diff --git a/.cvsignore b/.cvsignore index 578a1b4..6d4b80a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -4,3 +4,5 @@ atd.init atd.sysconf test.pl at_3.1.11.orig.tar.gz +at_3.1.12.orig.tar.gz +pam_atd diff --git a/at-3.1.10-shell.patch b/at-3.1.10-shell.patch deleted file mode 100644 index 5a976f0..0000000 --- a/at-3.1.10-shell.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- at-3.1.10/at.c.shell 2006-09-12 11:25:31.000000000 +0200 -+++ at-3.1.10/at.c 2006-09-12 12:25:43.000000000 +0200 -@@ -460,6 +460,8 @@ - fprintf(fp, " || {\n\t echo 'Execution directory " - "inaccessible' >&2\n\t exit 1\n}\n"); - -+ fprintf(fp, "${SHELL:-/bin/sh} << `(dd if=/dev/urandom count=200 bs=1 2>/dev/null|LC_ALL=C tr -d -c '[:alnum:]')`\n\n"); -+ - istty = isatty(fileno(stdin)); - if (istty) { - fprintf(stderr, "at> "); -@@ -1037,7 +1039,7 @@ - It also alows a warning diagnostic to be printed. Because of the - possible variance, we always output the diagnostic. */ - -- fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); -+// fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); - - writefile(timer, queue); - break; diff --git a/at-3.1.11-dont_fork.patch b/at-3.1.11-dont_fork.patch deleted file mode 100644 index cba12db..0000000 --- a/at-3.1.11-dont_fork.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff -up at-3.1.11/atd.8.in.dont_fork at-3.1.11/atd.8.in ---- at-3.1.11/atd.8.in.dont_fork 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/atd.8.in 2009-10-01 13:03:18.799878107 +0200 -@@ -1,4 +1,4 @@ --.TH ATD 8 "Mar 1997" local "Linux Programmer's Manual" -+.TH ATD 8 "Sep 2009" at-3.1.11 "Linux Programmer's Manual" - .SH NAME - atd \- run jobs queued for later execution - .SH SYNOPSIS -@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi - .IR batch_interval ] - .RB [ -d ] - .RB [ -s ] -+.RB [ -n ] - .SH DESCRIPTION - .B atd - runs jobs queued by -@@ -45,6 +46,9 @@ A script invoking - is installed as - .B @prefix@/sbin/atrun - for backward compatibility. -++.TP 8 -++.B -n -++Don't fork option. - .SH WARNING - .B atd - won't work if its spool directory is mounted via NFS even if -diff -up at-3.1.11/atd.c.dont_fork at-3.1.11/atd.c ---- at-3.1.11/atd.c.dont_fork 2009-10-01 13:03:18.000000000 +0200 -+++ at-3.1.11/atd.c 2009-10-01 13:04:55.289631298 +0200 -@@ -729,7 +729,7 @@ main(int argc, char *argv[]) - run_as_daemon = 1; - batch_interval = BATCH_INTERVAL_DEFAULT; - -- while ((c = getopt(argc, argv, "sdl:b:")) != EOF) { -+ while ((c = getopt(argc, argv, "sdl:b:n")) != EOF) { - switch (c) { - case 'l': - if (sscanf(optarg, "%lf", &load_avg) != 1) -@@ -744,7 +744,10 @@ main(int argc, char *argv[]) - break; - case 'd': - daemon_debug++; -- break; -+ /* go through another option*/ -+ case 'n': -+ daemon_nofork++; -+ break; - - case 's': - run_as_daemon = 0; -diff -up at-3.1.11/daemon.c.dont_fork at-3.1.11/daemon.c ---- at-3.1.11/daemon.c.dont_fork 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/daemon.c 2009-10-01 13:03:18.800878165 +0200 -@@ -48,7 +48,8 @@ - #include "daemon.h" - #include "privs.h" - --int daemon_debug; -+int daemon_debug = 0; -+int daemon_nofork = 0; - - static int - lock_fd(int fd) -@@ -117,15 +118,18 @@ daemon_setup() - (open("/dev/null", O_RDWR) != 2)) { - perr("Error redirecting I/O"); - } -+ } -+ if (daemon_nofork) pid = getpid(); -+ else { - pid = fork(); - if (pid == -1) { - perr("Cannot fork"); - } else if (pid != 0) { - exit(0); - } -+ (void) setsid(); - } - old_umask = umask(S_IWGRP | S_IWOTH); -- (void) setsid(); - - PRIV_START - -diff -up at-3.1.11/daemon.h.dont_fork at-3.1.11/daemon.h ---- at-3.1.11/daemon.h.dont_fork 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/daemon.h 2009-10-01 13:03:18.801877593 +0200 -@@ -14,3 +14,4 @@ __attribute__((noreturn)) - perr (const char *fmt, ...); - - extern int daemon_debug; -+extern int daemon_nofork; diff --git a/at-3.1.11-log.patch b/at-3.1.11-log.patch deleted file mode 100644 index 10e6ed7..0000000 --- a/at-3.1.11-log.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up at-3.1.11/at.c.log at-3.1.11/at.c -diff -up at-3.1.11/atd.c.log at-3.1.11/atd.c ---- at-3.1.11/atd.c.log 2009-10-01 13:05:17.000000000 +0200 -+++ at-3.1.11/atd.c 2009-10-01 13:25:48.437638709 +0200 -@@ -83,6 +83,10 @@ - #include "getloadavg.h" - #endif - -+#ifndef LOG_ATD -+#define LOG_ATD LOG_DAEMON -+#endif -+ - /* Macros */ - - #define BATCH_INTERVAL_DEFAULT 60 -@@ -195,6 +199,19 @@ myfork() - #define fork myfork - #endif - -+#undef ATD_MAIL_PROGRAM -+#undef ATD_MAIL_NAME -+#if defined(SENDMAIL) -+#define ATD_MAIL_PROGRAM SENDMAIL -+#define ATD_MAIL_NAME "sendmail" -+#elif defined(MAILC) -+#define ATD_MAIL_PROGRAM MAILC -+#define ATD_MAIL_NAME "mail" -+#elif defined(MAILX) -+#define ATD_MAIL_PROGRAM MAILX -+#define ATD_MAIL_NAME "mailx" -+#endif -+ - static void - run_file(const char *filename, uid_t uid, gid_t gid) - { -@@ -718,11 +735,7 @@ main(int argc, char *argv[]) - - RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) - --#ifndef LOG_CRON --#define LOG_CRON LOG_DAEMON --#endif -- -- openlog("atd", LOG_PID, LOG_CRON); -+ openlog("atd", LOG_PID, LOG_ATD); - - opterr = 0; - errno = 0; diff --git a/at-3.1.11-makefile.patch b/at-3.1.11-makefile.patch deleted file mode 100644 index 45d09ab..0000000 --- a/at-3.1.11-makefile.patch +++ /dev/null @@ -1,102 +0,0 @@ -diff -up at-3.1.11/Makefile.in.make at-3.1.11/Makefile.in ---- at-3.1.11/Makefile.in.make 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/Makefile.in 2009-10-02 10:36:24.104162973 +0200 -@@ -50,6 +51,8 @@ HEADERS = at.h panic.h parsetime.h perm - - OTHERS = parsetime.l parsetime.y - -+TEST_VERBOSE = 0 -+ - DOCS = Problems Copyright README ChangeLog timespec - - MISC = COPYING Makefile.in configure acconfig.h install-sh \ -@@ -65,13 +68,13 @@ LIST = Filelist Filelist.asc - all: at atd atrun - - at: $(ATOBJECTS) -- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) - rm -f $(CLONES) - $(LN_S) -f at atq - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y -@@ -83,38 +86,42 @@ atrun: atrun.in - configure - - .c.o: -- $(CC) -c $(CFLAGS) $(DEFS) $*.c -+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c - - install: all -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(bindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(docdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d -+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) -+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) -+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) - touch $(IROOT)$(LFILE) - chmod 600 $(IROOT)$(LFILE) - chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) -- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 -s at $(IROOT)$(bindir) -+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ -+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd -+ $(INSTALL) -m 4755 at $(IROOT)$(bindir) - $(LN_S) -f at $(IROOT)$(bindir)/atq - $(LN_S) -f at $(IROOT)$(bindir)/atrm -- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) -- $(INSTALL) -g root -o root -m 755 -s atd $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ -+ $(INSTALL) -m 755 batch $(IROOT)$(bindir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) -+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) -+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ - cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 -- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ -+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ - sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman -- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 -+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 - rm -f tmpman -- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/ -+ $(INSTALL) -m 644 at_allow.5 $(IROOT)$(man5dir)/ - cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5 -- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) -+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) - rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ - $(IROOT)$(mandir)/cat1/atq.1* - rm -f $(IROOT)$(mandir)/cat1/atd.8* -@@ -148,6 +155,9 @@ Filelist.asc: Filelist - parsetest: lex.yy.c y.tab.c - $(CC) -o parsetest $(CFLAGS) $(DEFS) -DTEST_PARSER -DNEED_YYWRAP lex.yy.c y.tab.c - -+test: parsetest -+ PERL_DL_NONLAZY=1 perl -e 'use Test::Harness qw(&runtests $$verbose); $$verbose=$(TEST_VERBOSE); runtests @ARGV;' test.pl -+ - .depend: $(CSRCS) - gcc $(CFLAGS) $(DEFS) -MM $(CSRCS) > .depend - diff --git a/at-3.1.11-nitpicks.patch b/at-3.1.11-nitpicks.patch deleted file mode 100644 index c8a99a1..0000000 --- a/at-3.1.11-nitpicks.patch +++ /dev/null @@ -1,86 +0,0 @@ -diff -up at-3.1.11/at.1.in.typo at-3.1.11/at.1.in ---- at-3.1.11/at.1.in.typo 2009-08-14 12:49:05.000000000 -0400 -+++ at-3.1.11/at.1.in 2009-09-29 13:11:37.869869479 -0400 -@@ -89,7 +89,9 @@ or giving a date of the form - or - .B MM/DD/YY - or --.B DD.MM.YY. -+.B DD.MM.YY -+or -+.B YYYY-MM-DD. - The specification of a date - .I must - follow the specification of the time of day. -@@ -119,7 +121,7 @@ and to run a job at 1am tomorrow, you wo - .B at 1am tomorrow. - .PP - The exact definition of the time specification can be found in --.IR @prefix@/share/doc/at/timespec . -+.IR @prefix@/share/doc/at-@VERSION@/timespec . - .PP - For both - .BR at " and " batch , -diff -up at-3.1.11/atd.c.typo at-3.1.11/atd.c ---- at-3.1.11/atd.c.typo 2009-09-29 13:02:17.068860987 -0400 -+++ at-3.1.11/atd.c 2009-09-29 13:02:17.099881137 -0400 -@@ -276,6 +276,8 @@ run_file(const char *filename, uid_t uid - free(newname); - return; - } -+ (void) setsid(); //own session for process -+ - /* Let's see who we mail to. Hopefully, we can read it from - * the command file; if not, send it to the owner, or, failing that, - * to root. -@@ -497,7 +499,7 @@ run_file(const char *filename, uid_t uid - #if defined(SENDMAIL) - execl(SENDMAIL, "sendmail", mailname, (char *) NULL); - #else --#error "No mail command specified." -+ perr("No mail command specified."); - #endif - perr("Exec failed for mail command"); - -@@ -606,6 +608,7 @@ run_loop() - * Let's remove the lockfile and reschedule. - */ - strncpy(lock_name, dirent->d_name, sizeof(lock_name)); -+ lock_name[sizeof(lock_name)-1] = '\0'; - lock_name[0] = '='; - unlink(lock_name); - next_job = now; -@@ -640,6 +643,7 @@ run_loop() - run_batch++; - if (strcmp(batch_name, dirent->d_name) > 0) { - strncpy(batch_name, dirent->d_name, sizeof(batch_name)); -+ batch_name[sizeof(batch_name)-1] = '\0'; - batch_uid = buf.st_uid; - batch_gid = buf.st_gid; - batch_queue = queue; - -diff -up at-3.1.11/configure.ac.aaa at-3.1.11/configure.ac ---- at-3.1.11/configure.ac.aaa 2009-08-14 12:49:05.000000000 -0400 -+++ at-3.1.11/configure.ac 2009-09-29 13:35:59.230866054 -0400 -@@ -5,7 +5,7 @@ AC_CONFIG_SRCDIR(at.c) - - AC_PREFIX_DEFAULT(/usr) - AC_CONFIG_HEADER(config.h) --AC_PREREQ([2.64]) -+AC_PREREQ([2.63]) - - VERSION=AC_PACKAGE_VERSION - if test "X$CFLAGS" = "X"; then -diff -up at-3.1.11/atd.c.seg at-3.1.11/atd.c ---- at-3.1.11/atd.c.seg 2009-08-14 12:49:05.000000000 -0400 -+++ at-3.1.11/atd.c 2009-09-29 12:15:55.200864618 -0400 -@@ -435,6 +435,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir("/"); - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) diff --git a/at-3.1.11-opt_V.patch b/at-3.1.11-opt_V.patch deleted file mode 100644 index 38727a1..0000000 --- a/at-3.1.11-opt_V.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up at-3.1.11/at.c.opt_V at-3.1.11/at.c ---- at-3.1.11/at.c.opt_V 2009-09-29 12:42:16.000000000 -0400 -+++ at-3.1.11/at.c 2009-09-29 12:46:43.998865749 -0400 -@@ -857,10 +857,9 @@ main(int argc, char **argv) - */ - - if (disp_version) { -- fprintf(stderr, "at version " VERSION "\n" -- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n" -- "or contact the maintainers (at@packages.debian.org).\n"); -- exit(EXIT_SUCCESS); -+ fprintf(stderr, "at version " VERSION "\n"); -+ if (argc == 2) -+ exit(EXIT_SUCCESS); - } - - /* select our program diff --git a/at-3.1.11-pam2.patch b/at-3.1.11-pam2.patch deleted file mode 100644 index 3f1b344..0000000 --- a/at-3.1.11-pam2.patch +++ /dev/null @@ -1,427 +0,0 @@ -diff -up at-3.1.11/at.c.pam2 at-3.1.11/at.c ---- at-3.1.11/at.c.pam2 2009-10-13 16:47:23.277378517 +0200 -+++ at-3.1.11/at.c 2009-10-13 16:47:23.321377936 +0200 -@@ -315,26 +315,19 @@ writefile(time_t runtimer, char queue) - * bit. Yes, this is a kluge. - */ - cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); -- seteuid(real_uid); -+ if ((seteuid(effective_uid)) < 0) -+ perr("Error in seteuid: %s", errno); - if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) - perr("Cannot create atjob file %.500s", atfile); -- seteuid(effective_uid); - - if ((fd2 = dup(fd)) < 0) - perr("Error in dup() of job file"); - -- /* - if (fchown(fd2, real_uid, real_gid) != 0) -- perr("Cannot give away file"); -- */ -+ perr("Cannot give real_uid and real_gid the file"); - - PRIV_END - -- /* We no longer need suid root; now we just need to be able to write -- * to the directory, if necessary. -- */ -- -- REDUCE_PRIV(daemon_uid, daemon_gid) - /* We've successfully created the file; let's set the flag so it - * gets removed in case of an interrupt or error. - */ -@@ -493,7 +486,7 @@ writefile(time_t runtimer, char queue) - */ - - if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0) -- perr("Cannot give away file"); -+ perr("Cannot change the mode of the file"); - - close(fd2); - -@@ -658,7 +651,7 @@ process_jobs(int argc, char **argv, int - We need the unprivileged uid here since the file is owned by the real - (not effective) uid. - */ -- setregid(real_gid, effective_gid); -+ PRIV_START - - if (queue == '=') { - fprintf(stderr, "Warning: deleting running job\n"); -@@ -667,8 +660,8 @@ process_jobs(int argc, char **argv, int - perr("Cannot unlink %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -+ PRIV_END - -- setregid(effective_gid, real_gid); - done = 1; - - break; -@@ -678,7 +671,7 @@ process_jobs(int argc, char **argv, int - FILE *fp; - int ch; - -- setregid(real_gid, effective_gid); -+ PRIV_START - fp = fopen(dirent->d_name, "r"); - - if (fp) { -@@ -691,7 +684,7 @@ process_jobs(int argc, char **argv, int - perr("Cannot open %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -- setregid(effective_gid, real_gid); -+ PRIV_END - } - break; - -diff -up at-3.1.11/atd.c.pam2 at-3.1.11/atd.c ---- at-3.1.11/atd.c.pam2 2009-10-13 16:47:23.297368464 +0200 -+++ at-3.1.11/atd.c 2009-10-13 16:48:21.696629698 +0200 -@@ -112,7 +112,7 @@ static int run_as_daemon = 0; - - static volatile sig_atomic_t term_signal = 0; - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - #include - - static pam_handle_t *pamh = NULL; -@@ -121,15 +121,7 @@ static const struct pam_conv conv = { - NULL - }; - --#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ -- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -- pam_end(pamh, retcode); exit(1); \ -- } --#define PAM_END { retcode = pam_close_session(pamh,0); \ -- pam_end(pamh,retcode); } -- --#endif /* HAVE_PAM */ -+#endif /* WITH_PAM */ - - /* Signal handlers */ - RETSIGTYPE -@@ -236,7 +228,7 @@ run_file(const char *filename, uid_t uid - char queue; - char fmt[64]; - unsigned long jobno; --#ifdef HAVE_PAM -+#ifdef WITH_PAM - int retcode; - #endif - -@@ -396,16 +388,11 @@ run_file(const char *filename, uid_t uid - fstat(fd_out, &buf); - size = buf.st_size; - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - PRIV_START -- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); -- PAM_FAIL_CHECK; -- retcode = pam_acct_mgmt(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_open_session(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); -- PAM_FAIL_CHECK; -+ PAM_HANDLING; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); - PRIV_END - #endif - -@@ -420,7 +407,15 @@ run_file(const char *filename, uid_t uid - else if (pid == 0) { - char *nul = NULL; - char **nenvp = &nul; -+ char **pam_envp=0L; - -+ PRIV_START -+#ifdef WITH_PAM -+ pam_envp = pam_getenvlist(pamh); -+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) -+ nenvp = pam_envp; -+#endif -+ PRIV_END - /* Set up things for the child; we want standard input from the - * input file, and standard output and error sent to our output file. - */ -@@ -461,7 +456,16 @@ run_file(const char *filename, uid_t uid - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -- -+#ifdef WITH_PAM -+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) -+ { -+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) -+ free(*nenvp); -+ free( pam_envp ); -+ nenvp = &nul; -+ pam_envp=0L; -+ } -+#endif - PRIV_END - } - /* We're the parent. Let's wait. -@@ -475,7 +479,7 @@ run_file(const char *filename, uid_t uid - */ - waitpid(pid, (int *) NULL, 0); - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - PRIV_START - pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); - retcode = pam_close_session(pamh, PAM_SILENT); -@@ -490,6 +494,13 @@ run_file(const char *filename, uid_t uid - if (open(filename, O_RDONLY) != STDIN_FILENO) - perr("Open of jobfile failed"); - -+#ifdef WITH_PAM -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh, PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif - unlink(filename); - - /* The job is now finished. We can delete its input file. -@@ -498,8 +509,19 @@ run_file(const char *filename, uid_t uid - unlink(newname); - free(newname); - -+#ifdef ATD_MAIL_PROGRAM - if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { -+ int mail_pid = -1; -+#ifdef WITH_PAM -+ PAM_HANDLING; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif - -+ mail_pid = fork(); -+ -+ if ( mail_pid == 0 ) -+ { - PRIV_START - - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -513,15 +535,28 @@ run_file(const char *filename, uid_t uid - - chdir ("/"); - --#if defined(SENDMAIL) -- execl(SENDMAIL, "sendmail", mailname, (char *) NULL); --#else -- perr("No mail command specified."); --#endif -+ execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL); - perr("Exec failed for mail command"); -+ exit(-1); - - PRIV_END -+ } -+ else if ( mail_pid == -1 ) { -+ perr("fork of mailer failed"); -+ } -+ else { -+ /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); -+ } -+#ifdef WITH_PAM -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh, PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif - } -+#endif - exit(EXIT_SUCCESS); - } - -diff -up at-3.1.11/config.h.in.pam2 at-3.1.11/config.h.in ---- at-3.1.11/config.h.in.pam2 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/config.h.in 2009-10-13 16:47:23.323393602 +0200 -@@ -74,8 +74,8 @@ - /* Define to 1 if you have the header file. */ - #undef HAVE_NLIST_H - --/* Define to 1 for PAM support */ --#undef HAVE_PAM -+/* Define if you are building with_pam */ -+#undef WITH_PAM - - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.11/configure.ac.pam2 at-3.1.11/configure.ac ---- at-3.1.11/configure.ac.pam2 2009-10-13 16:47:23.266377946 +0200 -+++ at-3.1.11/configure.ac 2009-10-13 16:47:23.324393260 +0200 -@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG - AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) - AC_CHECK_HEADERS(security/pam_appl.h, [ - PAMLIB="-lpam" -- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support]) -+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support]) - ]) - - dnl Checking for programs -@@ -301,5 +301,12 @@ AC_ARG_WITH(daemon_groupname, - ) - AC_SUBST(DAEMON_GROUPNAME) - -+AC_ARG_WITH(pam, -+[ --with-pam Define to enable pam support ], -+AC_DEFINE(WITH_PAM), -+) -+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') -+AC_SUBST(PAMLIB) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch) - AC_OUTPUT -diff -up at-3.1.11/perm.c.pam2 at-3.1.11/perm.c ---- at-3.1.11/perm.c.pam2 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/perm.c 2009-10-13 16:47:23.325392918 +0200 -@@ -51,6 +51,14 @@ - #define PRIV_END while(0) - #endif - -+#ifdef WITH_PAM -+#include -+static pam_handle_t *pamh = NULL; -+static const struct pam_conv conv = { -+ NULL -+}; -+#endif -+ - /* Structures and unions */ - - -@@ -108,18 +116,53 @@ user_in_file(const char *path, const cha - int - check_permission() - { -- uid_t uid = geteuid(); -+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); - struct passwd *pentry; - int allow = 0, deny = 1; - -- if (uid == 0) -+ int retcode = 0; -+ if (euid == 0) - return 1; - -- if ((pentry = getpwuid(uid)) == NULL) { -+ if ((pentry = getpwuid(euid)) == NULL) { - perror("Cannot access user database"); - exit(EXIT_FAILURE); - } - -+#ifdef WITH_PAM -+/* -+ * We must check if the atd daemon userid will be allowed to gain the job owner user's -+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. -+ */ -+ if (setreuid(daemon_uid, daemon_uid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setregid(daemon_gid, daemon_gid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+ -+ pam_close_session(pamh,PAM_SILENT); -+ -+ PAM_HANDLING; -+ -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh,PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ -+ if (setregid(gid,egid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setreuid(uid,euid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+ -+ -+#endif -+ - allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); - if (allow==0 || allow==1) - return allow; -diff -up at-3.1.11/privs.h.pam2 at-3.1.11/privs.h ---- at-3.1.11/privs.h.pam2 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/privs.h 2009-10-13 16:47:23.326393135 +0200 -@@ -144,3 +144,60 @@ extern gid_t real_gid, effective_gid, da - #error "Cannot implement user ID swapping without setreuid or setresuid" - #endif - #endif -+ -+#ifdef WITH_PAM -+/* PAM failed after session was open. */ -+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ -+ pam_close_session(pamh,PAM_SILENT); -+ -+/* syslog will be logging error messages */ -+#ifdef HAVE_UNISTD_H -+#include -+#endif -+ -+/* PAM fail even before opening the session */ -+#define PAM_FAIL_CHECK \ -+ do { if (retcode != PAM_SUCCESS) { \ -+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \ -+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ if (pamh) \ -+ pam_end(pamh, retcode); \ -+ if (setregid(getgid(),getegid()) != 0) { \ -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ if (setreuid(getuid(),geteuid()) != 0) { \ -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ exit(1); \ -+ } \ -+ } while (0) \ -+ -+/* PAM - check after every operation whether they passed */ -+#define PAM_HANDLING \ -+ do { pamh = NULL; \ -+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_open_session(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \ -+ PAM_SESSION_FAIL; \ -+ PAM_FAIL_CHECK; \ -+ } while (0) -+ -+/* OLD FAIL_CHECK ONLY FOR perm.c -+ * define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -+ * fprintf(stderr,"\nPAM failure %s\n",pam_strerror(pamh, retcode)); \ -+ * syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ * if (pamh) \ -+ * pam_end(pamh, retcode); \ -+ * exit(1); \ -+ * } -+ */ -+ -+#endif diff --git a/at-3.1.11-selinux.patch b/at-3.1.11-selinux.patch deleted file mode 100644 index ee4c468..0000000 --- a/at-3.1.11-selinux.patch +++ /dev/null @@ -1,178 +0,0 @@ -diff -up at-3.1.11/atd.c.selinux at-3.1.11/atd.c ---- at-3.1.11/atd.c.selinux 2009-10-05 12:56:24.573344967 +0200 -+++ at-3.1.11/atd.c 2009-10-05 13:01:55.991338568 +0200 -@@ -74,6 +74,14 @@ - #include - #endif - -+#ifdef WITH_SELINUX -+#include -+#include -+int selinux_enabled=0; -+#include -+#include -+#endif -+ - /* Local headers */ - - #include "privs.h" -@@ -204,6 +212,68 @@ myfork() - #define ATD_MAIL_NAME "mailx" - #endif - -+#ifdef WITH_SELINUX -+static int set_selinux_context(const char *name, const char *filename) { -+ security_context_t user_context=NULL; -+ security_context_t file_context=NULL; -+ struct av_decision avd; -+ int retval=-1; -+ char *seuser=NULL; -+ char *level=NULL; -+ -+ if (getseuserbyname(name, &seuser, &level) == 0) { -+ retval=get_default_context_with_level(seuser, level, NULL, &user_context); -+ free(seuser); -+ free(level); -+ if (retval) { -+ if (security_getenforce()==1) { -+ perr("execle: couldn't get security context for user %s\n", name); -+ } else { -+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); -+ return -1; -+ } -+ } -+ } -+ -+ /* -+ * Since crontab files are not directly executed, -+ * crond must ensure that the crontab file has -+ * a context that is appropriate for the context of -+ * the user cron job. It performs an entrypoint -+ * permission check for this purpose. -+ */ -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) -+ perr("fgetfilecon FAILED %s", filename); -+ -+ retval = security_compute_av(user_context, -+ file_context, -+ SECCLASS_FILE, -+ FILE__ENTRYPOINT, -+ &avd); -+ freecon(file_context); -+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { -+ if (security_getenforce()==1) { -+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); -+ } else { -+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; -+ } -+ } -+ if (setexeccon(user_context) < 0) { -+ if (security_getenforce()==1) { -+ perr("Could not set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ } else { -+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); -+ } -+ } -+ err: -+ freecon(user_context); -+ return 0; -+} -+#endif -+ - static void - run_file(const char *filename, uid_t uid, gid_t gid) - { -@@ -454,6 +524,13 @@ run_file(const char *filename, uid_t uid - - chdir("/"); - -+#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } -+#endif -+ - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); - #ifdef WITH_PAM -@@ -535,10 +612,24 @@ run_file(const char *filename, uid_t uid - - chdir ("/"); - -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } -+#endif -+ - execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL); - perr("Exec failed for mail command"); - exit(-1); - -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) -+ if (setexeccon(NULL) < 0) -+ if (security_getenforce()==1) -+ perr("Could not reset exec context for user %s\n", pentry->pw_name); -+#endif -+ - PRIV_END - } - else if ( mail_pid == -1 ) { -@@ -754,6 +845,10 @@ main(int argc, char *argv[]) - struct passwd *pwe; - struct group *ge; - -+#ifdef WITH_SELINUX -+ selinux_enabled=is_selinux_enabled(); -+#endif -+ - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ -diff -up at-3.1.11/config.h.in.selinux at-3.1.11/config.h.in ---- at-3.1.11/config.h.in.selinux 2009-10-05 12:56:24.573344967 +0200 -+++ at-3.1.11/config.h.in 2009-10-05 12:56:24.590350404 +0200 -@@ -77,6 +77,9 @@ - /* Define if you are building with_pam */ - #undef WITH_PAM - -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX -+ - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC - -diff -up at-3.1.11/configure.ac.selinux at-3.1.11/configure.ac ---- at-3.1.11/configure.ac.selinux 2009-10-05 12:56:24.574344835 +0200 -+++ at-3.1.11/configure.ac 2009-10-05 12:56:24.591350062 +0200 -@@ -308,5 +308,13 @@ AC_DEFINE(WITH_PAM), - AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') - AC_SUBST(PAMLIB) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch) - AC_OUTPUT -diff -up at-3.1.11/Makefile.in.selinux at-3.1.11/Makefile.in ---- at-3.1.11/Makefile.in.selinux 2009-10-05 12:56:24.509607000 +0200 -+++ at-3.1.11/Makefile.in 2009-10-05 12:56:24.592345179 +0200 -@@ -39,6 +39,7 @@ LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - INSTALL = @INSTALL@ - PAMLIB = @PAMLIB@ -+SELINUXLIB = @SELINUXLIB@ - - CLONES = atq atrm - ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o diff --git a/at-3.1.11-shell.patch b/at-3.1.11-shell.patch deleted file mode 100644 index c1bc288..0000000 --- a/at-3.1.11-shell.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff -up at-3.1.11/at.c.shell at-3.1.11/at.c ---- at-3.1.11/at.c.shell 2009-08-14 18:49:05.000000000 +0200 -+++ at-3.1.11/at.c 2009-09-29 15:50:34.786919463 +0200 -@@ -62,11 +62,8 @@ - #include - #include - --#ifdef TM_IN_SYS_TIME - #include --#else - #include --#endif - - #ifdef HAVE_UNISTD_H - #include -@@ -241,6 +238,12 @@ writefile(time_t runtimer, char queue) - int kill_errno; - int rc; - int mailsize = 128; -+ struct timeval tv; -+ struct timezone tz; -+ long int i; -+ -+ gettimeofday(&tv, &tz); -+ srandom(getpid()+tv.tv_usec); - - /* Install the signal handler for SIGINT; terminate after removing the - * spool file if necessary -@@ -458,6 +461,9 @@ writefile(time_t runtimer, char queue) - fprintf(fp, " || {\n\t echo 'Execution directory " - "inaccessible' >&2\n\t exit 1\n}\n"); - -+ i = random(); -+ fprintf(fp, "${SHELL:-/bin/sh} << marcinDELIMITER%08lx\n", i); -+ - istty = isatty(fileno(stdin)); - if (istty) { - fprintf(stderr, "at> "); -@@ -474,6 +480,7 @@ writefile(time_t runtimer, char queue) - fprintf(stderr, "\n"); - } - fprintf(fp, "\n"); -+ fprintf(fp, "marcinDELIMITER%08lx\n", i); - if (ferror(fp)) - panic("Output error"); - -@@ -924,7 +931,7 @@ main(int argc, char **argv) - It also alows a warning diagnostic to be printed. Because of the - possible variance, we always output the diagnostic. */ - -- fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); -+ //fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); - - writefile(timer, queue); - break; diff --git a/at-3.1.12-makefile.patch b/at-3.1.12-makefile.patch new file mode 100644 index 0000000..871166b --- /dev/null +++ b/at-3.1.12-makefile.patch @@ -0,0 +1,83 @@ +diff -up at-3.1.12/Makefile.in.make at-3.1.12/Makefile.in +--- at-3.1.12/Makefile.in.make 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/Makefile.in 2009-12-03 13:23:08.794258910 +0100 +@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc + all: at atd atrun + + at: $(ATOBJECTS) +- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm + + atd: $(RUNOBJECTS) +- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) ++ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) + + y.tab.c y.tab.h: parsetime.y + $(YACC) -d parsetime.y +@@ -83,38 +83,42 @@ atrun: atrun.in + configure + + .c.o: +- $(CC) -c $(CFLAGS) $(DEFS) $*.c ++ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c + + install: all +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) +- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) ++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(bindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(docdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) ++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d ++ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) ++ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) ++ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) + touch $(IROOT)$(LFILE) + chmod 600 $(IROOT)$(LFILE) + chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) +- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 -s at $(IROOT)$(bindir) ++ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ ++ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd ++ $(INSTALL) -m 4755 at $(IROOT)$(bindir) + $(LN_S) -f at $(IROOT)$(bindir)/atq + $(LN_S) -f at $(IROOT)$(bindir)/atrm +- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) +- $(INSTALL) -g root -o root -m 755 -s atd $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ ++ $(INSTALL) -m 755 batch $(IROOT)$(bindir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) ++ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) ++ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ + cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 +- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ ++ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ + sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman +- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 ++ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 + rm -f tmpman +- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/ ++ $(INSTALL) -m 644 at_allow.5 $(IROOT)$(man5dir)/ + cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5 +- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) ++ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) + rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ + $(IROOT)$(mandir)/cat1/atq.1* + rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/at-3.1.12-nitpicks.patch b/at-3.1.12-nitpicks.patch new file mode 100644 index 0000000..4b73a79 --- /dev/null +++ b/at-3.1.12-nitpicks.patch @@ -0,0 +1,103 @@ +diff -up at-3.1.12/at.1.in.nit at-3.1.12/at.1.in +--- at-3.1.12/at.1.in.nit 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/at.1.in 2009-12-03 10:32:19.018261655 +0100 +@@ -121,7 +121,7 @@ and to run a job at 1am tomorrow, you wo + .B at 1am tomorrow. + .PP + The exact definition of the time specification can be found in +-.IR @prefix@/share/doc/at/timespec . ++.IR @prefix@/share/doc/at-@VERSION@/timespec . + .PP + For both + .BR at " and " batch , +diff -up at-3.1.12/atd.c.nit at-3.1.12/atd.c +--- at-3.1.12/atd.c.nit 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/atd.c 2009-12-03 10:33:12.494259601 +0100 +@@ -83,6 +83,9 @@ + #include "getloadavg.h" + #endif + ++#ifndef LOG_ATD ++#define LOG_ATD LOG_DAEMON ++#endif + /* Macros */ + + #define BATCH_INTERVAL_DEFAULT 60 +@@ -194,6 +197,18 @@ myfork() + + #define fork myfork + #endif ++#undef ATD_MAIL_PROGRAM ++#undef ATD_MAIL_NAME ++#if defined(SENDMAIL) ++#define ATD_MAIL_PROGRAM SENDMAIL ++#define ATD_MAIL_NAME "sendmail" ++#elif defined(MAILC) ++#define ATD_MAIL_PROGRAM MAILC ++#define ATD_MAIL_NAME "mail" ++#elif defined(MAILX) ++#define ATD_MAIL_PROGRAM MAILX ++#define ATD_MAIL_NAME "mailx" ++#endif + + static void + run_file(const char *filename, uid_t uid, gid_t gid) +@@ -276,6 +291,9 @@ run_file(const char *filename, uid_t uid + free(newname); + return; + } ++ ++ (void) setsid(); //own session for process ++ + /* Let's see who we mail to. Hopefully, we can read it from + * the command file; if not, send it to the owner, or, failing that, + * to root. +@@ -435,6 +453,9 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir("/"); + + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) +@@ -503,6 +524,9 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir ("/"); + + #if defined(SENDMAIL) +@@ -617,6 +641,7 @@ run_loop() + * Let's remove the lockfile and reschedule. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; + unlink(lock_name); + next_job = now; +@@ -651,6 +676,7 @@ run_loop() + run_batch++; + if (strcmp(batch_name, dirent->d_name) > 0) { + strncpy(batch_name, dirent->d_name, sizeof(batch_name)); ++ batch_name[sizeof(batch_name)-1] = '\0'; + batch_uid = buf.st_uid; + batch_gid = buf.st_gid; + batch_queue = queue; +@@ -725,11 +751,7 @@ main(int argc, char *argv[]) + + RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) + +-#ifndef LOG_CRON +-#define LOG_CRON LOG_DAEMON +-#endif +- +- openlog("atd", LOG_PID, LOG_CRON); ++ openlog("atd", LOG_PID, LOG_ATD); + + opterr = 0; + errno = 0; diff --git a/at-3.1.12-opt_V.patch b/at-3.1.12-opt_V.patch new file mode 100644 index 0000000..d25148d --- /dev/null +++ b/at-3.1.12-opt_V.patch @@ -0,0 +1,17 @@ +diff -up at-3.1.12/at.c.opt_V at-3.1.12/at.c +--- at-3.1.12/at.c.opt_V 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/at.c 2009-12-02 13:20:29.770215516 +0100 +@@ -853,10 +853,9 @@ main(int argc, char **argv) + */ + + if (disp_version) { +- fprintf(stderr, "at version " VERSION "\n" +- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n" +- "or contact the maintainers (at@packages.debian.org).\n"); +- exit(EXIT_SUCCESS); ++ fprintf(stderr, "at version " VERSION "\n"); ++ if (argc == 2) ++ exit(EXIT_SUCCESS); + } + + /* select our program diff --git a/at-3.1.12-pam.patch b/at-3.1.12-pam.patch new file mode 100644 index 0000000..913b496 --- /dev/null +++ b/at-3.1.12-pam.patch @@ -0,0 +1,409 @@ +diff -up at-3.1.12/at.c.pam at-3.1.12/at.c +--- at-3.1.12/at.c.pam 2009-12-03 10:34:52.714284767 +0100 ++++ at-3.1.12/at.c 2009-12-03 10:36:38.736257590 +0100 +@@ -318,26 +318,19 @@ writefile(time_t runtimer, char queue) + * bit. Yes, this is a kluge. + */ + cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); +- seteuid(real_uid); ++ if ((seteuid(effective_uid)) < 0) ++ perr("Error in seteuid: %s", errno); + if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) + perr("Cannot create atjob file %.500s", atfile); +- seteuid(effective_uid); + + if ((fd2 = dup(fd)) < 0) + perr("Error in dup() of job file"); + +- /* + if (fchown(fd2, real_uid, real_gid) != 0) +- perr("Cannot give away file"); +- */ ++ perr("Cannot give real_uid and real_gid the file"); + + PRIV_END + +- /* We no longer need suid root; now we just need to be able to write +- * to the directory, if necessary. +- */ +- +- REDUCE_PRIV(daemon_uid, daemon_gid) + /* We've successfully created the file; let's set the flag so it + * gets removed in case of an interrupt or error. + */ +@@ -661,7 +654,7 @@ process_jobs(int argc, char **argv, int + We need the unprivileged uid here since the file is owned by the real + (not effective) uid. + */ +- setregid(real_gid, effective_gid); ++ PRIV_START + + if (queue == '=') { + fprintf(stderr, "Warning: deleting running job\n"); +@@ -670,8 +663,8 @@ process_jobs(int argc, char **argv, int + perr("Cannot unlink %.500s", dirent->d_name); + rc = EXIT_FAILURE; + } ++ PRIV_END + +- setregid(effective_gid, real_gid); + done = 1; + + break; +@@ -681,7 +674,7 @@ process_jobs(int argc, char **argv, int + FILE *fp; + int ch; + +- setregid(real_gid, effective_gid); ++ PRIV_START + fp = fopen(dirent->d_name, "r"); + + if (fp) { +@@ -694,7 +687,7 @@ process_jobs(int argc, char **argv, int + perr("Cannot open %.500s", dirent->d_name); + rc = EXIT_FAILURE; + } +- setregid(effective_gid, real_gid); ++ PRIV_END + } + break; + +diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c +--- at-3.1.12/atd.c.pam 2009-12-03 10:36:45.265284508 +0100 ++++ at-3.1.12/atd.c 2009-12-03 10:38:52.276261175 +0100 +@@ -111,7 +111,7 @@ static int run_as_daemon = 0; + + static volatile sig_atomic_t term_signal = 0; + +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + #include + + static pam_handle_t *pamh = NULL; +@@ -120,15 +120,7 @@ static const struct pam_conv conv = { + NULL + }; + +-#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ +- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ +- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ +- pam_end(pamh, retcode); exit(1); \ +- } +-#define PAM_END { retcode = pam_close_session(pamh,0); \ +- pam_end(pamh,retcode); } +- +-#endif /* HAVE_PAM */ ++#endif /* WITH_PAM */ + + /* Signal handlers */ + RETSIGTYPE +@@ -234,7 +226,7 @@ run_file(const char *filename, uid_t uid + char queue; + char fmt[64]; + unsigned long jobno; +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + int retcode; + #endif + +@@ -395,16 +387,11 @@ run_file(const char *filename, uid_t uid + fstat(fd_out, &buf); + size = buf.st_size; + +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + PRIV_START +- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); +- PAM_FAIL_CHECK; +- retcode = pam_acct_mgmt(pamh, PAM_SILENT); +- PAM_FAIL_CHECK; +- retcode = pam_open_session(pamh, PAM_SILENT); +- PAM_FAIL_CHECK; +- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); +- PAM_FAIL_CHECK; ++ PAM_HANDLING; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); + PRIV_END + #endif + +@@ -419,7 +406,15 @@ run_file(const char *filename, uid_t uid + else if (pid == 0) { + char *nul = NULL; + char **nenvp = &nul; ++ char **pam_envp=0L; + ++ PRIV_START ++#ifdef WITH_PAM ++ pam_envp = pam_getenvlist(pamh); ++ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) ++ nenvp = pam_envp; ++#endif ++ PRIV_END + /* Set up things for the child; we want standard input from the + * input file, and standard output and error sent to our output file. + */ +@@ -460,7 +455,16 @@ run_file(const char *filename, uid_t uid + + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) + perr("Exec failed for /bin/sh"); +- ++#ifdef WITH_PAM ++ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) ++ { ++ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) ++ free(*nenvp); ++ free( pam_envp ); ++ nenvp = &nul; ++ pam_envp=0L; ++ } ++#endif + PRIV_END + } + /* We're the parent. Let's wait. +@@ -474,7 +478,7 @@ run_file(const char *filename, uid_t uid + */ + waitpid(pid, (int *) NULL, 0); + +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + PRIV_START + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); + retcode = pam_close_session(pamh, PAM_SILENT); +@@ -503,6 +507,14 @@ run_file(const char *filename, uid_t uid + if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO) + close(fd_in); + ++#ifdef WITH_PAM ++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); ++ pam_close_session(pamh, PAM_SILENT); ++ pam_end(pamh, PAM_ABORT); ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif ++ + unlink(filename); + + /* The job is now finished. We can delete its input file. +@@ -511,8 +523,19 @@ run_file(const char *filename, uid_t uid + unlink(newname); + free(newname); + ++#ifdef ATD_MAIL_PROGRAM + if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { ++ int mail_pid = -1; ++#ifdef WITH_PAM ++ PAM_HANDLING; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif ++ ++ mail_pid = fork(); + ++ if ( mail_pid == 0 ) ++ { + PRIV_START + + if (initgroups(pentry->pw_name, pentry->pw_gid)) +@@ -537,7 +560,23 @@ run_file(const char *filename, uid_t uid + perr("Exec failed for mail command"); + + PRIV_END ++ } ++ else if ( mail_pid == -1 ) { ++ perr("fork of mailer failed"); ++ } ++ else { ++ /* Parent */ ++ waitpid(mail_pid, (int *) NULL, 0); ++ } ++#ifdef WITH_PAM ++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); ++ pam_close_session(pamh, PAM_SILENT); ++ pam_end(pamh, PAM_ABORT); ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif + } ++#endif + exit(EXIT_SUCCESS); + } + +diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in +--- at-3.1.12/config.h.in.pam 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/config.h.in 2009-12-03 10:34:36.373265254 +0100 +@@ -68,8 +68,8 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_NLIST_H + +-/* Define to 1 for PAM support */ +-#undef HAVE_PAM ++/* Define if you are building with_pam */ ++#undef WITH_PAM + + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC +diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac +--- at-3.1.12/configure.ac.pam 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/configure.ac 2009-12-03 10:34:36.373265254 +0100 +@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG + AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) + AC_CHECK_HEADERS(security/pam_appl.h, [ + PAMLIB="-lpam" +- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support]) ++ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support]) + ]) + + dnl Checking for programs +@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username, + ) + AC_SUBST(DAEMON_USERNAME) + ++AC_ARG_WITH(pam, ++[ --with-pam Define to enable pam support ], ++AC_DEFINE(WITH_PAM), ++) ++AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') ++AC_SUBST(PAMLIB) ++ + AC_MSG_CHECKING(groupname to run under) + AC_ARG_WITH(daemon_groupname, + [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], +diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c +--- at-3.1.12/perm.c.pam 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/perm.c 2009-12-03 10:34:36.373265254 +0100 +@@ -51,6 +51,14 @@ + #define PRIV_END while(0) + #endif + ++#ifdef WITH_PAM ++#include ++static pam_handle_t *pamh = NULL; ++static const struct pam_conv conv = { ++ NULL ++}; ++#endif ++ + /* Structures and unions */ + + +@@ -108,18 +116,51 @@ user_in_file(const char *path, const cha + int + check_permission() + { +- uid_t uid = geteuid(); ++ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); + struct passwd *pentry; + int allow = 0, deny = 1; + +- if (uid == 0) ++ int retcode = 0; ++ if (euid == 0) + return 1; + +- if ((pentry = getpwuid(uid)) == NULL) { ++ if ((pentry = getpwuid(euid)) == NULL) { + perror("Cannot access user database"); + exit(EXIT_FAILURE); + } + ++#ifdef WITH_PAM ++/* ++ * We must check if the atd daemon userid will be allowed to gain the job owner user's ++ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. ++ */ ++ if (setreuid(daemon_uid, daemon_uid) != 0) { ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); ++ exit(1); ++ } ++ if (setregid(daemon_gid, daemon_gid) != 0) { ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); ++ exit(1); ++ } ++ ++ pam_close_session(pamh,PAM_SILENT); ++ ++ PAM_HANDLING; ++ ++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); ++ pam_close_session(pamh,PAM_SILENT); ++ pam_end(pamh, PAM_ABORT); ++ ++ if (setregid(gid,egid) != 0) { ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); ++ exit(1); ++ } ++ if (setreuid(uid,euid) != 0) { ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); ++ exit(1); ++ } ++#endif ++ + allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); + if (allow==0 || allow==1) + return allow; +diff -up at-3.1.12/privs.h.pam at-3.1.12/privs.h +--- at-3.1.12/privs.h.pam 2009-11-23 16:11:52.000000000 +0100 ++++ at-3.1.12/privs.h 2009-12-03 10:34:36.374266484 +0100 +@@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da + #error "Cannot implement user ID swapping without setreuid or setresuid" + #endif + #endif ++ ++#ifdef WITH_PAM ++/* PAM failed after session was open. */ ++#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ ++ pam_close_session(pamh,PAM_SILENT); ++ ++/* syslog will be logging error messages */ ++#ifdef HAVE_UNISTD_H ++#include ++#endif ++ ++/* PAM fail even before opening the session */ ++#define PAM_FAIL_CHECK \ ++ do { if (retcode != PAM_SUCCESS) { \ ++ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \ ++ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ ++ if (pamh) \ ++ pam_end(pamh, retcode); \ ++ if (setregid(getgid(),getegid()) != 0) { \ ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \ ++ exit(1); \ ++ } \ ++ if (setreuid(getuid(),geteuid()) != 0) { \ ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \ ++ exit(1); \ ++ } \ ++ exit(1); \ ++ } \ ++ } while (0) \ ++ ++/* PAM - check after every operation whether they passed */ ++#define PAM_HANDLING \ ++ do { pamh = NULL; \ ++ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_open_session(pamh, PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \ ++ PAM_SESSION_FAIL; \ ++ PAM_FAIL_CHECK; \ ++ } while (0) ++ ++/* OLD FAIL_CHECK ONLY FOR perm.c ++ * define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ ++ * fprintf(stderr,"\nPAM failure %s\n",pam_strerror(pamh, retcode)); \ ++ * syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ ++ * if (pamh) \ ++ * pam_end(pamh, retcode); \ ++ * exit(1); \ ++ * } ++ */ ++ ++#endif ++ diff --git a/at-3.1.12-selinux.patch b/at-3.1.12-selinux.patch new file mode 100644 index 0000000..8290bc1 --- /dev/null +++ b/at-3.1.12-selinux.patch @@ -0,0 +1,152 @@ +diff -up at-3.1.12/config.h.in.selinux at-3.1.12/config.h.in +--- at-3.1.12/config.h.in.selinux 2009-12-02 16:32:19.469228959 +0100 ++++ at-3.1.12/config.h.in 2009-12-02 16:32:57.706966488 +0100 +@@ -71,6 +71,9 @@ + /* Define if you are building with_pam */ + #undef WITH_PAM + ++/* Define if you are building with_selinux */ ++#undef WITH_SELINUX ++ + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC + +diff -up at-3.1.12/configure.ac.selinux at-3.1.12/configure.ac +--- at-3.1.12/configure.ac.selinux 2009-12-02 16:31:15.323246019 +0100 ++++ at-3.1.12/configure.ac 2009-12-02 16:32:01.425966844 +0100 +@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname, + ) + AC_SUBST(DAEMON_GROUPNAME) + ++AC_ARG_WITH(selinux, ++[ --with-selinux Define to run with selinux], ++AC_DEFINE(WITH_SELINUX), ++) ++AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) ++AC_SUBST(SELINUXLIB) ++AC_SUBST(WITH_SELINUX) ++ + AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch) + AC_OUTPUT +diff -up at-3.1.12/Makefile.in.selinux at-3.1.12/Makefile.in +--- at-3.1.12/Makefile.in.selinux 2009-12-02 16:30:11.923216529 +0100 ++++ at-3.1.12/Makefile.in 2009-12-02 16:30:57.949215706 +0100 +@@ -39,6 +39,7 @@ LIBS = @LIBS@ + LIBOBJS = @LIBOBJS@ + INSTALL = @INSTALL@ + PAMLIB = @PAMLIB@ ++SELINUXLIB = @SELINUXLIB@ + + CLONES = atq atrm + ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o +diff -up at-3.1.12/atd.c.selinux at-3.1.12/atd.c +--- at-3.1.12/atd.c.selinux 2009-12-03 13:03:57.182284669 +0100 ++++ at-3.1.12/atd.c 2009-12-03 13:07:20.542272874 +0100 +@@ -83,6 +83,14 @@ + #include "getloadavg.h" + #endif + ++#ifdef WITH_SELINUX ++#include ++#include ++int selinux_enabled=0; ++#include ++#include ++#endif ++ + #ifndef LOG_ATD + #define LOG_ATD LOG_DAEMON + #endif +@@ -202,6 +210,68 @@ myfork() + #define ATD_MAIL_NAME "mailx" + #endif + ++#ifdef WITH_SELINUX ++static int set_selinux_context(const char *name, const char *filename) { ++ security_context_t user_context=NULL; ++ security_context_t file_context=NULL; ++ struct av_decision avd; ++ int retval=-1; ++ char *seuser=NULL; ++ char *level=NULL; ++ ++ if (getseuserbyname(name, &seuser, &level) == 0) { ++ retval=get_default_context_with_level(seuser, level, NULL, &user_context); ++ free(seuser); ++ free(level); ++ if (retval) { ++ if (security_getenforce()==1) { ++ perr("execle: couldn't get security context for user %s\n", name); ++ } else { ++ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); ++ return -1; ++ } ++ } ++ } ++ ++ /* ++ * Since crontab files are not directly executed, ++ * crond must ensure that the crontab file has ++ * a context that is appropriate for the context of ++ * the user cron job. It performs an entrypoint ++ * permission check for this purpose. ++ */ ++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) ++ perr("fgetfilecon FAILED %s", filename); ++ ++ retval = security_compute_av(user_context, ++ file_context, ++ SECCLASS_FILE, ++ FILE__ENTRYPOINT, ++ &avd); ++ freecon(file_context); ++ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { ++ if (security_getenforce()==1) { ++ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); ++ } else { ++ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ goto err; ++ } ++ } ++ if (setexeccon(user_context) < 0) { ++ if (security_getenforce()==1) { ++ perr("Could not set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ } else { ++ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); ++ } ++ } ++ err: ++ freecon(user_context); ++ return 0; ++} ++#endif ++ + static void + run_file(const char *filename, uid_t uid, gid_t gid) + { +@@ -452,6 +522,12 @@ run_file(const char *filename, uid_t uid + perr("Cannot reset signal handler to default"); + + chdir("/"); ++#ifdef WITH_SELINUX ++ if (selinux_enabled > 0) { ++ if (set_selinux_context(pentry->pw_name, filename) < 0) ++ perr("SELinux Failed to set context\n"); ++ } ++#endif + + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) + perr("Exec failed for /bin/sh"); +@@ -774,6 +850,10 @@ main(int argc, char *argv[]) + struct passwd *pwe; + struct group *ge; + ++#ifdef WITH_SELINUX ++ selinux_enabled=is_selinux_enabled(); ++#endif ++ + /* We don't need root privileges all the time; running under uid and gid + * daemon is fine. + */ diff --git a/at-3.1.12-shell.patch b/at-3.1.12-shell.patch new file mode 100644 index 0000000..891fa97 --- /dev/null +++ b/at-3.1.12-shell.patch @@ -0,0 +1,55 @@ +diff -up at-3.1.12/at.c.shell at-3.1.12/at.c +--- at-3.1.12/at.c.shell 2009-12-02 13:25:12.706989310 +0100 ++++ at-3.1.12/at.c 2009-12-02 13:26:01.991966200 +0100 +@@ -62,11 +62,8 @@ + #include + #include + +-#ifdef TM_IN_SYS_TIME + #include +-#else + #include +-#endif + + #ifdef HAVE_UNISTD_H + #include +@@ -244,6 +241,12 @@ writefile(time_t runtimer, char queue) + int kill_errno; + int rc; + int mailsize = 128; ++ struct timeval tv; ++ struct timezone tz; ++ long int i; ++ ++ gettimeofday(&tv, &tz); ++ srandom(getpid()+tv.tv_usec); + + /* Install the signal handler for SIGINT; terminate after removing the + * spool file if necessary +@@ -461,6 +464,9 @@ writefile(time_t runtimer, char queue) + fprintf(fp, " || {\n\t echo 'Execution directory " + "inaccessible' >&2\n\t exit 1\n}\n"); + ++ i = random(); ++ fprintf(fp, "${SHELL:-/bin/sh} << marcinDELIMITER%08lx\n", i); ++ + istty = isatty(fileno(stdin)); + if (istty) { + fprintf(stderr, "at> "); +@@ -477,6 +483,7 @@ writefile(time_t runtimer, char queue) + fprintf(stderr, "\n"); + } + fprintf(fp, "\n"); ++ fprintf(fp, "marcinDELIMITER%08lx\n", i); + if (ferror(fp)) + panic("Output error"); + +@@ -926,7 +933,7 @@ main(int argc, char **argv) + It also alows a warning diagnostic to be printed. Because of the + possible variance, we always output the diagnostic. */ + +- fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); ++ //fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); + + writefile(timer, queue); + break; diff --git a/at.spec b/at.spec index fc1bc77..ab08fad 100644 --- a/at.spec +++ b/at.spec @@ -1,4 +1,4 @@ -%define major_ver 3.1.11 +%define major_ver 3.1.12 %if %{?WITH_PAM:0}%{!?WITH_PAM:1} %define WITH_PAM 1 @@ -11,20 +11,18 @@ License: GPLv2+ Group: System Environment/Daemons URL: http://ftp.debian.org/debian/pool/main/a/at Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{major_ver}.orig.tar.gz -Source1: test.pl +# git upstream source git://git.debian.org/git/collab-maint/at.git +Source1: pam_atd Source2: atd.init Source3: atd.sysconf Source4: 56atd -Patch1: at-3.1.11-makefile.patch -Patch2: at-3.1.11-nitpicks.patch -Patch3: at-3.1.11-shell.patch -Patch4: at-3.1.11-opt_V.patch -Patch5: at-3.1.11-dont_fork.patch -Patch6: at-3.1.11-log.patch -Patch7: at-3.1.11-pam.patch -Patch8: at-3.1.11-pam2.patch -Patch9: at-3.1.11-selinux.patch +Patch1: at-3.1.12-makefile.patch +Patch2: at-3.1.12-opt_V.patch +Patch3: at-3.1.12-shell.patch +Patch4: at-3.1.12-nitpicks.patch +Patch5: at-3.1.12-pam.patch +Patch6: at-3.1.12-selinux.patch BuildRequires: fileutils chkconfig /etc/init.d BuildRequires: flex bison autoconf @@ -51,17 +49,13 @@ use crontab instead. %prep %setup -q - cp %{SOURCE1} . %patch1 -p1 -b .make -%patch2 -p1 -b .typo +%patch2 -p1 -b .opt_V %patch3 -p1 -b .shell -%patch4 -p1 -b .opt_V -%patch5 -p1 -b .dont_fork -%patch6 -p1 -b .log -%patch7 -p1 -b .pam -%patch8 -p1 -b .pam2 -%patch9 -p1 -b .selinux +%patch4 -p1 -b .nit +%patch5 -p1 -b .pam +%patch6 -p1 -b .selinux %build # patch9 touches configure.in @@ -79,15 +73,6 @@ rm -f lex.yy.* y.tab.* make -%check -# don't run "make test" by default -%{?_without_check: %define _without_check 1} -%{!?_without_check: %define _without_check 1} - -%if ! %{_without_check} - LANG=C make test > /dev/null -%endif - %install make install \ DAEMON_USERNAME=`id -nu`\ @@ -109,13 +94,15 @@ echo > %{buildroot}%{_sysconfdir}/at.deny mkdir docs cp %{buildroot}/%{_prefix}/doc/at/* docs/ +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +install -m 755 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd + mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/atd mv -f %{buildroot}/%{_mandir}/man5/at_allow.5 \ %{buildroot}/%{_mandir}/man5/at.allow.5 rm -f %{buildroot}/%{_mandir}/man5/at_deny.5 -#ln -s at.allow.5 %{buildroot}/%{_mandir}/man5/at.deny.5 mkdir -p %{buildroot}/etc/sysconfig install -m 755 %{SOURCE3} %{buildroot}/etc/sysconfig/atd @@ -126,6 +113,9 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libdir}/pm-utils/sleep.d/56atd # remove unpackaged files from the buildroot rm -r %{buildroot}%{_prefix}/doc +%check +make test + %clean rm -rf %{buildroot} @@ -156,7 +146,7 @@ fi %attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at %attr(0600,daemon,daemon) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ %attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at/spool -%attr(0640,root,daemon) %config(noreplace) /etc/pam.d/atd +%attr(0640,root,daemon) %config(noreplace) %{_sysconfdir}/pam.d/atd %{_sbindir}/atrun %attr(0755,root,root) %{_sbindir}/atd %{_mandir}/man*/* @@ -167,6 +157,13 @@ fi %attr(0755,root,root) %{_libdir}/pm-utils/sleep.d/56atd %changelog +* Thu Dec 3 2009 Marcela Mašláňová - 3.1.12-1 +- update to the new version of at +- adapt patches for new version +- change our pam config to source +- start using new upstream test instead of our nonfunctinal +- upstream changed nofork option -n to foreground option -f + * Tue Oct 13 2009 Marcela Mašláňová - 3.1.11-1 - 528582 add noreplace option into files section - rewrite pam2 patch - check return value, use "better" macro, etc. diff --git a/sources b/sources index 42038d0..0a6b956 100644 --- a/sources +++ b/sources @@ -1,6 +1,5 @@ -6e5857e23b3c32ea6995fb7f8989987e at_3.1.10.tar.gz 053188856f8d971c6239ed973cb85794 56atd b117781fd68e393443b2a8e478c7c22f atd.init ac1471fe22f63f666dc7d31173f47ea0 atd.sysconf -67aece5997fbe1f93072e0afd69e5280 test.pl -d5832d9b770f41db78020b92f80966d3 at_3.1.11.orig.tar.gz +1e67991776148fb319fd77a2e599a765 at_3.1.12.orig.tar.gz +000d2f30379d2bf8af09f51416e863ec pam_atd