Hello community, here is the log from the commit of package libgnomesu for openSUSE:Factory checked in at Fri Feb 18 12:25:11 CET 2011. -------- --- GNOME/libgnomesu/libgnomesu.changes 2011-01-26 15:22:28.000000000 +0100 +++ /mounts/work_src_done/STABLE/libgnomesu/libgnomesu.changes 2011-02-15 12:46:00.000000000 +0100 @@ -1,0 +2,11 @@ +Tue Feb 15 11:57:31 CET 2011 - vuntz@opensuse.org + +- Add libgnomesu-use-pam_xauth.patch: with the pam backend, we + should stop playing with xauth ourselves and let pam_xauth handle + this. It turns out it's already configured to do so in + gnomesu-pam.pamd, but we're hiding things to it. +- Add libgnomesu-reorder-pam-init.patch: in the pam backend, we + want to initialize everything in the right order, and we use the + coreutils/su code as reference for this. + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- libgnomesu-reorder-pam-init.patch libgnomesu-use-pam_xauth.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgnomesu.spec ++++++ --- /var/tmp/diff_new_pack.O9Nyd3/_old 2011-02-18 12:14:20.000000000 +0100 +++ /var/tmp/diff_new_pack.O9Nyd3/_new 2011-02-18 12:14:20.000000000 +0100 @@ -19,7 +19,7 @@ Name: libgnomesu Version: 1.0.0 -Release: 326 +Release: 331 License: LGPLv2.1+ Summary: GNOME su Library Url: http://members.chello.nl/~h.lai/libgnomesu/ @@ -56,6 +56,10 @@ Patch14: libgnomesu-i18n.patch # PATCH-FIX-UPSTREAM libgnomesu-no-manual-memory-cleaning.patch bnc351917 vuntz@opensuse.org -- Let GTK+ remove passwords from memory Patch15: libgnomesu-no-manual-memory-cleaning.patch +# PATCH-FIX-UPSTREAM libgnomesu-use-pam_xauth.patch bnc#667577 vuntz@opensuse.org -- Let pam_xauth handle xauth stuff if using pam backend +Patch16: libgnomesu-use-pam_xauth.patch +# PATCH-FIX-UPSTREAM libgnomesu-reorder-pam-init.patch vuntz@opensuse.org -- Do commands in the same order as in coreutils/su.c in pam backend +Patch17: libgnomesu-reorder-pam-init.patch BuildRequires: fdupes BuildRequires: gconf2-devel BuildRequires: gtk2-devel @@ -115,6 +119,8 @@ %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p1 +%patch17 -p1 cp -a %{S:1} pam-backend/gnomesu-pam # Upstream is dead, libgnomesu.po in LCN includes strings in our patches: translation-update-upstream ++++++ libgnomesu-reorder-pam-init.patch ++++++ Index: libgnomesu-1.0.0/pam-backend/pam.c =================================================================== --- libgnomesu-1.0.0.orig/pam-backend/pam.c +++ libgnomesu-1.0.0/pam-backend/pam.c @@ -323,18 +323,25 @@ main (int argc, char *argv[]) char **command = argv + 4; pid_t pid; int exitCode = 1, status; + int setcred = 0; - modify_environment (pw); - #ifdef HAVE_SETFSUID - setfsuid (pw->pw_uid); - #endif /* HAVE_SETFSUID */ - change_identity (pw); + init_groups (pw); retval = pam_setcred (pamh, PAM_ESTABLISH_CRED); if (retval != PAM_SUCCESS) fprintf (stderr, "Warning: %s\n", pam_strerror (pamh, retval)); + else + setcred = 1; pam_open_session (pamh, 0); + + #ifdef HAVE_SETFSUID + setfsuid (pw->pw_uid); + #endif /* HAVE_SETFSUID */ + change_identity (pw); + + modify_environment (pw); + pid = fork (); switch (pid) { @@ -364,6 +371,8 @@ main (int argc, char *argv[]) break; } pam_close_session (pamh, 0); + if (setcred) + pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); close_pam (pamh, retval); /* evecvp() failed */ Index: libgnomesu-1.0.0/su-backend/common.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.c +++ libgnomesu-1.0.0/su-backend/common.c @@ -223,13 +223,18 @@ modify_environment (const struct passwd /* Become the user and group(s) specified by PW. */ void -change_identity (const struct passwd *pw) +init_groups (const struct passwd *pw) { #ifdef HAVE_INITGROUPS errno = 0; initgroups (pw->pw_name, pw->pw_gid); endgrent (); #endif +} + +void +change_identity (const struct passwd *pw) +{ if (setgid (pw->pw_gid)) perror ("cannot set group id"); if (setuid (pw->pw_uid)) Index: libgnomesu-1.0.0/su-backend/common.h =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.h +++ libgnomesu-1.0.0/su-backend/common.h @@ -30,6 +30,7 @@ char *concat (const char *s1, const char void xputenv (const char *val); void init_xauth (const struct passwd *pw); void setup_xauth (const struct passwd *pw); +void init_groups (const struct passwd *pw); void change_identity (const struct passwd *pw); void modify_environment (const struct passwd *pw); void *safe_memset (void *s, int c, size_t n); Index: libgnomesu-1.0.0/su-backend/su.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/su.c +++ libgnomesu-1.0.0/su-backend/su.c @@ -322,6 +322,7 @@ main (int argc, char **argv) init_xauth (pw); modify_environment (pw); + init_groups (pw); change_identity (pw); setup_xauth (pw); ++++++ libgnomesu-use-pam_xauth.patch ++++++ Index: libgnomesu-1.0.0/su-backend/common.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.c +++ libgnomesu-1.0.0/su-backend/common.c @@ -97,6 +97,32 @@ saveXauth (void) g_string_free (data, FALSE); } +void +init_xauth (const struct passwd *pw) +{ + const char *env_term; + const char *env_xauthority; + + env_term = g_getenv ("TERM"); + env_xauthority = g_getenv ("XAUTHORITY"); + + /* Sanity-check the environment variables as best we can: those + * which aren't path names shouldn't contain "/", and none of + * them should contain ".." or "%". */ + if (env_term && + (strstr(env_term, "..") || + strchr(env_term, '%'))) + setenv ("XAUTHORITY", "dumb", 1); + if (env_xauthority && + (strstr(env_xauthority , "..") || + strchr(env_xauthority , '%'))) + unsetenv ("XAUTHORITY"); + + /* Setup X authentication stuff. */ + saveXauth (); + xputenv (concat ("XAUTHORITY=", pw->pw_dir, "/.Xauthority")); +} + /* Update environment variables for the new user. */ void @@ -105,7 +131,7 @@ modify_environment (const struct passwd const gchar *path; const char *env_term; const char *env_display, *env_shell; - const char *env_lang, *env_lcall, *env_lcmsgs, *env_xauthority; + const char *env_lang, *env_lcall, *env_lcmsgs; const char *env_dbus; /* Sanity-check the environment variables as best we can: those @@ -117,7 +143,6 @@ modify_environment (const struct passwd env_lcmsgs = g_getenv ("LC_MESSAGES"); env_shell = g_getenv ("SHELL"); env_term = g_getenv ("TERM"); - env_xauthority = g_getenv ("XAUTHORITY"); if (env_display && (strstr(env_display, "..") || @@ -142,19 +167,7 @@ modify_environment (const struct passwd (strstr(env_shell, "..") || strchr(env_shell, '%'))) unsetenv ("SHELL"); - if (env_term && - (strstr(env_term, "..") || - strchr(env_term, '%'))) - setenv ("XAUTHORITY", "dumb", 1); - if (env_xauthority && - (strstr(env_xauthority , "..") || - strchr(env_xauthority , '%'))) - unsetenv ("XAUTHORITY"); - - /* Setup X authentication stuff. */ - saveXauth (); - xputenv (concat ("XAUTHORITY=", pw->pw_dir, "/.Xauthority")); if (!g_getenv ("ICEAUTHORITY")) xputenv (concat ("ICEAUTHORITY=", pw->pw_dir, "/.ICEauthority")); @@ -212,10 +225,6 @@ modify_environment (const struct passwd void change_identity (const struct passwd *pw) { - FILE *p; - const gchar *hostname; - gchar *command; - #ifdef HAVE_INITGROUPS errno = 0; initgroups (pw->pw_name, pw->pw_gid); @@ -225,6 +234,13 @@ change_identity (const struct passwd *pw perror ("cannot set group id"); if (setuid (pw->pw_uid)) perror ("cannot set user id"); +} + +void +setup_xauth (const struct passwd *pw) +{ + FILE *p; + gchar *command; command = g_strdup_printf ("xauth -q remove %s/unix:0", g_get_host_name ()); g_spawn_command_line_sync (command, NULL, NULL, NULL, NULL); Index: libgnomesu-1.0.0/su-backend/common.h =================================================================== --- libgnomesu-1.0.0.orig/su-backend/common.h +++ libgnomesu-1.0.0/su-backend/common.h @@ -28,6 +28,8 @@ char *concat (const char *s1, const char *s2, const char *s3); void xputenv (const char *val); +void init_xauth (const struct passwd *pw); +void setup_xauth (const struct passwd *pw); void change_identity (const struct passwd *pw); void modify_environment (const struct passwd *pw); void *safe_memset (void *s, int c, size_t n); Index: libgnomesu-1.0.0/su-backend/su.c =================================================================== --- libgnomesu-1.0.0.orig/su-backend/su.c +++ libgnomesu-1.0.0/su-backend/su.c @@ -320,8 +320,10 @@ main (int argc, char **argv) } } + init_xauth (pw); modify_environment (pw); change_identity (pw); + setup_xauth (pw); fprintf (outf, PROTOCOL_DONE); fclose (inf); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org