diff options
| author | Robbie Harwood <rharwood@redhat.com> | 2016-09-19 23:49:29 +0000 |
|---|---|---|
| committer | Robbie Harwood <rharwood@redhat.com> | 2016-09-19 23:49:31 +0000 |
| commit | 14f028579db3f19c38efec9e683e4837ddb860b7 (patch) | |
| tree | 2e148374ec51cdd9486ca1786dd7e8977da7ad82 /krb5-1.12.1-pam.patch | |
| parent | 4f5955da728b5fb86fb88f094a11add78ce93aef (diff) | |
| download | krb5-14f028579db3f19c38efec9e683e4837ddb860b7.tar.gz krb5-14f028579db3f19c38efec9e683e4837ddb860b7.tar.xz krb5-14f028579db3f19c38efec9e683e4837ddb860b7.zip | |
New upstream release and integrate with external git
Diffstat (limited to 'krb5-1.12.1-pam.patch')
| -rw-r--r-- | krb5-1.12.1-pam.patch | 144 |
1 files changed, 85 insertions, 59 deletions
diff --git a/krb5-1.12.1-pam.patch b/krb5-1.12.1-pam.patch index 5a8e65e..39d296d 100644 --- a/krb5-1.12.1-pam.patch +++ b/krb5-1.12.1-pam.patch @@ -1,3 +1,8 @@ +From 74b07bf5a3c73f2d46ddfa4a03baa76b19ee1681 Mon Sep 17 00:00:00 2001 +From: Robbie Harwood <rharwood@redhat.com> +Date: Tue, 23 Aug 2016 16:29:58 -0400 +Subject: [PATCH 01/19] krb5-1.12.1-pam.patch + Modify ksu so that it performs account and session management on behalf of the target user account, mimicking the action of regular su. The default service name is "ksu", because on Fedora at least the configuration used @@ -11,11 +16,22 @@ When enabled, ksu gains a dependency on libpam. Originally RT#5939, though it's changed since then to perform the account and session management before dropping privileges, and to apply on top of changes we're proposing for how it handles cache collections. +--- + src/aclocal.m4 | 67 ++++++++ + src/clients/ksu/Makefile.in | 8 +- + src/clients/ksu/main.c | 88 +++++++++- + src/clients/ksu/pam.c | 389 ++++++++++++++++++++++++++++++++++++++++++++ + src/clients/ksu/pam.h | 57 +++++++ + src/configure.in | 2 + + 6 files changed, 608 insertions(+), 3 deletions(-) + create mode 100644 src/clients/ksu/pam.c + create mode 100644 src/clients/ksu/pam.h -diff -up krb5/src/aclocal.m4.pam krb5/src/aclocal.m4 ---- krb5/src/aclocal.m4.pam 2009-11-22 12:00:45.000000000 -0500 -+++ krb5/src/aclocal.m4 2010-03-05 10:48:08.000000000 -0500 -@@ -1703,3 +1703,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[ +diff --git a/src/aclocal.m4 b/src/aclocal.m4 +index dbb7db2..ce045ab 100644 +--- a/src/aclocal.m4 ++++ b/src/aclocal.m4 +@@ -1672,3 +1672,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[ ])) ])dnl dnl @@ -86,9 +102,48 @@ diff -up krb5/src/aclocal.m4.pam krb5/src/aclocal.m4 +AC_SUBST(PAM_MAN) +AC_SUBST(NON_PAM_MAN) +])dnl -diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c ---- krb5/src/clients/ksu/main.c.pam 2009-11-02 22:27:56.000000000 -0500 -+++ krb5/src/clients/ksu/main.c 2010-03-05 10:48:08.000000000 -0500 +diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in +index c705fda..ad2406a 100644 +--- a/src/clients/ksu/Makefile.in ++++ b/src/clients/ksu/Makefile.in +@@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S).. + DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' + + KSU_LIBS=@KSU_LIBS@ ++PAM_LIBS=@PAM_LIBS@ + + SRCS = \ + $(srcdir)/krb_auth_su.c \ + $(srcdir)/ccache.c \ + $(srcdir)/authorization.c \ + $(srcdir)/main.c \ ++ $(srcdir)/pam.c \ + $(srcdir)/heuristic.c \ + $(srcdir)/xmalloc.c \ + $(srcdir)/setenv.c +@@ -17,13 +19,17 @@ OBJS = \ + ccache.o \ + authorization.o \ + main.o \ ++ pam.o \ + heuristic.o \ + xmalloc.o @SETENVOBJ@ + + all:: ksu + + ksu: $(OBJS) $(KRB5_BASE_DEPLIBS) +- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) ++ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS) ++ ++pam.o: pam.c ++ $(CC) $(ALL_CFLAGS) -c $< + + clean:: + $(RM) ksu +diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c +index 2f8d8e1..1b2ca83 100644 +--- a/src/clients/ksu/main.c ++++ b/src/clients/ksu/main.c @@ -26,6 +26,7 @@ * KSU was writen by: Ari Medvinsky, ari@isi.edu */ @@ -116,7 +171,7 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c /***********/ #define KS_TEMPORARY_CACHE "MEMORY:_ksu" -@@ -586,6 +592,23 @@ main (argc, argv) +@@ -514,6 +520,23 @@ main (argc, argv) prog_name,target_user,client_name, source_user,ontty()); @@ -140,7 +195,7 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c /* Run authorization as target.*/ if (krb5_seteuid(target_uid)) { com_err(prog_name, errno, _("while switching to target for " -@@ -651,6 +676,24 @@ +@@ -574,6 +597,24 @@ main (argc, argv) exit(1); } @@ -165,7 +220,7 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c } if( some_rest_copy){ -@@ -720,6 +745,30 @@ +@@ -631,6 +672,30 @@ main (argc, argv) exit(1); } @@ -196,7 +251,7 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c /* set permissions */ if (setgid(target_pwd->pw_gid) < 0) { perror("ksu: setgid"); -@@ -792,7 +817,7 @@ main (argc, argv) +@@ -728,7 +793,7 @@ main (argc, argv) fprintf(stderr, "program to be execed %s\n",params[0]); } @@ -205,7 +260,7 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c execv(params[0], params); com_err(prog_name, errno, _("while trying to execv %s"), params[0]); sweep_up(ksu_context, cc_target); -@@ -823,16 +875,35 @@ main (argc, argv) +@@ -758,16 +823,35 @@ main (argc, argv) if (ret_pid == -1) { com_err(prog_name, errno, _("while calling waitpid")); } @@ -242,46 +297,11 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c exit (1); } } -diff -up krb5/src/clients/ksu/Makefile.in.pam krb5/src/clients/ksu/Makefile.in ---- krb5/src/clients/ksu/Makefile.in.pam 2009-11-22 13:13:29.000000000 -0500 -+++ krb5/src/clients/ksu/Makefile.in 2010-03-05 11:55:14.000000000 -0500 -@@ -7,12 +7,14 @@ - DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' - - KSU_LIBS=@KSU_LIBS@ -+PAM_LIBS=@PAM_LIBS@ - - SRCS = \ - $(srcdir)/krb_auth_su.c \ - $(srcdir)/ccache.c \ - $(srcdir)/authorization.c \ - $(srcdir)/main.c \ -+ $(srcdir)/pam.c \ - $(srcdir)/heuristic.c \ - $(srcdir)/xmalloc.c \ - $(srcdir)/setenv.c -@@ -21,13 +23,17 @@ OBJS = \ - ccache.o \ - authorization.o \ - main.o \ -+ pam.o \ - heuristic.o \ - xmalloc.o @SETENVOBJ@ - - all:: ksu - - ksu: $(OBJS) $(KRB5_BASE_DEPLIBS) -- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) -+ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS) -+ -+pam.o: pam.c -+ $(CC) $(ALL_CFLAGS) -c $< - - clean:: - $(RM) ksu -diff -up krb5/src/clients/ksu/pam.c.pam krb5/src/clients/ksu/pam.c ---- krb5/src/clients/ksu/pam.c.pam 2010-03-05 10:48:08.000000000 -0500 -+++ krb5/src/clients/ksu/pam.c 2010-03-05 10:48:08.000000000 -0500 +diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c +new file mode 100644 +index 0000000..cbfe487 +--- /dev/null ++++ b/src/clients/ksu/pam.c @@ -0,0 +1,389 @@ +/* + * src/clients/ksu/pam.c @@ -672,9 +692,11 @@ diff -up krb5/src/clients/ksu/pam.c.pam krb5/src/clients/ksu/pam.c + return ret; +} +#endif -diff -up krb5/src/clients/ksu/pam.h.pam krb5/src/clients/ksu/pam.h ---- krb5/src/clients/ksu/pam.h.pam 2010-03-05 10:48:08.000000000 -0500 -+++ krb5/src/clients/ksu/pam.h 2010-03-05 10:48:08.000000000 -0500 +diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h +new file mode 100644 +index 0000000..0ab7656 +--- /dev/null ++++ b/src/clients/ksu/pam.h @@ -0,0 +1,57 @@ +/* + * src/clients/ksu/pam.h @@ -733,10 +755,11 @@ diff -up krb5/src/clients/ksu/pam.h.pam krb5/src/clients/ksu/pam.h +int appl_pam_cred_init(void); +void appl_pam_cleanup(void); +#endif -diff -up krb5/src/configure.in.pam krb5/src/configure.in ---- krb5/src/configure.in.pam 2009-12-31 18:13:56.000000000 -0500 -+++ krb5/src/configure.in 2010-03-05 10:48:08.000000000 -0500 -@@ -1051,6 +1051,8 @@ if test "$ac_cv_lib_socket" = "yes" -a " +diff --git a/src/configure.in b/src/configure.in +index b2a8675..8846ca0 100644 +--- a/src/configure.in ++++ b/src/configure.in +@@ -1327,6 +1327,8 @@ AC_SUBST([VERTO_VERSION]) AC_PATH_PROG(GROFF, groff) @@ -745,3 +768,6 @@ diff -up krb5/src/configure.in.pam krb5/src/configure.in # Make localedir work in autoconf 2.5x. if test "${localedir+set}" != set; then localedir='$(datadir)/locale' +-- +2.9.3 + |