[Pkg-shadow-commits] r182 - trunk/debian/patches
Nicolas FRANCOIS
pkg-shadow-devel@lists.alioth.debian.org
Sun, 29 May 2005 22:46:51 +0000
Author: nekral-guest
Date: 2005-05-29 22:46:50 +0000 (Sun, 29 May 2005)
New Revision: 182
Added:
trunk/debian/patches/008_su_check_user_earlier
trunk/debian/patches/008_su_get_PAM_username
trunk/debian/patches/008_su_no_sanitize_env
Modified:
trunk/debian/patches/008_src.dpatch
trunk/debian/patches/series
Log:
Extract three more chunks from the 008_src.dpatch patch for src/su.c:
008_su_get_PAM_username
008_su_check_user_earlier
008_su_no_sanitize_env
Modified: trunk/debian/patches/008_src.dpatch
===================================================================
--- trunk/debian/patches/008_src.dpatch 2005-05-29 15:34:20 UTC (rev 181)
+++ trunk/debian/patches/008_src.dpatch 2005-05-29 22:46:50 UTC (rev 182)
@@ -26,8 +26,8 @@
Index: shadow-4.0.3/src/su.c
===================================================================
---- shadow-4.0.3.orig/src/su.c 2005-05-29 15:29:01.741112000 +0200
-+++ shadow-4.0.3/src/su.c 2005-05-29 16:46:20.851112000 +0200
+--- shadow-4.0.3.orig/src/su.c 2005-05-29 17:41:32.531112000 +0200
++++ shadow-4.0.3/src/su.c 2005-05-30 00:18:20.757531000 +0200
@@ -49,6 +49,7 @@
#include <grp.h>
#include <signal.h>
@@ -169,14 +169,7 @@
#ifdef USE_PAM
int ret;
#else /* !USE_PAM */
-@@ -174,12 +278,14 @@
- #endif
- #endif /* !USE_PAM */
-
-- sanitize_env ();
-+ /* sanitize_env (); */
-
- setlocale (LC_ALL, "");
+@@ -180,6 +284,8 @@
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
@@ -185,7 +178,7 @@
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
-@@ -224,15 +330,67 @@
+@@ -224,15 +330,55 @@
* Process the command line arguments.
*/
@@ -228,8 +221,8 @@
- argc--;
- argv++; /* shift ... */
+ ++optind;
- }
-
++ }
++
+ if (optind < argc)
+ strncpy(name, argv[optind++], sizeof(name) - 1);
+ else {
@@ -239,31 +232,18 @@
+ su_failure(tty);
+ }
+ strcpy(name, root_pw->pw_name);
-+ }
-+
+ }
+
+ if (optind < argc)
+ additional_args = argv + optind;
+
-+ /*
-+ * Get the user's real name. The current UID is used to determine
-+ * who has executed su. That user ID must exist.
-+ */
-+
-+ pw = get_my_pwent();
-+ if (!pw) {
-+ SYSLOG((LOG_CRIT, "Unknown UID: %d\n", (int) my_uid));
-+ su_failure(tty);
-+ }
-+ STRFCPY(oldname, pw->pw_name);
-+
/*
* If a new login is being set up, the old environment will be
* ignored and a new one created later on.
-@@ -257,35 +415,6 @@
- addenv (*envp++, NULL);
+@@ -258,23 +404,6 @@
}
-- /*
+ /*
- * The next argument must be either a user ID, or some flag to a
- * subshell. Pretty sticky since you can't have an argument which
- * doesn't start with a "-" unless you specify the new user name.
@@ -281,20 +261,9 @@
- doshell = argc == 0; /* any arguments remaining? */
-
- /*
-- * Get the user's real name. The current UID is used to determine
-- * who has executed su. That user ID must exist.
-- */
--
-- pw = get_my_pwent ();
-- if (!pw) {
-- SYSLOG ((LOG_CRIT, "Unknown UID: %u", my_uid));
-- su_failure (tty);
-- }
-- STRFCPY (oldname, pw->pw_name);
--
- #ifndef USE_PAM
- #ifdef SU_ACCESS
- /*
+ * Get the user's real name. The current UID is used to determine
+ * who has executed su. That user ID must exist.
+ */
@@ -399,9 +528,17 @@
* Set the default shell.
*/
@@ -315,23 +284,8 @@
#ifdef USE_PAM
ret = pam_authenticate (pamh, 0);
if (ret != PAM_SUCCESS) {
-@@ -427,6 +564,14 @@
- su_failure (tty);
- }
+@@ -507,10 +644,14 @@
}
-+ ret = pam_get_item(pamh, PAM_USER, (const void **) &tmp_name);
-+ if (ret != PAM_SUCCESS) {
-+ SYSLOG((LOG_ERR, "pam_get_item: internal PAM error\n"));
-+ fprintf(stderr, "%s: Internal PAM error retrieving username\n", Prog);
-+ pam_end(pamh, ret);
-+ su_failure(tty);
-+ }
-+ strncpy(name, tmp_name, sizeof(name) - 1);
- #else /* !USE_PAM */
- /*
- * Set up a signal handler in case the user types QUIT.
-@@ -507,10 +652,14 @@
- }
#endif
- environ = newenvp; /* make new environment active */
@@ -349,7 +303,7 @@
if (pwent.pw_shell[0] == '*') { /* subsystem root required */
pwent.pw_shell++; /* skip the '*' */
-@@ -573,11 +722,14 @@
+@@ -573,11 +714,14 @@
exit (1);
#endif /* !USE_PAM */
@@ -368,7 +322,7 @@
#endif
/*
-@@ -589,46 +741,6 @@
+@@ -589,46 +733,6 @@
*/
closelog ();
Added: trunk/debian/patches/008_su_check_user_earlier
===================================================================
--- trunk/debian/patches/008_su_check_user_earlier 2005-05-29 15:34:20 UTC (rev 181)
+++ trunk/debian/patches/008_su_check_user_earlier 2005-05-29 22:46:50 UTC (rev 182)
@@ -0,0 +1,53 @@
+
+Notes:
+ * This patch just move a block of code, but I don't see the rationnal
+ for moving it.
+ * Except this piece of code being moved earlier, there is the
+ following (small) differences:
+ + The UID is logged as a signed int (instead of unsigned int, but I don't
+ know why, maybe to fix a compilation warning?)
+ + An end of line is added to the syslog message
+ (anyway, it is optional)
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c 2005-05-30 00:18:20.757531000 +0200
++++ shadow-4.0.3/src/su.c 2005-05-30 00:18:28.867531000 +0200
+@@ -380,6 +380,18 @@
+ additional_args = argv + optind;
+
+ /*
++ * Get the user's real name. The current UID is used to determine
++ * who has executed su. That user ID must exist.
++ */
++
++ pw = get_my_pwent();
++ if (!pw) {
++ SYSLOG((LOG_CRIT, "Unknown UID: %d\n", (int) my_uid));
++ su_failure(tty);
++ }
++ STRFCPY(oldname, pw->pw_name);
++
++ /*
+ * If a new login is being set up, the old environment will be
+ * ignored and a new one created later on.
+ */
+@@ -403,18 +415,6 @@
+ addenv (*envp++, NULL);
+ }
+
+- /*
+- * Get the user's real name. The current UID is used to determine
+- * who has executed su. That user ID must exist.
+- */
+-
+- pw = get_my_pwent ();
+- if (!pw) {
+- SYSLOG ((LOG_CRIT, "Unknown UID: %u", my_uid));
+- su_failure (tty);
+- }
+- STRFCPY (oldname, pw->pw_name);
+-
+ #ifndef USE_PAM
+ #ifdef SU_ACCESS
+ /*
Added: trunk/debian/patches/008_su_get_PAM_username
===================================================================
--- trunk/debian/patches/008_su_get_PAM_username 2005-05-29 15:34:20 UTC (rev 181)
+++ trunk/debian/patches/008_su_get_PAM_username 2005-05-29 22:46:50 UTC (rev 182)
@@ -0,0 +1,26 @@
+Goal: ???
+
+Notes:
+ * It still needs more investigation.
+ I don't know what this patch is used for. IMO, the user name is
+ already known before calling pam_get_item(pamh, PAM_USER, ...)
+
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c 2005-05-29 17:46:18.121112000 +0200
++++ shadow-4.0.3/src/su.c 2005-05-29 17:47:07.311112000 +0200
+@@ -564,6 +564,14 @@
+ su_failure (tty);
+ }
+ }
++ ret = pam_get_item(pamh, PAM_USER, (const void **) &tmp_name);
++ if (ret != PAM_SUCCESS) {
++ SYSLOG((LOG_ERR, "pam_get_item: internal PAM error\n"));
++ fprintf(stderr, "%s: Internal PAM error retrieving username\n", Prog);
++ pam_end(pamh, ret);
++ su_failure(tty);
++ }
++ strncpy(name, tmp_name, sizeof(name) - 1);
+ #else /* !USE_PAM */
+ /*
+ * Set up a signal handler in case the user types QUIT.
Added: trunk/debian/patches/008_su_no_sanitize_env
===================================================================
--- trunk/debian/patches/008_su_no_sanitize_env 2005-05-29 15:34:20 UTC (rev 181)
+++ trunk/debian/patches/008_su_no_sanitize_env 2005-05-29 22:46:50 UTC (rev 182)
@@ -0,0 +1,13 @@
+Index: shadow-4.0.3/src/su.c
+===================================================================
+--- shadow-4.0.3.orig/src/su.c 2005-05-29 23:33:33.107531000 +0200
++++ shadow-4.0.3/src/su.c 2005-05-29 23:34:27.117531000 +0200
+@@ -278,7 +278,7 @@
+ #endif
+ #endif /* !USE_PAM */
+
+- sanitize_env ();
++ /* sanitize_env (); */
+
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-05-29 15:34:20 UTC (rev 181)
+++ trunk/debian/patches/series 2005-05-29 22:46:50 UTC (rev 182)
@@ -5,6 +5,9 @@
005_manpages.dpatch
006_libmisc.dpatch
008_src.dpatch
+008_su_check_user_earlier
+008_su_no_sanitize_env
+008_su_get_PAM_username
008_su_PAM_session
008_su_syslog_old:new
008_login_MAXHOSTNAMELEN