ -140,10 +140,14 @@
- 	while (*envp)		/* add inherited environment, */
- 		addenv (*envp++, NULL);	/* some variables change later */
- 
-+#ifndef USE_PAM
-+
- 	if ((cp = getdef_str ("ENV_TZ")))
- 		addenv (*cp == '/' ? tz (cp) : cp, NULL);
- 	if ((cp = getdef_str ("ENV_HZ")))
- 		addenv (cp, NULL);	/* set the default $HZ, if one */
-+#endif /* !USE_PAM */
-+
- 	(void) strcpy (name, "root");	/* KLUDGE!!! */
- 
- 	signal (SIGALRM, catch);	/* exit if the timer expires */




More information about the blfs-book mailing list