diff options
author | Nalin Dahyabhai <nalin@redhat.com> | 2014-08-15 13:55:48 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@redhat.com> | 2014-08-15 14:00:14 -0400 |
commit | c042f71c80c2a49c6d62bfceff303faeb7e742e1 (patch) | |
tree | 7425132ed7327191c57eceefda711630c048607b /krb5-1.12.1-pam.patch | |
parent | b324000e349de047b55813b2a634a0b9029e610d (diff) | |
download | krb5-c042f71c80c2a49c6d62bfceff303faeb7e742e1.tar.gz krb5-c042f71c80c2a49c6d62bfceff303faeb7e742e1.tar.xz krb5-c042f71c80c2a49c6d62bfceff303faeb7e742e1.zip |
Update collection cache patch set for ksu
- replace older proposed changes for ksu with backports of the changes
after review and merging upstream (#1015559, #1026099, #1118347)
Diffstat (limited to 'krb5-1.12.1-pam.patch')
-rw-r--r-- | krb5-1.12.1-pam.patch | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/krb5-1.12.1-pam.patch b/krb5-1.12.1-pam.patch index 3bcdb34..5a8e65e 100644 --- a/krb5-1.12.1-pam.patch +++ b/krb5-1.12.1-pam.patch @@ -96,7 +96,7 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c +#include "autoconf.h" #include "ksu.h" #include "adm_proto.h" - #include "../../lib/krb5/os/os-proto.h" + #include <sys/types.h> @@ -33,6 +34,10 @@ #include <signal.h> #include <grp.h> @@ -115,8 +115,8 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c +int force_fork = 0; /***********/ - #define _DEF_CSH "/bin/csh" -@@ -586,6 +592,25 @@ main (argc, argv) + #define KS_TEMPORARY_CACHE "MEMORY:_ksu" +@@ -586,6 +592,23 @@ main (argc, argv) prog_name,target_user,client_name, source_user,ontty()); @@ -126,13 +126,11 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c + NULL, source_user, + ttyname(STDERR_FILENO)) != 0) { + fprintf(stderr, "Access denied for %s.\n", target_user); -+ sweep_up(ksu_context, cc_tmp); + exit(1); + } + if (appl_pam_requires_chauthtok()) { + fprintf(stderr, "Password change required for %s.\n", + target_user); -+ sweep_up(ksu_context, cc_tmp); + exit(1); + } + force_fork++; @@ -142,8 +140,8 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c /* Run authorization as target.*/ if (krb5_seteuid(target_uid)) { com_err(prog_name, errno, _("while switching to target for " -@@ -651,6 +676,26 @@ - sweep_up(ksu_context, cc_tmp); +@@ -651,6 +676,24 @@ + exit(1); } +#ifdef USE_PAM @@ -154,13 +152,11 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c + NULL, source_user, + ttyname(STDERR_FILENO)) != 0) { + fprintf(stderr, "Access denied for %s.\n", target_user); -+ sweep_up(ksu_context, cc_tmp); + exit(1); + } + if (appl_pam_requires_chauthtok()) { + fprintf(stderr, "Password change required for %s.\n", + target_user); -+ sweep_up(ksu_context, cc_tmp); + exit(1); + } + force_fork++; @@ -169,7 +165,7 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c } if( some_rest_copy){ -@@ -720,6 +745,32 @@ +@@ -720,6 +745,30 @@ exit(1); } @@ -177,7 +173,6 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c + if (appl_pam_enabled(ksu_context, "ksu")) { + if (appl_pam_session_open() != 0) { + fprintf(stderr, "Error opening session for %s.\n", target_user); -+ sweep_up(ksu_context, cc_tmp); + exit(1); + } +#ifdef DEBUG @@ -188,7 +183,6 @@ diff -up krb5/src/clients/ksu/main.c.pam krb5/src/clients/ksu/main.c + if (appl_pam_cred_init()) { + fprintf(stderr, "Error initializing credentials for %s.\n", + target_user); -+ sweep_up(ksu_context, cc_tmp); + exit(1); + } +#ifdef DEBUG |