[Pkg-shadow-commits] r1154 - in branches/etch/debian: . patches
Nicolas FRANCOIS
nekral-guest at alioth.debian.org
Sun Feb 25 16:41:59 CET 2007
Author: nekral-guest
Date: 2007-02-25 16:41:58 +0100 (Sun, 25 Feb 2007)
New Revision: 1154
Added:
branches/etch/debian/patches/405_su_no_pam_end_before_exec
Modified:
branches/etch/debian/changelog
branches/etch/debian/patches/series
Log:
Avoid terminating the PAM library in the forked child. This is done later
in the parent after closing the PAM session. With pam_krb5, this allow
users to reuse the cached credential in the forked shell. Closes: #412061
Modified: branches/etch/debian/changelog
===================================================================
--- branches/etch/debian/changelog 2007-02-24 15:21:57 UTC (rev 1153)
+++ branches/etch/debian/changelog 2007-02-25 15:41:58 UTC (rev 1154)
@@ -3,6 +3,11 @@
* The "Pélardon" release
* Upstream bugs fixed upstream:
- 104_man-sv: Recode Swedish manpages to ISO-8859-1. Closes: #403210
+ * Upstream bugs or fixes not yet fixed in upstream releases or CVS:
+ - 405_su_no_pam_end_before_exec: Avoid terminating the PAM library in the
+ forked child. This is done later in the parent after closing the PAM
+ session. With pam_krb5, this allow users to reuse the cached credential
+ in the forked shell. Closes: #412061
-- Christian Perrier <bubulle at debian.org> Fri, 15 Dec 2006 18:38:33 +0100
Added: branches/etch/debian/patches/405_su_no_pam_end_before_exec
===================================================================
--- branches/etch/debian/patches/405_su_no_pam_end_before_exec 2007-02-24 15:21:57 UTC (rev 1153)
+++ branches/etch/debian/patches/405_su_no_pam_end_before_exec 2007-02-25 15:41:58 UTC (rev 1154)
@@ -0,0 +1,29 @@
+Goal: Avoid terminating the PAM library in the forked child. This is done
+ later in the parent after closing the PAM session.
+
+Note: OR'ing the status with PAM_DATA_SILENT should be sufficient, but it
+is not supported by some modules, and the pam_end is not strictly needed
+anyway.
+
+Fixes: #412061
+
+Status wrt upstream: not reported yet.
+
+Index: shadow-4.0.18.1/src/su.c
+===================================================================
+--- shadow-4.0.18.1.orig/src/su.c 2007-02-25 14:22:54.000000000 +0100
++++ shadow-4.0.18.1/src/su.c 2007-02-25 14:29:01.000000000 +0100
+@@ -197,7 +197,12 @@
+
+ child = fork ();
+ if (child == 0) { /* child shell */
+- pam_end (pamh, PAM_SUCCESS);
++ /*
++ * PAM_DATA_SILENT is not supported by some modules, and
++ * there is no strong need to clean up the process space's
++ * memory since we will either call exec or exit.
++ pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
++ */
+
+ if (doshell)
+ (void) shell (shellstr, (char *) args[0], envp);
Modified: branches/etch/debian/patches/series
===================================================================
--- branches/etch/debian/patches/series 2007-02-24 15:21:57 UTC (rev 1153)
+++ branches/etch/debian/patches/series 2007-02-25 15:41:58 UTC (rev 1154)
@@ -46,3 +46,4 @@
404_man-fr
103_man-de
104_man-sv
+405_su_no_pam_end_before_exec
More information about the Pkg-shadow-commits
mailing list