[Pkg-shadow-commits] r257 - trunk/debian/patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Wed, 15 Jun 2005 17:38:04 +0000
Author: nekral-guest
Date: 2005-06-15 17:38:03 +0000 (Wed, 15 Jun 2005)
New Revision: 257
Added:
trunk/debian/patches/355_login_close_session_as_root
Removed:
trunk/debian/patches/008_login_close_session_as_root
Modified:
trunk/debian/patches/series
Log:
008_login_close_session_as_root was applied upstream.
Deleted: trunk/debian/patches/008_login_close_session_as_root
===================================================================
--- trunk/debian/patches/008_login_close_session_as_root 2005-06-15 17:25:24 UTC (rev 256)
+++ trunk/debian/patches/008_login_close_session_as_root 2005-06-15 17:38:03 UTC (rev 257)
@@ -1,104 +0,0 @@
-Goal: The PAM session needs to be closed as root, thus before change_uid().
-
-Status wrt upstream: It should certainly be applied upstream.
-
-Notes: The changelog reports:
- * src/login.c: moved usage of setup_uid_gid() when PAM is enabled or
- pam_groups.so's groups get clobbered
- (Ben Collins 19 Sep 1999)
-
- The behaviour of the parent is modified (for example signal handlers).
- I don't know if this may be a problem.
-
- The following bugs are also related to this issue:
- http://bugs.debian.org/53570
- http://bugs.debian.org/195048
- http://bugs.debian.org/211884
-
-Index: shadow-4.0.3/src/login.c
-===================================================================
---- shadow-4.0.3.orig/src/login.c 2005-05-28 19:11:32.274189000 +0200
-+++ shadow-4.0.3/src/login.c 2005-05-28 19:11:33.674189000 +0200
-@@ -1273,6 +1273,40 @@
- login_fbtab (tty, pwent.pw_uid, pwent.pw_gid);
- #endif
-
-+#ifdef USE_PAM
-+ /*
-+ * We must fork before setuid() because we need to call
-+ * pam_close_session() as root.
-+ *
-+ * Note: not true in other (non-Linux) PAM implementations, where
-+ * the parent process of login (init, telnetd, ...) is responsible
-+ * for calling pam_close_session(). This avoids an extra process for
-+ * each login. Maybe we should do this on Linux too? We let the
-+ * admin configure whether they need to keep login around to close
-+ * sessions.
-+ */
-+ if (getdef_bool ("CLOSE_SESSIONS")) {
-+ signal (SIGINT, SIG_IGN);
-+ child = fork ();
-+ if (child < 0) {
-+ /* error in fork() */
-+ fprintf (stderr,
-+ "login: failure forking: %s",
-+ strerror (errno));
-+ PAM_END;
-+ exit (0);
-+ } else if (child) {
-+ /*
-+ * parent - wait for child to finish, then cleanup
-+ * session
-+ */
-+ wait (NULL);
-+ PAM_END;
-+ exit (0);
-+ }
-+ /* child */
-+ }
-+#endif
- /* We call set_groups() above because this clobbers pam_groups.so */
- #ifndef USE_PAM
- if (setup_uid_gid (&pwent, is_console))
-@@ -1374,41 +1408,6 @@
- signal (SIGTERM, SIG_DFL); /* default terminate signal */
- signal (SIGALRM, SIG_DFL); /* default alarm signal */
- signal (SIGHUP, SIG_DFL); /* added this. --marekm */
--
--#ifdef USE_PAM
-- /*
-- * We must fork before setuid() because we need to call
-- * pam_close_session() as root.
-- *
-- * Note: not true in other (non-Linux) PAM implementations, where
-- * the parent process of login (init, telnetd, ...) is responsible
-- * for calling pam_close_session(). This avoids an extra process for
-- * each login. Maybe we should do this on Linux too? We let the
-- * admin configure whether they need to keep login around to close
-- * sessions.
-- */
-- if (getdef_bool ("CLOSE_SESSIONS")) {
-- signal (SIGINT, SIG_IGN);
-- child = fork ();
-- if (child < 0) {
-- /* error in fork() */
-- fprintf (stderr,
-- "login: failure forking: %s",
-- strerror (errno));
-- PAM_END;
-- exit (0);
-- } else if (child) {
-- /*
-- * parent - wait for child to finish, then cleanup
-- * session
-- */
-- wait (NULL);
-- PAM_END;
-- exit (0);
-- }
-- /* child */
-- }
--#endif
- signal (SIGINT, SIG_DFL); /* default interrupt signal */
-
- endpwent (); /* stop access to password file */
Copied: trunk/debian/patches/355_login_close_session_as_root (from rev 255, trunk/debian/patches/008_login_close_session_as_root)
===================================================================
--- trunk/debian/patches/008_login_close_session_as_root 2005-06-14 07:19:03 UTC (rev 255)
+++ trunk/debian/patches/355_login_close_session_as_root 2005-06-15 17:38:03 UTC (rev 257)
@@ -0,0 +1,104 @@
+Goal: The PAM session needs to be closed as root, thus before change_uid().
+
+Status wrt upstream: Applied upstream (05/06/10, should be present in 4.0.10).
+
+Notes: The changelog reports:
+ * src/login.c: moved usage of setup_uid_gid() when PAM is enabled or
+ pam_groups.so's groups get clobbered
+ (Ben Collins 19 Sep 1999)
+
+ The behaviour of the parent is modified (for example signal handlers).
+ I don't know if this may be a problem.
+
+ The following bugs are also related to this issue:
+ http://bugs.debian.org/53570
+ http://bugs.debian.org/195048
+ http://bugs.debian.org/211884
+
+Index: shadow-4.0.3/src/login.c
+===================================================================
+--- shadow-4.0.3.orig/src/login.c 2005-05-28 19:11:32.274189000 +0200
++++ shadow-4.0.3/src/login.c 2005-05-28 19:11:33.674189000 +0200
+@@ -1273,6 +1273,40 @@
+ login_fbtab (tty, pwent.pw_uid, pwent.pw_gid);
+ #endif
+
++#ifdef USE_PAM
++ /*
++ * We must fork before setuid() because we need to call
++ * pam_close_session() as root.
++ *
++ * Note: not true in other (non-Linux) PAM implementations, where
++ * the parent process of login (init, telnetd, ...) is responsible
++ * for calling pam_close_session(). This avoids an extra process for
++ * each login. Maybe we should do this on Linux too? We let the
++ * admin configure whether they need to keep login around to close
++ * sessions.
++ */
++ if (getdef_bool ("CLOSE_SESSIONS")) {
++ signal (SIGINT, SIG_IGN);
++ child = fork ();
++ if (child < 0) {
++ /* error in fork() */
++ fprintf (stderr,
++ "login: failure forking: %s",
++ strerror (errno));
++ PAM_END;
++ exit (0);
++ } else if (child) {
++ /*
++ * parent - wait for child to finish, then cleanup
++ * session
++ */
++ wait (NULL);
++ PAM_END;
++ exit (0);
++ }
++ /* child */
++ }
++#endif
+ /* We call set_groups() above because this clobbers pam_groups.so */
+ #ifndef USE_PAM
+ if (setup_uid_gid (&pwent, is_console))
+@@ -1374,41 +1408,6 @@
+ signal (SIGTERM, SIG_DFL); /* default terminate signal */
+ signal (SIGALRM, SIG_DFL); /* default alarm signal */
+ signal (SIGHUP, SIG_DFL); /* added this. --marekm */
+-
+-#ifdef USE_PAM
+- /*
+- * We must fork before setuid() because we need to call
+- * pam_close_session() as root.
+- *
+- * Note: not true in other (non-Linux) PAM implementations, where
+- * the parent process of login (init, telnetd, ...) is responsible
+- * for calling pam_close_session(). This avoids an extra process for
+- * each login. Maybe we should do this on Linux too? We let the
+- * admin configure whether they need to keep login around to close
+- * sessions.
+- */
+- if (getdef_bool ("CLOSE_SESSIONS")) {
+- signal (SIGINT, SIG_IGN);
+- child = fork ();
+- if (child < 0) {
+- /* error in fork() */
+- fprintf (stderr,
+- "login: failure forking: %s",
+- strerror (errno));
+- PAM_END;
+- exit (0);
+- } else if (child) {
+- /*
+- * parent - wait for child to finish, then cleanup
+- * session
+- */
+- wait (NULL);
+- PAM_END;
+- exit (0);
+- }
+- /* child */
+- }
+-#endif
+ signal (SIGINT, SIG_DFL); /* default interrupt signal */
+
+ endpwent (); /* stop access to password file */
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-06-15 17:25:24 UTC (rev 256)
+++ trunk/debian/patches/series 2005-06-15 17:38:03 UTC (rev 257)
@@ -38,7 +38,7 @@
008_login_log_failure_in_FTMP
008_login_FAILLOG_ENAB
008_login_cancel_timout_after_authentication
-008_login_close_session_as_root
+355_login_close_session_as_root
347_login_log_pam_user_if_USE_PAM
348_login_PAM_SILENT_if_hushed_login
008_usermod_warn_old_home_not_removed