diff options
Diffstat (limited to 'krb5-1.11-pam.patch')
-rw-r--r-- | krb5-1.11-pam.patch | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/krb5-1.11-pam.patch b/krb5-1.11-pam.patch index 9e1d516..55c3ddf 100644 --- a/krb5-1.11-pam.patch +++ b/krb5-1.11-pam.patch @@ -9,8 +9,7 @@ section of /etc/krb5.conf. When enabled, ksu gains a dependency on libpam. Originally RT#5939, though it's changed since then to perform the account -and session management before dropping privileges, and to apply on top of -changes we're proposing for how it handles cache collections. +and session management before dropping privileges. diff -up krb5-1.8/src/aclocal.m4.pam krb5-1.8/src/aclocal.m4 --- krb5-1.8/src/aclocal.m4.pam 2009-11-22 12:00:45.000000000 -0500 @@ -96,7 +95,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c +#include "autoconf.h" #include "ksu.h" #include "adm_proto.h" - #include "../../lib/krb5/os/os-proto.h" + #include <sys/types.h> @@ -33,6 +34,10 @@ #include <signal.h> #include <grp.h> @@ -126,13 +125,13 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c + NULL, source_user, + ttyname(STDERR_FILENO)) != 0) { + fprintf(stderr, "Access denied for %s.\n", target_user); -+ sweep_up(ksu_context, cc_tmp); ++ sweep_up(ksu_context, cc_target); + exit(1); + } + if (appl_pam_requires_chauthtok()) { + fprintf(stderr, "Password change required for %s.\n", + target_user); -+ sweep_up(ksu_context, cc_tmp); ++ sweep_up(ksu_context, cc_target); + exit(1); + } + force_fork++; @@ -143,7 +142,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c if (krb5_seteuid(target_uid)) { com_err(prog_name, errno, _("while switching to target for " @@ -651,6 +676,26 @@ - sweep_up(ksu_context, cc_tmp); + sweep_up(ksu_context, cc_target); exit(1); } +#ifdef USE_PAM @@ -154,13 +153,13 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c + NULL, source_user, + ttyname(STDERR_FILENO)) != 0) { + fprintf(stderr, "Access denied for %s.\n", target_user); -+ sweep_up(ksu_context, cc_tmp); ++ sweep_up(ksu_context, cc_target); + exit(1); + } + if (appl_pam_requires_chauthtok()) { + fprintf(stderr, "Password change required for %s.\n", + target_user); -+ sweep_up(ksu_context, cc_tmp); ++ sweep_up(ksu_context, cc_target); + exit(1); + } + force_fork++; @@ -177,7 +176,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c + if (appl_pam_enabled(ksu_context, "ksu")) { + if (appl_pam_session_open() != 0) { + fprintf(stderr, "Error opening session for %s.\n", target_user); -+ sweep_up(ksu_context, cc_tmp); ++ sweep_up(ksu_context, cc_target); + exit(1); + } +#ifdef DEBUG @@ -188,7 +187,7 @@ diff -up krb5-1.8/src/clients/ksu/main.c.pam krb5-1.8/src/clients/ksu/main.c + if (appl_pam_cred_init()) { + fprintf(stderr, "Error initializing credentials for %s.\n", + target_user); -+ sweep_up(ksu_context, cc_tmp); ++ sweep_up(ksu_context, cc_target); + exit(1); + } +#ifdef DEBUG |