Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch')
-rw-r--r--sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch210
1 files changed, 0 insertions, 210 deletions
diff --git a/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch b/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch
deleted file mode 100644
index 3bdeb9795401..000000000000
--- a/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch
+++ /dev/null
@@ -1,210 +0,0 @@
---- shadow-4.0.3/src/su.c.orig 2002-10-20 16:43:21.000000000 +0200
-+++ shadow-4.0.3/src/su.c 2002-10-20 16:50:57.000000000 +0200
-@@ -134,6 +134,108 @@
- exit (1);
- }
-
-+#ifdef USE_PAM
-+static int caught=0;
-+
-+/* Signal handler for parent process later */
-+static void su_catch_sig(int sig)
-+{
-+ ++caught;
-+}
-+
-+/* This I ripped out of su.c from sh-utils after the Mandrake pam patch
-+ * have been applied. Some work was needed to get it integrated into
-+ * su.c from shadow.
-+ */
-+static void run_shell (const char *shellstr, char *args[], int doshell)
-+{
-+ int child;
-+ sigset_t ourset;
-+ int status;
-+ int ret;
-+
-+ child = fork();
-+ if (child == 0) { /* child shell */
-+ pam_end (pamh, PAM_SUCCESS);
-+
-+ if (doshell)
-+ shell (shellstr, (char *) args[0]);
-+ else
-+ (void) execv (shellstr, (char **) args);
-+ {
-+ int exit_status = (errno == ENOENT ? 127 : 126);
-+ exit (exit_status);
-+ }
-+ } else if (child == -1) {
-+ (void) fprintf(stderr, "%s: Cannot fork user shell\n", Prog);
-+ SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell));
-+ closelog ();
-+ exit(1);
-+ }
-+ /* parent only */
-+ sigfillset(&ourset);
-+ if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
-+ (void) fprintf(stderr, "%s: signal malfunction\n", Prog);
-+ caught = 1;
-+ }
-+ if (!caught) {
-+ struct sigaction action;
-+ action.sa_handler = su_catch_sig;
-+ sigemptyset(&action.sa_mask);
-+ action.sa_flags = 0;
-+ sigemptyset(&ourset);
-+
-+ if (sigaddset(&ourset, SIGTERM)
-+ || sigaddset(&ourset, SIGALRM)
-+ || sigaction(SIGTERM, &action, NULL)
-+ || sigprocmask(SIG_UNBLOCK, &ourset, NULL)
-+ ) {
-+ fprintf(stderr, "%s: signal masking malfunction\n", Prog);
-+ caught = 1;
-+ }
-+ }
-+
-+ if (!caught) {
-+ do {
-+ int pid;
-+
-+ pid = waitpid(-1, &status, WUNTRACED);
-+
-+ if (WIFSTOPPED(status)) {
-+ kill(getpid(), SIGSTOP);
-+ /* once we get here, we must have resumed */
-+ kill(pid, SIGCONT);
-+ }
-+ } while (WIFSTOPPED(status));
-+ }
-+
-+ if (caught) {
-+ fprintf(stderr, "\nSession terminated, killing shell...");
-+ kill (child, SIGTERM);
-+ }
-+
-+ ret = pam_close_session(pamh, 0);
-+ if (ret != PAM_SUCCESS) {
-+ SYSLOG ((LOG_ERR, "pam_close_session: %s",
-+ pam_strerror (pamh, ret)));
-+ fprintf (stderr, "%s: %s\n", Prog,
-+ pam_strerror (pamh, ret));
-+ pam_end (pamh, ret);
-+ exit (1);
-+ }
-+
-+ ret = pam_end(pamh, PAM_SUCCESS);
-+
-+ if (caught) {
-+ sleep(2);
-+ kill(child, SIGKILL);
-+ fprintf(stderr, " ...killed.\n");
-+ exit(-1);
-+ }
-+
-+ exit (WEXITSTATUS(status));
-+}
-+#endif
-
- /*
- * su - switch user id
-@@ -152,6 +254,7 @@
- int main (int argc, char **argv)
- {
- char *cp;
-+ char **envcp;
- const char *tty = 0; /* Name of tty SU is run from */
- int doshell = 0;
- int fakelogin = 0;
-@@ -252,6 +355,14 @@
- */
- if ((cp = getenv ("TERM")))
- addenv ("TERM", cp);
-+ /*
-+ * Also leave DISPLAY and XAUTHORITY if present, else
-+ * pam_xauth will not work.
-+ */
-+ if ((cp = getenv ("DISPLAY")))
-+ addenv ("DISPLAY", cp);
-+ if ((cp = getenv ("XAUTHORITY")))
-+ addenv ("XAUTHORITY", cp);
- } else {
- while (*envp)
- addenv (*envp++, NULL);
-@@ -507,7 +618,10 @@
- }
- #endif
-
-+/* setup the environment for pam later on, else we run into auth problems */
-+#ifndef USE_PAM
- environ = newenvp; /* make new environment active */
-+#endif
-
- if (getenv ("IFS")) /* don't export user IFS ... */
- addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
-@@ -555,6 +669,31 @@
- exit (1);
- }
-
-+ ret = pam_open_session (pamh, 0);
-+ if (ret != PAM_SUCCESS) {
-+ SYSLOG ((LOG_ERR, "pam_open_session: %s",
-+ pam_strerror (pamh, ret)));
-+ fprintf (stderr, "%s: %s\n", Prog,
-+ pam_strerror (pamh, ret));
-+ pam_end (pamh, ret);
-+ exit (1);
-+ }
-+
-+ /* we need to setup the environment *after* pam_open_session(),
-+ * else the UID is changed before stuff like pam_xauth could
-+ * run, and we cannot access /etc/shadow and co
-+ */
-+ environ = newenvp; /* make new environment active */
-+
-+ /* update environment with all pam set variables */
-+ envcp = pam_getenvlist(pamh);
-+ if(envcp) {
-+ while(*envcp) {
-+ putenv(*envcp);
-+ envcp++;
-+ }
-+ }
-+
- /* become the new user */
- if (change_uid (&pwent)) {
- pam_setcred (pamh, PAM_DELETE_CRED);
-@@ -562,9 +701,6 @@
- exit (1);
- }
-
-- /* now we are done using PAM */
-- pam_end (pamh, PAM_SUCCESS);
--
- #else /* !USE_PAM */
- if (!amroot) /* no limits if su from root */
- setup_limits (&pwent);
-@@ -622,13 +758,21 @@
- */
-
- argv[-1] = pwent.pw_shell;
-+#ifndef USE_PAM
- (void) execv (pwent.pw_shell, &argv[-1]);
-+#else
-+ run_shell (pwent.pw_shell, &argv[-1], 0);
-+#endif
- (void) fprintf (stderr, _("No shell\n"));
- SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell));
- closelog ();
- exit (1);
- }
-
-+#ifndef USE_PAM
- shell (pwent.pw_shell, cp);
-+#else
-+ run_shell (pwent.pw_shell, &cp, 1);
-+#endif
- /* NOT REACHED */
- exit (1);
- }