Debian Bug report logs - #55873
Please add pam_open_session() and pam_close_session() to su

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ben Gertzfield <che@debian.org>

To: submit@bugs.debian.org

Subject: Please add pam_open_session() and pam_close_session() to su

Date: 21 Jan 2000 12:30:24 -0800

Package: shadow
Version: 19990827-16

As we discussed on debian-devel, su.c needs to have a call to
pam_open_session() added before it sets its permissions and forks or
execs its shell, and then (ideally) call pam_close_session() after the
shell returns from its fork.

Here's the relevant code from Red Hat's PAM-patched su, available
at http://csl.cse.ucsc.edu/~ben/sh-utils/sh-utils-2.0/src/su.c .

static void
change_identity (const struct passwd *pw)
{
#ifdef HAVE_INITGROUPS
  errno = 0;
  if (initgroups (pw->pw_name, pw->pw_gid) == -1)
    error (1, errno, _("cannot set groups"));
  endgrent ();
#endif
#ifdef USE_PAM
  retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
  if (retval != PAM_SUCCESS)
    error (1, 0, pam_strerror(pamh, retval));
#endif /* USE_PAM */
  if (setgid (pw->pw_gid))
    error (1, errno, _("cannot set group id"));
  if (setuid (pw->pw_uid))
    error (1, errno, _("cannot set user id"));
}

/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
   If COMMAND is nonzero, pass it to the shell with the -c option.
   If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
   arguments.  */
static void
run_shell (const char *shell, const char *command, char **additional_args, const
 struct passwd *pw)
{
  const char **args;
  int argno = 1;
#ifdef USE_PAM
  int child;
  sigset_t ourset;
  int status;
  retval = pam_open_session(pamh,0);
  if (retval != PAM_SUCCESS) {
    fprintf (stderr, "could not open session\n");
    exit (1);
  }
/* do this at the last possible moment, because environment variables may
   be passed even in the session phase
*/
  if(pam_copyenv(pamh) != PAM_SUCCESS)
     fprintf (stderr, "error copying PAM environment\n");
  child = fork();
  if (child == 0) {  /* child shell */
  change_identity (pw);
  pam_end(pamh, 0);
#endif
  if (additional_args)
    args = (const char **) xmalloc (sizeof (char *)
                                    * (10 + elements (additional_args)));
  else
    args = (const char **) xmalloc (sizeof (char *) * 10);
  if (simulate_login)
    {
      char *arg0;
      char *shell_basename;
      shell_basename = base_name (shell);
      arg0 = xmalloc (strlen (shell_basename) + 2);
      arg0[0] = '-';
      strcpy (arg0 + 1, shell_basename);
      args[0] = arg0;
    }
  else
    args[0] = base_name (shell);
  if (fast_startup)
    args[argno++] = "-f";
  if (command)
    {
      args[argno++] = "-c";
      args[argno++] = command;
    }
  if (additional_args)
    for (; *additional_args; ++additional_args)
      args[argno++] = *additional_args;
  args[argno] = NULL;
  execv (shell, (char **) args);
  error (1, errno, _("cannot run %s"), shell);
#ifdef USE_PAM
  } else if (child == -1) {
      fprintf(stderr, "can not fork user shell: %s", strerror(errno));
      exit(1);
  }
  /* parent only */
  sigfillset(&ourset);
  if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
    fprintf(stderr, "%s: signal malfunction\n", PROGRAM_NAME);
    caught = 1;
  }
  if (!caught) {
    struct sigaction action;
    action.sa_handler = su_catch_sig;
    sigemptyset(&action.sa_mask);
    action.sa_flags = 0;
    sigemptyset(&ourset);
    if (sigaddset(&ourset, SIGTERM)
        || sigaddset(&ourset, SIGALRM)
        || sigaction(SIGTERM, &action, NULL)
        || sigprocmask(SIG_UNBLOCK, &ourset, NULL)) {
      fprintf(stderr, "%s: signal masking malfunction\n", PROGRAM_NAME);
      caught = 1;
    }
  }
  if (!caught) {
    do {
      int pid;
      pid = waitpid(-1, &status, WUNTRACED);
      if (WIFSTOPPED(status)) {
          kill(getpid(), SIGSTOP);
          /* once we get here, we must have resumed */
          kill(pid, SIGCONT);
      }
    } while (WIFSTOPPED(status));
  } else
    status = -1;
  if (caught) {
    fprintf(stderr, "\nSession terminated, killing shell...");
    kill (child, SIGTERM);
  }
  retval = pam_close_session(pamh, 0);
  PAM_BAIL_P;
  retval = pam_end(pamh, PAM_SUCCESS);
  PAM_BAIL_P;
  if (caught) {
    sleep(2);
    kill(child, SIGKILL);
    fprintf(stderr, " ...killed.\n");
  }
  exit (status);
#endif /* USE_PAM */
}

Ben

-- 
Brought to you by the letters Z and P and the number 12.
"Well, I think Perl should run faster than C.  :-)"
Debian GNU/Linux maintainer of Gimp and GTK+ -- http://www.debian.org/

Message #10 received at 55873-close@bugs.debian.org (full text, mbox, reply):

From: Ben Collins <bcollins@debian.org>

To: 55873-close@bugs.debian.org

Subject: Bug#55873: fixed in shadow 19990827-17

Date: 29 Feb 2000 19:58:32 -0000

We believe that the bug you reported is fixed in the latest version of
shadow, which has been installed in the Debian FTP archive:
login_19990827-17_sparc.deb
  to dists/woody/main/binary-sparc/base/login_19990827-17.deb
  replacing login_19990827-16.deb
passwd_19990827-17_sparc.deb
  to dists/woody/main/binary-sparc/base/passwd_19990827-17.deb
  replacing passwd_19990827-16.deb
shadow_19990827-17.diff.gz
  to dists/woody/main/source/base/shadow_19990827-17.diff.gz
  replacing shadow_19990827-16.diff.gz
shadow_19990827-17.dsc
  to dists/woody/main/source/base/shadow_19990827-17.dsc
  replacing shadow_19990827-16.dsc

Note that this package is not part of the released stable Debian
distribution.  It may have dependencies on other unreleased software,
or other instabilities.  Please take care if you wish to install it.
The update will eventually make its way into the next released Debian
distribution.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 55873@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ben Collins <bcollins@debian.org> (supplier of updated shadow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.6
Date: Mon, 28 Feb 2000 12:37:22 -0500
Source: shadow
Binary: login passwd
Architecture: source sparc
Version: 19990827-17
Distribution: unstable
Urgency: low
Maintainer: Ben Collins <bcollins@debian.org>
Description: 
 login      - System login tools
 passwd     - Change and administer password and group data.
Closes: 53702 54768 54877 54900 55873 57526 57532 58203
Changes: 
 shadow (19990827-17) unstable; urgency=low
 .
   * Fixed typo in login.defs, closes: #54877
   * logoutd.init.d: Check for /etc/security/time.conf, closes: #54900
   * login.defs: Added note about the MAIL env option, closes: #54768
   * login.pam.d,passwd.pam.d: Use new options in pam_unix.so to enable
     obsure password checks. This mimics the old behavior in pre-PAM
     shadow, closes: #58203
   * Use patch from Topi Miettinen <tom@pluto.nic.fi> to add pam session
     ability to su, closes: #57526, #55873, #57532
   * Made login's -f option also able to use the username after -- if none
     was passed as it's optarg, closes: #53702
Files: 
 3a458acf6a310c12b31ad5394f7c483c 584 base required shadow_19990827-17.dsc
 ead9a314f6b3c65c574b01710d9f512f 43611 base required shadow_19990827-17.diff.gz
 56b40b295fac4d2c582cd5e185864853 300530 base required passwd_19990827-17_sparc.deb
 ed9a86ea55d241eb2b8844b436174b2a 119642 base required login_19990827-17_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: Some people are fools, some are just foolish

iD8DBQE4usjzfNc/ZB4E7C0RAkVqAKCc3NG7GcYPCv7/D3AvlEY/9y1/fgCgltut
BEFoPdytU26Rp/38wcgtwv4=
=9LmG
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.