Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 41526 Details for
Bug 24213
sys-auth/pam_mount (new ebuild)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for smbpwman support
smbpwman.patch (text/plain), 5.85 KB, created by
chris-gentoo
on 2004-10-11 02:34:49 UTC
(
hide
)
Description:
Patch for smbpwman support
Filename:
MIME Type:
Creator:
chris-gentoo
Created:
2004-10-11 02:34:49 UTC
Size:
5.85 KB
patch
obsolete
>diff -ur pam_mount-0.9.20.orig/src/Makefile.in pam_mount-0.9.20/src/Makefile.in >--- pam_mount-0.9.20.orig/src/Makefile.in 2004-07-23 23:51:16.000000000 +1000 >+++ pam_mount-0.9.20/src/Makefile.in 2004-08-30 13:44:58.000000000 +1000 >@@ -242,8 +242,8 @@ > # ../include-fmt_ptrn should contain libfmt_ptrn's headers for use if > # -lfmt_ptrn does not exist. > @SYSTEM_LIBFMT_PTRN_TRUE@pam_mount_la_SOURCES = misc.c pam_mount.c readconfig.c dotconf.c mount.c optlist.c >-@SYSTEM_LIBFMT_PTRN_FALSE@pam_mount_la_LDFLAGS = -module -avoid-version -lz $(GLIB_LIBS) >-@SYSTEM_LIBFMT_PTRN_TRUE@pam_mount_la_LDFLAGS = -module -avoid-version -lfmt_ptrn -ltemplate -lz $(GLIB_LIBS) >+@SYSTEM_LIBFMT_PTRN_FALSE@pam_mount_la_LDFLAGS = -module -avoid-version -lsmbpwman -lz $(GLIB_LIBS) >+@SYSTEM_LIBFMT_PTRN_TRUE@pam_mount_la_LDFLAGS = -module -avoid-version -lfmt_ptrn -ltemplate -lsmbpwman -lz $(GLIB_LIBS) > > # FIXME: misc.c needs to be compiled both with and without libtool > pmvarrun_SOURCES = pmvarrun.c misc-nolibtool.c fmt_ptrn-nolibtool.c modifiers-nolibtool.c common-nolibtool.c buffer-nolibtool.c template-nolibtool.c pair-nolibtool.c >diff -ur pam_mount-0.9.20.orig/src/pam_mount.c pam_mount-0.9.20/src/pam_mount.c >--- pam_mount-0.9.20.orig/src/pam_mount.c 2004-06-23 12:45:26.000000000 +1000 >+++ pam_mount-0.9.20/src/pam_mount.c 2004-08-30 12:17:15.000000000 +1000 >@@ -41,6 +41,8 @@ > #include <security/pam_modules.h> > #include <pam_mount.h> > >+#include <smbpwman/smbpw.h> >+ > gboolean debug; > config_t config; > pam_args_t args; >@@ -76,12 +78,10 @@ > void clean_system_authtok(pam_handle_t * pamh, void *data, int errcode) > { > /* FIXME: not binary password safe */ >-/* FIXME: valgrind does not like -- called previously? > if (data) { > memset(data, 0x00, strlen(data)); > free(data); > } >-*/ > } > > /* ============================ converse () ================================ */ >@@ -162,7 +211,7 @@ > const void *tmp = NULL; > const char *pam_user = NULL; >+ const void *dummy = NULL; >+ void *dummy2 = NULL; >- >- assert(pamh); > > initconfig(&config); > parse_pam_args(argc, argv); >@@ -211,18 +210,25 @@ > ret = PAM_AUTH_ERR; > goto _return; > } >- if ((ret = >- pam_set_data(pamh, "pam_mount_system_authtok", authtok, >- clean_system_authtok)) != PAM_SUCCESS) { >- l0g("pam_mount: %s\n", >- "error trying to save authtok for session code"); >+ if (smbpw_verify_socket_path(SOCKET_NAME) < 0) { >+ l0g("pam_mount: smbpwman socket path %s is insecure", >+ SOCKET_NAME); >+ ret = PAM_AUTH_ERR; > goto _return; > } >+ if ((ret = smbpw_store(config.user, authtok)) < 0) { >+ l0g("pam_mount: error %i caching password", ret); >+ ret = PAM_AUTH_ERR; >+ goto _return; >+ } >+ /*ensure smbpw_store is called the same >+ number of times as smbpw_retrieve so no >+ credentials are left lying around */ >+ if ((pam_get_data(pamh, "pam_mount_pw_stored", &dummy)) == PAM_SUCCESS) { >+ authtok = smbpw_retrieve(config.user); >+ } >+ pam_set_data(pamh, "pam_mount_pw_stored", dummy2, NULL); > _return: >- assert(ret != PAM_SUCCESS >- || pam_get_data(pamh, "pam_mount_system_authtok", >- &tmp) == PAM_SUCCESS); >- assert(ret != PAM_SUCCESS || tmp); > > return ret; > } >@@ -305,6 +306,7 @@ > int vol; > int ret = PAM_SUCCESS; > char *system_authtok; >+ const char *pam_user; > > assert(pamh); > >@@ -313,22 +315,27 @@ > if (chdir("/")) > l0g("pam_mount %s\n", "could not chdir"); > if (config.user == NULL) { >- l0g("pam_mount: username not read: pam_mount not conf. for auth?\n"); >- /* do NOT return PAM_SERVICE_ERR or root will not be able >- * to su to other users */ >- goto _return; >+ /* If config.user is not stored, try reading it as the >+ authenticate and open_session may have been called in different >+ processes (eg openssh) */ >+ if ((ret = pam_get_user(pamh, &pam_user, NULL)) != PAM_SUCCESS) >+ { >+ l0g("pam_mount: username not read and couldn't be fetched: pam_mount not conf. for auth?\n"); >+ /* do NOT return PAM_SERVICE_ERR or root will not >+ * be able to su to other users */ >+ goto _return; >+ } >+ config.user=strdup(pam_user); > } > if (strlen(config.user) > MAX_PAR) { > l0g("pam_mount: username %s is too long\n", config.user); > ret = PAM_SERVICE_ERR; > goto _return; > } >- if ((ret = >- pam_get_data(pamh, "pam_mount_system_authtok", >- (const void **) &system_authtok)) != PAM_SUCCESS) >+ if (!(system_authtok = smbpw_retrieve(config.user))) > { > l0g("pam_mount: %s\n", >- "error trying to retrieve authtok from auth code"); >+ "error trying to retrieve authtok from smbpwman cache"); > goto _return; > } > if (!readconfig(config.user, CONFIGFILE, 1, &config)) { >@@ -379,13 +386,13 @@ > config.volume[vol].volume); > } > /* end root priv. */ >- /* Paranoia? */ >- clean_system_authtok(pamh, system_authtok, 0); > /* This code needs root priv. */ > modify_pm_count(&config, config.user, "1"); > /* end root priv. */ > > _return: >+ /* Paranoia? */ >+ clean_system_authtok(pamh, system_authtok, 0); > w4rn("pam_mount: done opening session\n"); > return ret; > } >@@ -412,6 +419,7 @@ > int vol; > /* FIXME: this currently always returns PAM_SUCCESS should return something else when errors occur but only after all unmounts are attempted??? */ > int ret = PAM_SUCCESS; >+ const char *pam_user; > > assert(pamh); > >@@ -419,10 +427,14 @@ > w4rn("pam_mount: real and effective user ID are %d and %d.\n", > getuid(), geteuid()); > if (config.user == NULL) { >- l0g("pam_mount: username not read: pam_mount not conf. for auth?\n"); >- /* do NOT return PAM_SERVICE_ERR or root will not be able >- * to su to other users */ >- goto _return; >+ if ((ret = pam_get_user(pamh, &pam_user, NULL)) != PAM_SUCCESS) >+ { >+ l0g("pam_mount: username not read and couldn't be fetched: pam_mount not conf. for auth?\n"); >+ /* do NOT return PAM_SERVICE_ERR or root will not >+ * be able to su to other users */ >+ goto _return; >+ } >+ config.user=strdup(pam_user); > } > if (config.volcount <= 0) > w4rn("pam_mount: %s\n", "volcount is zero");
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 24213
:
21301
|
22230
|
22231
|
22232
|
24578
|
33293
|
37524
|
41525
|
41526
|
48462
|
48463
|
48486
|
49305
|
51530
|
51582
|
57980
|
64090
|
75487
|
75599
|
75777
|
75904
|
78138
|
78170
|
78181
|
78182
|
84836
|
91625
|
91626
|
93975
|
93976
|
95798
|
95800
|
112458
|
112460
|
115329