commit pam_mount for openSUSE:Factory

20 Nov 2009

Hello community,

here is the log from the commit of package pam_mount for openSUSE:Factory
checked in at Fri Nov 20 14:35:26 CET 2009.



--------
--- pam_mount/pam_mount.changes	2009-07-27 12:08:06.000000000 +0200
+++ /mounts/work_src_done/STABLE/pam_mount/pam_mount.changes	2009-11-19 11:16:07.000000000 +0100
@@ -1,0 +2,5 @@
+Thu Nov 19 11:12:36 CET 2009 - mc@suse.de
+
+- backport some code to fix the sudo crash (bnc#544154)
+
+-------------------------------------------------------------------

calling whatdependson for head-i586


New:
----
  pam_mount-1.27-fix-krb5-env.dif
  pam_mount-1.27-fix-mtab-handling.dif
  pam_mount-1.27-fix-sudo-crash.dif
  pam_mount-1.27-uid_guid-handling.dif

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ pam_mount.spec ++++++
--- /var/tmp/diff_new_pack.weqtqg/_old	2009-11-20 14:34:44.000000000 +0100
+++ /var/tmp/diff_new_pack.weqtqg/_new	2009-11-20 14:34:44.000000000 +0100
@@ -26,7 +26,7 @@
 BuildRequires:  linux-kernel-headers >= 2.6
 Summary:        A PAM Module that can Mount Volumes for a User Session
 Version:        1.27
-Release:        1
+Release:        2
 # psmisc: /bin/fuser
 Recommends:     cryptsetup
 Recommends:     cifs-mount xfsprogs
@@ -40,6 +40,10 @@
 Source3:        mount.crypt
 Source4:        mount.encfs13
 Patch1:         pam_mount-0.47-enable-logout-kill.dif
+Patch2:         pam_mount-1.27-fix-sudo-crash.dif
+Patch3:         pam_mount-1.27-fix-mtab-handling.dif
+Patch4:         pam_mount-1.27-uid_guid-handling.dif
+Patch5:         pam_mount-1.27-fix-krb5-env.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Url:            http://pam-mount.sourceforge.net/
 PreReq:         coreutils, perl-XML-Writer, perl-XML-Parser
@@ -60,6 +64,10 @@
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
 
 %build
 %{suse_update_config -f}

++++++ pam_mount-0.47-enable-logout-kill.dif ++++++
--- /var/tmp/diff_new_pack.weqtqg/_old	2009-11-20 14:34:44.000000000 +0100
+++ /var/tmp/diff_new_pack.weqtqg/_new	2009-11-20 14:34:44.000000000 +0100
@@ -1,6 +1,8 @@
---- orig/pam_mount-0.47/config/pam_mount.conf.xml	2008-09-05 05:28:34.000000000 +0200
-+++ pam_mount-0.47/config/pam_mount.conf.xml	2009-01-10 17:52:15.000000000 +0100
-@@ -33,7 +33,7 @@
+Index: pam_mount-1.27/config/pam_mount.conf.xml
+===================================================================
+--- pam_mount-1.27.orig/config/pam_mount.conf.xml
++++ pam_mount-1.27/config/pam_mount.conf.xml
+@@ -29,7 +29,7 @@
  <mntoptions require="nosuid,nodev" />
  <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
  

++++++ pam_mount-1.27-fix-krb5-env.dif ++++++
Index: pam_mount-1.27/doc/changelog.txt
===================================================================
--- pam_mount-1.27.orig/doc/changelog.txt
+++ pam_mount-1.27/doc/changelog.txt
@@ -4,6 +4,7 @@ For details, see the history as recorded
 
 Fixes:
 - pam_mount: avoid crash in sudo by not calling setenv() with NULL
+- pam_mount: unwind krb5 environment info at the right time
 - umount.crypt: do not remove entry from /etc/mtab twice
 
 v1.27 (July 01 2009)
Index: pam_mount-1.27/src/pam_mount.c
===================================================================
--- pam_mount-1.27.orig/src/pam_mount.c
+++ pam_mount-1.27/src/pam_mount.c
@@ -550,9 +550,10 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open
 			ret = PAM_SERVICE_ERR;
 		}
 	}
-	memset(system_authtok, 0, strlen(system_authtok));
-	if (krb5 != NULL)
-		unsetenv("KRB5CCNAME");
+	if (system_authtok != NULL) {
+		memset(system_authtok, 0, strlen(system_authtok));
+		free(system_authtok);
+	}
 	modify_pm_count(&Config, Config.user, "1");
 	envpath_restore();
 	if (getuid() == 0)
@@ -570,6 +571,8 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open
 	 */
 	ret = PAM_SUCCESS;
  out:
+	if (krb5 != NULL)
+		unsetenv("KRB5CCNAME");
 	w4rn("done opening session (ret=%d)\n", ret);
 	common_exit();
 	return ret;
++++++ pam_mount-1.27-fix-mtab-handling.dif ++++++
Index: pam_mount-1.27/doc/changelog.txt
===================================================================
--- pam_mount-1.27.orig/doc/changelog.txt
+++ pam_mount-1.27/doc/changelog.txt
@@ -4,7 +4,7 @@ For details, see the history as recorded
 
 Fixes:
 - pam_mount: avoid crash in sudo by not calling setenv() with NULL
-
+- umount.crypt: do not remove entry from /etc/mtab twice
 
 v1.27 (July 01 2009)
 ====================
Index: pam_mount-1.27/src/mtcrypt.c
===================================================================
--- pam_mount-1.27.orig/src/mtcrypt.c
+++ pam_mount-1.27/src/mtcrypt.c
@@ -563,9 +563,8 @@ static int mtcr_umount(struct umount_opt
 
 	umount_args[argk++] = "umount";
 #ifdef __linux__
-	umount_args[argk++] = "-i";
-	if (opt->no_update)
-		umount_args[argk++] = "-n";
+	/* Always pass in -n, as we manually edit /etc/mtab */
+	umount_args[argk++] = "-ni";
 #endif
 	umount_args[argk++] = mountpoint;
 	umount_args[argk]   = NULL;
++++++ pam_mount-1.27-fix-sudo-crash.dif ++++++

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 5107e9b..bdc37f0 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -2,6 +2,10 @@
 For details, see the history as recorded in the git repository.
 
 
+Fixes:
+- pam_mount: avoid crash in sudo by not calling setenv() with NULL
+
+
 v1.27 (July 01 2009)
 ====================
 Changes:
diff --git a/src/pam_mount.c b/src/pam_mount.c
index 87262bd..73da556 100644
--- a/src/pam_mount.c
+++ b/src/pam_mount.c
@@ -451,7 +451,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
 {
 	struct vol *vol;
 	int ret;
-	unsigned int krb5_set;
+	const char *krb5;
 	char *system_authtok = NULL;
 	const void *tmp;
 	int getval;
@@ -464,11 +464,17 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
 	w4rn(PACKAGE_STRING ": entering session stage\n");
 
 	/*
+	 * Environment variables set with setenv() only last while PAM is
+	 * active, i.e. disappear when the shell is started. On the other hand,
+	 * variabled fed to pam_putenv() are only visible once the shell
+	 * started.
+	 */
+	/*
 	 * Get the Kerberos CCNAME so we can make it available to the
 	 * mount command later on.
 	 */
-	krb5_set = getenv("KRB5CCNAME") != NULL;
-	if (setenv("KRB5CCNAME", pam_getenv(pamh, "KRB5CCNAME"), 1) < 0)
+	krb5 = pam_getenv(pamh, "KRB5CCNAME");
+	if (krb5 != NULL && setenv("KRB5CCNAME", krb5, true) < 0)
 		l0g("KRB5CCNAME setenv failed\n");
 
 	/* Store initialized config as PAM data */
@@ -545,7 +551,7 @@ PAM_EXTERN EXPORT_SYMBOL int pam_sm_open_session(pam_handle_t *pamh, int flags,
 		}
 	}
 	memset(system_authtok, 0, strlen(system_authtok));
-	if (krb5_set)
+	if (krb5 != NULL)
 		unsetenv("KRB5CCNAME");
 	modify_pm_count(&Config, Config.user, "1");
 	envpath_restore();
++++++ pam_mount-1.27-uid_guid-handling.dif ++++++
diff --git a/src/rdconf1.c b/src/rdconf1.c
index 0a90de7..9ec29f8 100644
--- a/src/rdconf1.c
+++ b/src/rdconf1.c
@@ -959,8 +959,7 @@ static int rc_volume_cond_uid(const struct passwd *pwd, xmlNode *node)
 			continue;
 		ret = __rc_volume_cond_id(signed_cast(const char *,
 		      node->content), pwd->pw_uid);
-		if (ret < 0)
-			return ret;
+		return ret;
 	}
 
 	l0g("config: empty or invalid content for <%s>\n", "uid");
@@ -981,8 +980,7 @@ static int rc_volume_cond_gid(const struct passwd *pwd, xmlNode *node)
 			continue;
 		ret = __rc_volume_cond_id(signed_cast(const char *,
 		      node->content), pwd->pw_gid);
-		if (ret < 0)
-			return ret;
+		return ret;
 	}
 
 	l0g("config: empty or invalid content for <%s>\n", "gid");

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

root＠Hilbert.suse.de

tags

participants (1)