Debian Bug report logs -
#68621
sysvinit: Add PAM support
Reported by: Topi Miettinen <Topi.Miettinen@nic.fi>
Date: Sat, 5 Aug 2000 19:51:46 UTC
Severity: wishlist
Done: Dmitry Bogatov <KAction@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Miquel van Smoorenburg <miquels@cistron.nl>:
Bug#68621; Package sysvinit.
(full text, mbox, link).
Acknowledgement sent to Topi Miettinen <Topi.Miettinen@nic.fi>:
New Bug report received and forwarded. Copy sent to Miquel van Smoorenburg <miquels@cistron.nl>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: sysvinit
Version: 2.78-4
Severity: wishlist
This patch (adapted from login) adds PAM support to init. At least Trusted
Solaris's init is probably doing similar things, according to manual page.
Unfortunately init doesn't wait for all children, so the final call to
pam_end() is missing.
-Topi
diff -ru src/Makefile.orig src/Makefile
--- src/Makefile.orig Sat Nov 13 21:06:45 1999
+++ src/Makefile Thu Jul 20 00:54:59 2000
@@ -34,7 +34,7 @@
all: $(PROGS)
init: init.o init_utmp.o
- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
+ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lpam
halt: halt.o ifdown.o utmp.o reboot.h
$(CC) $(LDFLAGS) -o $@ halt.o ifdown.o utmp.o
@@ -64,7 +64,7 @@
$(CC) $(LDFLAGS) -o $@ bootlogd.o
init.o: init.c init.h set.h reboot.h
- $(CC) -c $(CFLAGS) init.c
+ $(CC) -c $(CFLAGS) init.c -DUSE_PAM
utmp.o: utmp.c init.h
$(CC) -c $(CFLAGS) utmp.c
diff -ru src/init.c.orig src/init.c
--- src/init.c.orig Wed Jul 19 23:48:31 2000
+++ src/init.c Sat Aug 5 12:36:32 2000
@@ -61,6 +61,10 @@
# endif
#endif
+#ifdef USE_PAM
+# include <security/pam_appl.h>
+#endif
+
#include "init.h"
#include "initreq.h"
#include "paths.h"
@@ -188,6 +192,21 @@
{NULL,0}
};
+#ifdef USE_PAM
+static pam_handle_t *pamh = NULL;
+
+static const struct pam_conv conv = {
+ NULL
+};
+
+#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ log(L_VB, "%s",pam_strerror(pamh, retcode)); \
+ pam_end(pamh, retcode); \
+ return -1; \
+ }
+#endif /* USE_PAM */
+
+
/*
* Sleep a number of seconds.
*
@@ -791,6 +810,9 @@
pid_t pid, pgrp; /* child, console process group. */
sigset_t nmask, omask; /* For blocking SIGCHLD */
struct sigaction sa;
+#ifdef USE_PAM
+ int retcode;
+#endif
*res = -1;
buf[sizeof(buf) - 1] = 0;
@@ -907,6 +929,18 @@
putenv(i_prev);
putenv(i_cons);
putenv(E_VERSION);
+#ifdef USE_PAM
+ retcode = pam_start("init", "root" , &conv, &pamh);
+ PAM_FAIL_CHECK;
+ retcode = pam_set_item(pamh, PAM_TTY, console_dev);
+ PAM_FAIL_CHECK;
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_open_session(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+ PAM_FAIL_CHECK;
+#endif
/*
* In sysinit, boot, bootwait or single user mode:
Changed Bug title.
Request was from Thomas Hood <jdthood@yahoo.co.uk>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: patch
Request was from Thomas Hood <jdthood@yahoo.co.uk>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Miquel van Smoorenburg <miquels@cistron.nl>:
Bug#68621; Package sysvinit.
(full text, mbox, link).
Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Miquel van Smoorenburg <miquels@cistron.nl>.
(full text, mbox, link).
Message #14 received at 68621@bugs.debian.org (full text, mbox, reply):
[Topi Miettinen]
> This patch (adapted from login) adds PAM support to init. At least
> Trusted Solaris's init is probably doing similar things, according
> to manual page.
Can you or anyone else explain why this is useful, for those of us not
understanding this intuitively?
The patch look OK, but I do not understand what problem it is trying
to solve.
Message sent on to Topi Miettinen <Topi.Miettinen@nic.fi>:
Bug#68621.
(full text, mbox, link).
Tags added: wontfix
Request was from Thomas Hood <jdthood@yahoo.co.uk>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian sysvinit maintainers <pkg-sysvinit-devel@lists.alioth.debian.org>:
Bug#68621; Package sysvinit.
(full text, mbox, link).
Acknowledgement sent to vVelychko@gmail.com:
Extra info received and forwarded to list. Copy sent to Debian sysvinit maintainers <pkg-sysvinit-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #24 received at 68621@bugs.debian.org (full text, mbox, reply):
>[Topi Miettinen]
>> This patch (adapted from login) adds PAM support to init. At least
>> Trusted Solaris's init is probably doing similar things, according
>> to manual page.
>
>Can you or anyone else explain why this is useful, for those of us not
>understanding this intuitively?
>
>The patch look OK, but I do not understand what problem it is trying
>to solve.
I don't know about init, but without PAM support no one can do /sbin/sulogin
(going to single user mode) in case (for example) pam_unix2.so enabled
(package libpam-unix2) and root password encrypted with blowfish hash.
BTW I already have this problem. :-(
--
VEL-[RIPE|UANIC]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian sysvinit maintainers <pkg-sysvinit-devel@lists.alioth.debian.org>:
Bug#68621; Package sysvinit.
(Fri, 10 Jul 2009 12:15:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian sysvinit maintainers <pkg-sysvinit-devel@lists.alioth.debian.org>.
(Fri, 10 Jul 2009 12:15:10 GMT) (full text, mbox, link).
Message #29 received at 68621@bugs.debian.org (full text, mbox, reply):
tag 68621 - wontfix
thanks
We got a rationale, and it make sense to me. I guess we should
implement this, after giving it a bit of testing.
Tags removed: wontfix
Request was from Petter Reinholdtsen <pere@hungry.com>
to control@bugs.debian.org.
(Fri, 10 Jul 2009 12:15:12 GMT) (full text, mbox, link).
Bug reassigned from package 'sysvinit' to 'sysvinit-core'.
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org.
(Sun, 17 Jul 2016 15:15:52 GMT) (full text, mbox, link).
No longer marked as found in versions 2.78-4.
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org.
(Sun, 17 Jul 2016 15:15:52 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Dmitry Bogatov <KAction@debian.org>:
Bug#68621; Package sysvinit-core.
(Mon, 29 Oct 2018 18:15:02 GMT) (full text, mbox, link).
Acknowledgement sent
to jsmith@resonatingmedia.com:
Extra info received and forwarded to list. Copy sent to Dmitry Bogatov <KAction@debian.org>.
(Mon, 29 Oct 2018 18:15:03 GMT) (full text, mbox, link).
Message #40 received at 68621@bugs.debian.org (full text, mbox, reply):
I like the idea of this patch and am on board with using this functionality.
However, I tried to apply it and, after working around some changes in
our Makefile, I found that the parts of the code that set up PAM do not
compile anymore. Specifically the calls to "PAM_FAIL_CHECK" will not
compile because they expand to call a function called "log" which
conflicts with the math.h log() function.
If someone updates the patch and re-submits I'll be happy to apply this
upstream.
Jesse (upstream dev)
Reply sent
to Dmitry Bogatov <KAction@debian.org>:
You have taken responsibility.
(Tue, 14 May 2019 09:45:27 GMT) (full text, mbox, link).
Notification sent
to Topi Miettinen <Topi.Miettinen@nic.fi>:
Bug acknowledged by developer.
(Tue, 14 May 2019 09:45:27 GMT) (full text, mbox, link).
Message #45 received at 68621-done@bugs.debian.org (full text, mbox, reply):
control: tags -1 -patch
[2018-10-29 15:07] Jesse Smith <jsmith@resonatingmedia.com>
> I like the idea of this patch and am on board with using this functionality.
>
> However, I tried to apply it and, after working around some changes in
> our Makefile, I found that the parts of the code that set up PAM do not
> compile anymore. Specifically the calls to "PAM_FAIL_CHECK" will not
> compile because they expand to call a function called "log" which
> conflicts with the math.h log() function.
>
> If someone updates the patch and re-submits I'll be happy to apply this
> upstream.
Closing bug on timeout -- it is 18 years old, original submitter did not
show up for half a year already. Feel free to re-open should patch
appear.
Oh, and by the way, I think PAM is bad thing, and we do not need to
bring more of it into Debian.
--
Note, that I send and fetch email in batch, once every 24 hours.
If matter is urgent, try https://t.me/kaction
--
Message sent on
to Topi Miettinen <Topi.Miettinen@nic.fi>:
Bug#68621.
(Tue, 14 May 2019 09:45:34 GMT) (full text, mbox, link).
Removed tag(s) patch.
Request was from Dmitry Bogatov <KAction@debian.org>
to 68621-submitter@bugs.debian.org.
(Tue, 14 May 2019 09:45:34 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 12 Jun 2019 07:25:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Jan 12 13:32:08 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.