* Remove PAM session start part from init as sulogin do not use

and will not use a PAM conv() function.  The current sulogin
   is able to handle DES as well as MD5, SHA, and Blowfish encrypted
   passwords due using getpwnam(3).
 * Enable the sulogin fallback password check to handle  MD5, SHA, and
   Blowfish encrypted passwords in case of getpwnam(3) fails.
This commit is contained in:
Werner Fink 2010-04-01 08:34:05 +00:00
parent c49baa492c
commit 8d4557c16b
2 changed files with 8 additions and 77 deletions

View File

@ -77,6 +77,12 @@ sysvinit (2.88dsf) UNRELEASED; urgency=low
* Provide a simply /etc/pam.d/init as without it will not work (sigh!) * Provide a simply /etc/pam.d/init as without it will not work (sigh!)
* Extend sulogin to support additional encryption algorithms * Extend sulogin to support additional encryption algorithms
* Re-enable maintenance message of sulogin * Re-enable maintenance message of sulogin
* Remove PAM session start part from init as sulogin do not use
and will not use a PAM conv() function. The current sulogin
is able to handle DES as well as MD5, SHA, and Blowfish encrypted
passwords due using getpwnam(3).
* Enable the sulogin fallback password check to handle MD5, SHA, and
Blowfish encrypted passwords in case of getpwnam(3) fails.
-- Petter Reinholdtsen <pere@hungry.com> Sun, 12 Jul 2009 19:58:10 +0200 -- Petter Reinholdtsen <pere@hungry.com> Sun, 12 Jul 2009 19:58:10 +0200

View File

@ -70,11 +70,6 @@
# endif # endif
#endif #endif
#ifdef USE_PAM
# include <security/pam_appl.h>
# include <security/pam_misc.h>
#endif
#include "init.h" #include "init.h"
#include "initreq.h" #include "initreq.h"
#include "paths.h" #include "paths.h"
@ -865,47 +860,6 @@ void initlog(int loglevel, char *s, ...)
} }
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
# ifdef __GNUC__
static int
init_conv(int num_msg, const struct pam_message **msgm,
struct pam_response **response __attribute__((unused)),
void *appdata_ptr __attribute__((unused)))
# else
static int
init_conv(int num_msg, const struct pam_message **msgm,
struct pam_response **response, void *appdata_ptr)
# endif
{
int i;
for (i = 0; i < num_msg; i++) {
const struct pam_message *msg = msgm[i];
if (msg == (const struct pam_message*)0)
continue;
if (msg->msg == (char*)0)
continue;
switch (msg->msg_style) {
case PAM_ERROR_MSG:
case PAM_TEXT_INFO:
initlog(L_VB, "pam_message %s", msg->msg);
default:
break;
}
}
return 0;
}
static const struct pam_conv conv = { init_conv, NULL };
# define PAM_FAIL_CHECK(func, args...) \
{ \
if ((pam_ret = (func)(args)) != PAM_SUCCESS) { \
initlog(L_VB, "%s", pam_strerror(pamh, pam_ret)); \
goto pam_error; \
} \
}
#endif /* USE_PAM */
/* /*
* Build a new environment for execve(). * Build a new environment for execve().
*/ */
@ -916,23 +870,13 @@ char **init_buildenv(int child)
char i_cons[32]; char i_cons[32];
char i_shell[] = "SHELL=" SHELL; char i_shell[] = "SHELL=" SHELL;
char **e; char **e;
#ifdef USE_PAM
char **pamenv = (char**)0;
#endif
int n, i; int n, i;
for (n = 0; environ[n]; n++) for (n = 0; environ[n]; n++)
; ;
n += NR_EXTRA_ENV; n += NR_EXTRA_ENV;
if (child) { if (child)
#ifdef USE_PAM
pamenv = pam_getenvlist(pamh);
for (i = 0; pamenv[i]; i++)
;
n += i;
#endif
n += 8; n += 8;
}
e = calloc(n, sizeof(char *)); e = calloc(n, sizeof(char *));
for (n = 0; environ[n]; n++) for (n = 0; environ[n]; n++)
@ -944,10 +888,6 @@ char **init_buildenv(int child)
} }
if (child) { if (child) {
#ifdef USE_PAM
for (i = 0; pamenv[i]; i++)
e[n++] = istrdup(pamenv[i]);
#endif
snprintf(i_cons, sizeof(i_cons), "CONSOLE=%s", console_dev); snprintf(i_cons, sizeof(i_cons), "CONSOLE=%s", console_dev);
i_lvl[9] = thislevel; i_lvl[9] = thislevel;
i_prev[10] = prevlevel; i_prev[10] = prevlevel;
@ -1095,9 +1035,7 @@ pid_t spawn(CHILD *ch, int *res)
sigprocmask(SIG_BLOCK, &nmask, &omask); sigprocmask(SIG_BLOCK, &nmask, &omask);
if ((pid = fork()) == 0) { if ((pid = fork()) == 0) {
#ifdef USE_PAM
int pam_ret;
#endif
close(0); close(0);
close(1); close(1);
close(2); close(2);
@ -1193,13 +1131,6 @@ pid_t spawn(CHILD *ch, int *res)
dup(f); dup(f);
} }
#ifdef USE_PAM
PAM_FAIL_CHECK(pam_start, "init", "root" , &conv, &pamh);
PAM_FAIL_CHECK(pam_set_item, pamh, PAM_TTY, console_dev);
PAM_FAIL_CHECK(pam_acct_mgmt, pamh, PAM_SILENT);
PAM_FAIL_CHECK(pam_open_session, pamh, PAM_SILENT);
PAM_FAIL_CHECK(pam_setcred, pamh, PAM_ESTABLISH_CRED|PAM_SILENT);
#endif
/* /*
* Update utmp/wtmp file prior to starting * Update utmp/wtmp file prior to starting
* any child. This MUST be done right here in * any child. This MUST be done right here in
@ -1241,12 +1172,6 @@ pid_t spawn(CHILD *ch, int *res)
if (ch->process[0] != '+') if (ch->process[0] != '+')
write_utmp_wtmp("", ch->id, getpid(), DEAD_PROCESS, NULL); write_utmp_wtmp("", ch->id, getpid(), DEAD_PROCESS, NULL);
#ifdef USE_PAM
(void)pam_setcred(pamh, PAM_DELETE_CRED|PAM_SILENT);
pam_ret = pam_close_session(pamh, PAM_SILENT);
pam_error:
pam_end(pamh, pam_ret);
#endif
exit(1); exit(1);
} }
*res = pid; *res = pid;