From 8d4557c16b8c9d794b01641e006ad490d30f17e1 Mon Sep 17 00:00:00 2001 From: Werner Fink Date: Thu, 1 Apr 2010 08:34:05 +0000 Subject: [PATCH] * Remove PAM session start part from init as sulogin do not use and will not use a PAM conv() function. The current sulogin is able to handle DES as well as MD5, SHA, and Blowfish encrypted passwords due using getpwnam(3). * Enable the sulogin fallback password check to handle MD5, SHA, and Blowfish encrypted passwords in case of getpwnam(3) fails. --- doc/Changelog | 6 ++++ src/init.c | 79 ++------------------------------------------------- 2 files changed, 8 insertions(+), 77 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index a2cff15..2cfc4b1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -77,6 +77,12 @@ sysvinit (2.88dsf) UNRELEASED; urgency=low * Provide a simply /etc/pam.d/init as without it will not work (sigh!) * Extend sulogin to support additional encryption algorithms * Re-enable maintenance message of sulogin + * Remove PAM session start part from init as sulogin do not use + and will not use a PAM conv() function. The current sulogin + is able to handle DES as well as MD5, SHA, and Blowfish encrypted + passwords due using getpwnam(3). + * Enable the sulogin fallback password check to handle MD5, SHA, and + Blowfish encrypted passwords in case of getpwnam(3) fails. -- Petter Reinholdtsen Sun, 12 Jul 2009 19:58:10 +0200 diff --git a/src/init.c b/src/init.c index d8cc3f2..aa81d37 100644 --- a/src/init.c +++ b/src/init.c @@ -70,11 +70,6 @@ # endif #endif -#ifdef USE_PAM -# include -# include -#endif - #include "init.h" #include "initreq.h" #include "paths.h" @@ -865,47 +860,6 @@ void initlog(int loglevel, char *s, ...) } -#ifdef USE_PAM -static pam_handle_t *pamh = NULL; -# ifdef __GNUC__ -static int -init_conv(int num_msg, const struct pam_message **msgm, - struct pam_response **response __attribute__((unused)), - void *appdata_ptr __attribute__((unused))) -# else -static int -init_conv(int num_msg, const struct pam_message **msgm, - struct pam_response **response, void *appdata_ptr) -# endif -{ - int i; - for (i = 0; i < num_msg; i++) { - const struct pam_message *msg = msgm[i]; - if (msg == (const struct pam_message*)0) - continue; - if (msg->msg == (char*)0) - continue; - switch (msg->msg_style) { - case PAM_ERROR_MSG: - case PAM_TEXT_INFO: - initlog(L_VB, "pam_message %s", msg->msg); - default: - break; - } - } - return 0; -} -static const struct pam_conv conv = { init_conv, NULL }; -# define PAM_FAIL_CHECK(func, args...) \ - { \ - if ((pam_ret = (func)(args)) != PAM_SUCCESS) { \ - initlog(L_VB, "%s", pam_strerror(pamh, pam_ret)); \ - goto pam_error; \ - } \ - } -#endif /* USE_PAM */ - - /* * Build a new environment for execve(). */ @@ -916,23 +870,13 @@ char **init_buildenv(int child) char i_cons[32]; char i_shell[] = "SHELL=" SHELL; char **e; -#ifdef USE_PAM - char **pamenv = (char**)0; -#endif int n, i; for (n = 0; environ[n]; n++) ; n += NR_EXTRA_ENV; - if (child) { -#ifdef USE_PAM - pamenv = pam_getenvlist(pamh); - for (i = 0; pamenv[i]; i++) - ; - n += i; -#endif + if (child) n += 8; - } e = calloc(n, sizeof(char *)); for (n = 0; environ[n]; n++) @@ -944,10 +888,6 @@ char **init_buildenv(int child) } if (child) { -#ifdef USE_PAM - for (i = 0; pamenv[i]; i++) - e[n++] = istrdup(pamenv[i]); -#endif snprintf(i_cons, sizeof(i_cons), "CONSOLE=%s", console_dev); i_lvl[9] = thislevel; i_prev[10] = prevlevel; @@ -1095,9 +1035,7 @@ pid_t spawn(CHILD *ch, int *res) sigprocmask(SIG_BLOCK, &nmask, &omask); if ((pid = fork()) == 0) { -#ifdef USE_PAM - int pam_ret; -#endif + close(0); close(1); close(2); @@ -1193,13 +1131,6 @@ pid_t spawn(CHILD *ch, int *res) dup(f); } -#ifdef USE_PAM - PAM_FAIL_CHECK(pam_start, "init", "root" , &conv, &pamh); - PAM_FAIL_CHECK(pam_set_item, pamh, PAM_TTY, console_dev); - PAM_FAIL_CHECK(pam_acct_mgmt, pamh, PAM_SILENT); - PAM_FAIL_CHECK(pam_open_session, pamh, PAM_SILENT); - PAM_FAIL_CHECK(pam_setcred, pamh, PAM_ESTABLISH_CRED|PAM_SILENT); -#endif /* * Update utmp/wtmp file prior to starting * any child. This MUST be done right here in @@ -1241,12 +1172,6 @@ pid_t spawn(CHILD *ch, int *res) if (ch->process[0] != '+') write_utmp_wtmp("", ch->id, getpid(), DEAD_PROCESS, NULL); -#ifdef USE_PAM - (void)pam_setcred(pamh, PAM_DELETE_CRED|PAM_SILENT); - pam_ret = pam_close_session(pamh, PAM_SILENT); - pam_error: - pam_end(pamh, pam_ret); -#endif exit(1); } *res = pid;