|
 |
bd38e4 |
diff -up at-3.1.13/at.c.pam at-3.1.13/at.c
|
|
|
bd38e4 |
--- at-3.1.13/at.c.pam 2012-04-19 16:50:57.491000001 +0200
|
|
|
bd38e4 |
+++ at-3.1.13/at.c 2012-04-19 16:50:57.505000001 +0200
|
|
|
bd38e4 |
@@ -141,18 +141,13 @@ sigc(int signo)
|
|
|
bd38e4 |
/* If the user presses ^C, remove the spool file and exit
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
if (fcreated) {
|
|
|
bd38e4 |
- /*
|
|
|
bd38e4 |
PRIV_START
|
|
|
bd38e4 |
-
|
|
|
bd38e4 |
+ /*
|
|
|
bd38e4 |
We need the unprivileged uid here since the file is owned by the real
|
|
|
bd38e4 |
(not effective) uid.
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
- setregid(real_gid, effective_gid);
|
|
|
bd38e4 |
- unlink(atfile);
|
|
|
bd38e4 |
- setregid(effective_gid, real_gid);
|
|
|
bd38e4 |
- /*
|
|
|
bd38e4 |
+ unlink(atfile);
|
|
|
bd38e4 |
PRIV_END
|
|
|
bd38e4 |
- */
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
exit(EXIT_FAILURE);
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue)
|
|
|
bd38e4 |
* bit. Yes, this is a kluge.
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
|
|
|
bd38e4 |
- seteuid(real_uid);
|
|
|
bd38e4 |
+ if ((seteuid(effective_uid)) < 0)
|
|
|
bd38e4 |
+ perr("Error in seteuid: %s", errno);
|
|
|
bd38e4 |
if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1)
|
|
|
bd38e4 |
perr("Cannot create atjob file %.500s", atfile);
|
|
|
bd38e4 |
- seteuid(effective_uid);
|
|
|
bd38e4 |
|
|
|
bd38e4 |
if ((fd2 = dup(fd)) < 0)
|
|
|
bd38e4 |
perr("Error in dup() of job file");
|
|
|
bd38e4 |
|
|
|
bd38e4 |
- /*
|
|
|
bd38e4 |
if (fchown(fd2, real_uid, real_gid) != 0)
|
|
|
bd38e4 |
- perr("Cannot give away file");
|
|
|
bd38e4 |
- */
|
|
|
bd38e4 |
+ perr("Cannot give real_uid and real_gid the file");
|
|
|
bd38e4 |
|
|
|
bd38e4 |
PRIV_END
|
|
|
bd38e4 |
|
|
|
bd38e4 |
- /* We no longer need suid root; now we just need to be able to write
|
|
|
bd38e4 |
- * to the directory, if necessary.
|
|
|
bd38e4 |
- */
|
|
|
bd38e4 |
-
|
|
|
bd38e4 |
- REDUCE_PRIV(daemon_uid, daemon_gid)
|
|
|
bd38e4 |
/* We've successfully created the file; let's set the flag so it
|
|
|
bd38e4 |
* gets removed in case of an interrupt or error.
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
@@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int
|
|
|
bd38e4 |
We need the unprivileged uid here since the file is owned by the real
|
|
|
bd38e4 |
(not effective) uid.
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
- setregid(real_gid, effective_gid);
|
|
|
bd38e4 |
+ PRIV_START
|
|
|
bd38e4 |
|
|
|
bd38e4 |
if (queue == '=') {
|
|
|
bd38e4 |
fprintf(stderr, "Warning: deleting running job\n");
|
|
|
bd38e4 |
@@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int
|
|
|
bd38e4 |
perr("Cannot unlink %.500s", dirent->d_name);
|
|
|
bd38e4 |
rc = EXIT_FAILURE;
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
+ PRIV_END
|
|
|
bd38e4 |
|
|
|
bd38e4 |
- setregid(effective_gid, real_gid);
|
|
|
bd38e4 |
done = 1;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
break;
|
|
|
bd38e4 |
@@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int
|
|
|
bd38e4 |
FILE *fp;
|
|
|
bd38e4 |
int ch;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
- setregid(real_gid, effective_gid);
|
|
|
bd38e4 |
+ PRIV_START
|
|
|
bd38e4 |
fp = fopen(dirent->d_name, "r");
|
|
|
bd38e4 |
|
|
|
bd38e4 |
if (fp) {
|
|
|
bd38e4 |
@@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int
|
|
|
bd38e4 |
perr("Cannot open %.500s", dirent->d_name);
|
|
|
bd38e4 |
rc = EXIT_FAILURE;
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
- setregid(effective_gid, real_gid);
|
|
|
bd38e4 |
+ PRIV_END
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
break;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c
|
|
|
bd38e4 |
--- at-3.1.13/atd.c.pam 2012-04-19 16:50:57.498000001 +0200
|
|
|
bd38e4 |
+++ at-3.1.13/atd.c 2012-04-19 16:52:37.209000138 +0200
|
|
|
bd38e4 |
@@ -111,7 +111,7 @@ static int run_as_daemon = 0;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
static volatile sig_atomic_t term_signal = 0;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
-#ifdef HAVE_PAM
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
#include <security/pam_appl.h>
|
|
|
bd38e4 |
|
|
|
bd38e4 |
static pam_handle_t *pamh = NULL;
|
|
|
bd38e4 |
@@ -120,15 +120,7 @@ static const struct pam_conv conv = {
|
|
|
bd38e4 |
NULL
|
|
|
bd38e4 |
};
|
|
|
bd38e4 |
|
|
|
bd38e4 |
-#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
|
|
|
bd38e4 |
- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
|
|
|
bd38e4 |
- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
|
|
|
bd38e4 |
- pam_end(pamh, retcode); exit(1); \
|
|
|
bd38e4 |
- }
|
|
|
bd38e4 |
-#define PAM_END { retcode = pam_close_session(pamh,0); \
|
|
|
bd38e4 |
- pam_end(pamh,retcode); }
|
|
|
bd38e4 |
-
|
|
|
bd38e4 |
-#endif /* HAVE_PAM */
|
|
|
bd38e4 |
+#endif /* WITH_PAM */
|
|
|
bd38e4 |
|
|
|
bd38e4 |
/* Signal handlers */
|
|
|
bd38e4 |
RETSIGTYPE
|
|
|
bd38e4 |
@@ -235,7 +227,7 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
char fmt[64];
|
|
|
bd38e4 |
unsigned long jobno;
|
|
|
bd38e4 |
int rc;
|
|
|
bd38e4 |
-#ifdef HAVE_PAM
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
int retcode;
|
|
|
bd38e4 |
#endif
|
|
|
bd38e4 |
|
|
|
bd38e4 |
@@ -395,17 +387,11 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
fstat(fd_out, &buf;;
|
|
|
bd38e4 |
size = buf.st_size;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
-#ifdef HAVE_PAM
|
|
|
bd38e4 |
- PRIV_START
|
|
|
bd38e4 |
- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
|
|
|
bd38e4 |
- PAM_FAIL_CHECK;
|
|
|
bd38e4 |
- retcode = pam_acct_mgmt(pamh, PAM_SILENT);
|
|
|
bd38e4 |
- PAM_FAIL_CHECK;
|
|
|
bd38e4 |
- retcode = pam_open_session(pamh, PAM_SILENT);
|
|
|
bd38e4 |
- PAM_FAIL_CHECK;
|
|
|
bd38e4 |
- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
|
|
|
bd38e4 |
- PAM_FAIL_CHECK;
|
|
|
bd38e4 |
- PRIV_END
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+ AT_START_PAM;
|
|
|
bd38e4 |
+ AT_OPEN_PAM_SESSION;
|
|
|
bd38e4 |
+ closelog();
|
|
|
bd38e4 |
+ openlog("atd", LOG_PID, LOG_ATD);
|
|
|
bd38e4 |
#endif
|
|
|
bd38e4 |
|
|
|
bd38e4 |
close(STDIN_FILENO);
|
|
|
bd38e4 |
@@ -419,7 +405,14 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
else if (pid == 0) {
|
|
|
bd38e4 |
char *nul = NULL;
|
|
|
bd38e4 |
char **nenvp = &nul;
|
|
|
bd38e4 |
+ char **pam_envp=0L;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
+ PRIV_START
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+ pam_envp = pam_getenvlist(pamh);
|
|
|
bd38e4 |
+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
|
|
|
bd38e4 |
+ nenvp = pam_envp;
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
/* Set up things for the child; we want standard input from the
|
|
|
bd38e4 |
* input file, and standard output and error sent to our output file.
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
@@ -438,8 +431,6 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
close(fd_in);
|
|
|
bd38e4 |
close(fd_out);
|
|
|
bd38e4 |
|
|
|
bd38e4 |
- PRIV_START
|
|
|
bd38e4 |
-
|
|
|
bd38e4 |
nice((tolower((int) queue) - 'a' + 1) * 2);
|
|
|
bd38e4 |
|
|
|
bd38e4 |
if (initgroups(pentry->pw_name, pentry->pw_gid))
|
|
|
bd38e4 |
@@ -458,7 +449,16 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
|
|
|
bd38e4 |
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
|
|
|
bd38e4 |
perr("Exec failed for /bin/sh");
|
|
|
bd38e4 |
-
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L))
|
|
|
bd38e4 |
+ {
|
|
|
bd38e4 |
+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++)
|
|
|
bd38e4 |
+ free(*nenvp);
|
|
|
bd38e4 |
+ free( pam_envp );
|
|
|
bd38e4 |
+ nenvp = &nul;
|
|
|
bd38e4 |
+ pam_envp=0L;
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
PRIV_END
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
/* We're the parent. Let's wait.
|
|
|
bd38e4 |
@@ -471,14 +471,6 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
waitpid(pid, (int *) NULL, 0);
|
|
|
bd38e4 |
|
|
|
bd38e4 |
-#ifdef HAVE_PAM
|
|
|
bd38e4 |
- PRIV_START
|
|
|
bd38e4 |
- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
|
|
|
bd38e4 |
- retcode = pam_close_session(pamh, PAM_SILENT);
|
|
|
bd38e4 |
- pam_end(pamh, retcode);
|
|
|
bd38e4 |
- PRIV_END
|
|
|
bd38e4 |
-#endif
|
|
|
bd38e4 |
-
|
|
|
bd38e4 |
/* Send mail. Unlink the output file after opening it, so it
|
|
|
bd38e4 |
* doesn't hang around after the run.
|
|
|
bd38e4 |
*/
|
|
|
bd38e4 |
@@ -509,8 +501,20 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
unlink(newname);
|
|
|
bd38e4 |
free(newname);
|
|
|
bd38e4 |
|
|
|
bd38e4 |
+#ifdef ATD_MAIL_PROGRAM
|
|
|
bd38e4 |
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
|
|
|
bd38e4 |
+ int mail_pid = -1;
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+ AT_START_PAM;
|
|
|
bd38e4 |
+ AT_OPEN_PAM_SESSION;
|
|
|
bd38e4 |
+ closelog();
|
|
|
bd38e4 |
+ openlog("atd", LOG_PID, LOG_ATD);
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+ mail_pid = fork();
|
|
|
bd38e4 |
|
|
|
bd38e4 |
+ if ( mail_pid == 0 )
|
|
|
bd38e4 |
+ {
|
|
|
bd38e4 |
PRIV_START
|
|
|
bd38e4 |
|
|
|
bd38e4 |
if (initgroups(pentry->pw_name, pentry->pw_gid))
|
|
|
bd38e4 |
@@ -535,7 +539,21 @@ run_file(const char *filename, uid_t uid
|
|
|
bd38e4 |
perr("Exec failed for mail command");
|
|
|
bd38e4 |
|
|
|
bd38e4 |
PRIV_END
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+ else if ( mail_pid == -1 ) {
|
|
|
bd38e4 |
+ perr("fork of mailer failed");
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+ else {
|
|
|
bd38e4 |
+ /* Parent */
|
|
|
bd38e4 |
+ waitpid(mail_pid, (int *) NULL, 0);
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+ AT_CLOSE_PAM;
|
|
|
bd38e4 |
+ closelog();
|
|
|
bd38e4 |
+ openlog("atd", LOG_PID, LOG_ATD);
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
exit(EXIT_SUCCESS);
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
|
|
|
bd38e4 |
diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in
|
|
|
bd38e4 |
--- at-3.1.13/config.h.in.pam 2011-06-25 14:43:14.000000000 +0200
|
|
|
bd38e4 |
+++ at-3.1.13/config.h.in 2012-04-19 16:50:57.506000001 +0200
|
|
|
bd38e4 |
@@ -68,8 +68,8 @@
|
|
|
bd38e4 |
/* Define to 1 if you have the <nlist.h> header file. */
|
|
|
bd38e4 |
#undef HAVE_NLIST_H
|
|
|
bd38e4 |
|
|
|
bd38e4 |
-/* Define to 1 for PAM support */
|
|
|
bd38e4 |
-#undef HAVE_PAM
|
|
|
bd38e4 |
+/* Define if you are building with_pam */
|
|
|
bd38e4 |
+#undef WITH_PAM
|
|
|
bd38e4 |
|
|
|
bd38e4 |
/* Define to 1 if you have the `pstat_getdynamic' function. */
|
|
|
bd38e4 |
#undef HAVE_PSTAT_GETDYNAMIC
|
|
|
bd38e4 |
diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac
|
|
|
bd38e4 |
--- at-3.1.13/configure.ac.pam 2011-06-25 14:43:14.000000000 +0200
|
|
|
bd38e4 |
+++ at-3.1.13/configure.ac 2012-04-19 16:50:57.506000001 +0200
|
|
|
bd38e4 |
@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG
|
|
|
bd38e4 |
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
|
|
|
bd38e4 |
AC_CHECK_HEADERS(security/pam_appl.h, [
|
|
|
bd38e4 |
PAMLIB="-lpam"
|
|
|
bd38e4 |
- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])
|
|
|
bd38e4 |
+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support])
|
|
|
bd38e4 |
])
|
|
|
bd38e4 |
|
|
|
bd38e4 |
dnl Checking for programs
|
|
|
bd38e4 |
@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username,
|
|
|
bd38e4 |
)
|
|
|
bd38e4 |
AC_SUBST(DAEMON_USERNAME)
|
|
|
bd38e4 |
|
|
|
bd38e4 |
+AC_ARG_WITH(pam,
|
|
|
bd38e4 |
+[ --with-pam Define to enable pam support ],
|
|
|
bd38e4 |
+AC_DEFINE(WITH_PAM),
|
|
|
bd38e4 |
+)
|
|
|
bd38e4 |
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
|
|
|
bd38e4 |
+AC_SUBST(PAMLIB)
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
AC_MSG_CHECKING(groupname to run under)
|
|
|
bd38e4 |
AC_ARG_WITH(daemon_groupname,
|
|
|
bd38e4 |
[ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
|
|
|
bd38e4 |
diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c
|
|
|
bd38e4 |
--- at-3.1.13/perm.c.pam 2011-06-25 14:43:14.000000000 +0200
|
|
|
bd38e4 |
+++ at-3.1.13/perm.c 2012-04-19 16:53:09.192001742 +0200
|
|
|
bd38e4 |
@@ -51,6 +51,14 @@
|
|
|
bd38e4 |
#define PRIV_END while(0)
|
|
|
bd38e4 |
#endif
|
|
|
bd38e4 |
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+#include <security/pam_appl.h>
|
|
|
bd38e4 |
+static pam_handle_t *pamh = NULL;
|
|
|
bd38e4 |
+static const struct pam_conv conv = {
|
|
|
bd38e4 |
+ NULL
|
|
|
bd38e4 |
+};
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
/* Structures and unions */
|
|
|
bd38e4 |
|
|
|
bd38e4 |
|
|
|
bd38e4 |
@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha
|
|
|
bd38e4 |
int
|
|
|
bd38e4 |
check_permission()
|
|
|
bd38e4 |
{
|
|
|
bd38e4 |
- uid_t uid = geteuid();
|
|
|
bd38e4 |
+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
|
|
|
bd38e4 |
struct passwd *pentry;
|
|
|
bd38e4 |
int allow = 0, deny = 1;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
- if (uid == 0)
|
|
|
bd38e4 |
+ int retcode = 0;
|
|
|
bd38e4 |
+ if (euid == 0)
|
|
|
bd38e4 |
return 1;
|
|
|
bd38e4 |
|
|
|
bd38e4 |
- if ((pentry = getpwuid(uid)) == NULL) {
|
|
|
bd38e4 |
+ if ((pentry = getpwuid(euid)) == NULL) {
|
|
|
bd38e4 |
perror("Cannot access user database");
|
|
|
bd38e4 |
exit(EXIT_FAILURE);
|
|
|
bd38e4 |
}
|
|
|
bd38e4 |
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+/*
|
|
|
bd38e4 |
+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
|
|
|
bd38e4 |
+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
|
|
|
bd38e4 |
+ */
|
|
|
bd38e4 |
+ if (setreuid(daemon_uid, daemon_uid) != 0) {
|
|
|
bd38e4 |
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
|
|
|
bd38e4 |
+ exit(1);
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+ if (setregid(daemon_gid, daemon_gid) != 0) {
|
|
|
bd38e4 |
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
|
|
|
bd38e4 |
+ exit(1);
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+ AT_START_PAM;
|
|
|
bd38e4 |
+ AT_CLOSE_PAM;
|
|
|
bd38e4 |
+ if (setregid(gid,egid) != 0) {
|
|
|
bd38e4 |
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
|
|
|
bd38e4 |
+ exit(1);
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+ if (setreuid(uid,euid) != 0) {
|
|
|
bd38e4 |
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
|
|
|
bd38e4 |
+ exit(1);
|
|
|
bd38e4 |
+ }
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
|
|
|
bd38e4 |
if (allow==0 || allow==1)
|
|
|
bd38e4 |
return allow;
|
|
|
bd38e4 |
diff -up at-3.1.13/privs.h.pam at-3.1.13/privs.h
|
|
|
bd38e4 |
--- at-3.1.13/privs.h.pam 2011-06-25 14:43:14.000000000 +0200
|
|
|
bd38e4 |
+++ at-3.1.13/privs.h 2012-04-19 16:53:46.296016675 +0200
|
|
|
bd38e4 |
@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da
|
|
|
bd38e4 |
#error "Cannot implement user ID swapping without setreuid or setresuid"
|
|
|
bd38e4 |
#endif
|
|
|
bd38e4 |
#endif
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+#ifdef WITH_PAM
|
|
|
bd38e4 |
+/* PAM failed after session was open. */
|
|
|
bd38e4 |
+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \
|
|
|
bd38e4 |
+ pam_close_session(pamh,PAM_SILENT);
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+/* syslog will be logging error messages */
|
|
|
bd38e4 |
+#ifdef HAVE_UNISTD_H
|
|
|
bd38e4 |
+#include <syslog.h>
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+/* PAM fail even before opening the session */
|
|
|
bd38e4 |
+#define PAM_FAIL_CHECK \
|
|
|
bd38e4 |
+ do { if (retcode != PAM_SUCCESS) { \
|
|
|
bd38e4 |
+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \
|
|
|
bd38e4 |
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
|
|
|
bd38e4 |
+ if (pamh) \
|
|
|
bd38e4 |
+ pam_end(pamh, retcode); \
|
|
|
bd38e4 |
+ if (setregid(getgid(),getegid()) != 0) { \
|
|
|
bd38e4 |
+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \
|
|
|
bd38e4 |
+ exit(1); \
|
|
|
bd38e4 |
+ } \
|
|
|
bd38e4 |
+ if (setreuid(getuid(),geteuid()) != 0) { \
|
|
|
bd38e4 |
+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \
|
|
|
bd38e4 |
+ exit(1); \
|
|
|
bd38e4 |
+ } \
|
|
|
bd38e4 |
+ exit(1); \
|
|
|
bd38e4 |
+ } \
|
|
|
bd38e4 |
+ } while (0) \
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+static int pam_session_opened = 0; //global for open session
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+#define AT_START_PAM { \
|
|
|
bd38e4 |
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \
|
|
|
bd38e4 |
+ PAM_FAIL_CHECK; \
|
|
|
bd38e4 |
+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \
|
|
|
bd38e4 |
+ PAM_FAIL_CHECK; \
|
|
|
bd38e4 |
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \
|
|
|
bd38e4 |
+ PAM_FAIL_CHECK; \
|
|
|
bd38e4 |
+}
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+#define AT_OPEN_PAM_SESSION { \
|
|
|
bd38e4 |
+ retcode = pam_open_session(pamh, PAM_SILENT); \
|
|
|
bd38e4 |
+ PAM_FAIL_CHECK; \
|
|
|
bd38e4 |
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \
|
|
|
bd38e4 |
+ PAM_FAIL_CHECK; \
|
|
|
bd38e4 |
+ if (retcode == PAM_SUCCESS) \
|
|
|
bd38e4 |
+ pam_session_opened = 1; \
|
|
|
bd38e4 |
+}
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+#define AT_CLOSE_PAM { \
|
|
|
bd38e4 |
+ if (pam_session_opened != 0) { \
|
|
|
bd38e4 |
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); \
|
|
|
bd38e4 |
+ pam_close_session(pamh, PAM_SILENT); \
|
|
|
bd38e4 |
+ } \
|
|
|
bd38e4 |
+ pam_end(pamh, PAM_SUCCESS); \
|
|
|
bd38e4 |
+}
|
|
|
bd38e4 |
+
|
|
|
bd38e4 |
+#endif
|
|
|
bd38e4 |
+
|