rpms/tog-pegasus/devel pegasus-2.6.1-init_script.patch, NONE, 1.1 pegasus-2.6.1-local-or-remote-auth.patch, NONE, 1.1 sources, 1.8, 1.9 tog-pegasus.spec, 1.48, 1.49 pegasus-2.5-add_cmpi_provider_lib.patch, 1.1, NONE pegasus-2.5-bz173401.patch, 1.1, NONE pegasus-2.5-enable_cql.patch, 1.1, NONE pegasus-2.5-install_id.patch, 1.1, NONE pegasus-2.5-local-or-remote-auth.patch, 1.1, NONE pegasus-2.5-make_install.patch, 1.1, NONE pegasus-2.5-redhat.patch, 1.4, NONE pegasus-2.5-syslog_h.patch, 1.1, NONE pegasus-2.5.1-AutoPtr-Core.patch, 1.1, NONE pegasus-2.5.1-HOSTNAME_MAX.patch, 1.1, NONE pegasus-2.5.1-PATH_MAX.patch, 1.1, NONE pegasus-2.5.1-PIE.patch, 1.1, NONE pegasus-2.5.1-bz198185.patch, 1.1, NONE pegasus-2.5.1-cmpi-provider-lib.patch, 1.1, NONE pegasus-2.5.1-enable_cql.patch, 1.1, NONE pegasus-2.5.1-fix_repupgrade.patch, 1.1, NONE pegasus-2.5.1-fix_zseries_flags.patch, 1.1, NONE pegasus-2.5.1-linkflags.patch, 1.1, NONE pegasus-2.5.1-local-or-remote-auth.patch, 1.1, NONE pegasus-2.5.1-no-rpath.patch, 1.2, NONE pegasus-2.5.1-obz4934.patch, 1.1, NONE pegasus-2.5.1-obz4945.patch, 1.1, NONE pegasus-2.5.1-obz4955.patch, 1.1, NONE pegasus-2.5.1-obz4956.patch, 1.1, NONE pegasus-2.5.1-obz4968_upcalls_oop.patch, 1.1, NONE pegasus-2.5.1-obz4978.patch, 1.1, NONE pegasus-2.5.1-obz4983.patch, 1.1, NONE pegasus-2.5.1-obz4984.patch, 1.1, NONE pegasus-2.5.1-obz4986.patch, 1.1, NONE pegasus-2.5.1-obz5046.patch, 1.1, NONE pegasus-2.5.1-obz5047.patch, 1.1, NONE pegasus-2.5.1-obz5048.patch, 1.1, NONE pegasus-2.5.1-obz5049.patch, 1.1, NONE pegasus-2.5.1-obz5051.patch, 1.1, NONE pegasus-2.5.1-obz5053.patch, 1.1, NONE pegasus-2.5.1-obz5059.patch, 1.1, NONE pegasus-2.5.1-obz5072.patch, 1.1, NONE pegasus-2.5.1-obz5073.patch, 1.1, NONE pegasus-2.5.1-obz5083.patch, 1.1, NONE pegasus-2.5.1-obz5090.patch, 1.1, NONE pegasus-2.5.1-obz5115.patch, 1.1, NONE pegasus-2.5.1-obz5119.patch, 1.1, NONE pegasus-2.5.1-obz5180.patch, 1.1, NONE pegasus-2.5.1-parallel_make.patch, 1.1, NONE pegasus-2.5.2-PATH_MAX.patch, 1.1, NONE pegasus-2.5.2-cmpi-provider-lib.patch, 1.1, NONE pegasus-2.5.2-local-or-remote-auth.patch, 1.1, NONE pegasus-2.6.0-local-or-remote-auth.patch, 1.1, NONE
Vitezslav Crhonek (vcrhonek)
fedora-extras-commits at redhat.com
Thu Aug 30 10:34:10 UTC 2007
Author: vcrhonek
Update of /cvs/extras/rpms/tog-pegasus/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25067
Modified Files:
sources tog-pegasus.spec
Added Files:
pegasus-2.6.1-init_script.patch
pegasus-2.6.1-local-or-remote-auth.patch
Removed Files:
pegasus-2.5-add_cmpi_provider_lib.patch
pegasus-2.5-bz173401.patch pegasus-2.5-enable_cql.patch
pegasus-2.5-install_id.patch
pegasus-2.5-local-or-remote-auth.patch
pegasus-2.5-make_install.patch pegasus-2.5-redhat.patch
pegasus-2.5-syslog_h.patch pegasus-2.5.1-AutoPtr-Core.patch
pegasus-2.5.1-HOSTNAME_MAX.patch pegasus-2.5.1-PATH_MAX.patch
pegasus-2.5.1-PIE.patch pegasus-2.5.1-bz198185.patch
pegasus-2.5.1-cmpi-provider-lib.patch
pegasus-2.5.1-enable_cql.patch
pegasus-2.5.1-fix_repupgrade.patch
pegasus-2.5.1-fix_zseries_flags.patch
pegasus-2.5.1-linkflags.patch
pegasus-2.5.1-local-or-remote-auth.patch
pegasus-2.5.1-no-rpath.patch pegasus-2.5.1-obz4934.patch
pegasus-2.5.1-obz4945.patch pegasus-2.5.1-obz4955.patch
pegasus-2.5.1-obz4956.patch
pegasus-2.5.1-obz4968_upcalls_oop.patch
pegasus-2.5.1-obz4978.patch pegasus-2.5.1-obz4983.patch
pegasus-2.5.1-obz4984.patch pegasus-2.5.1-obz4986.patch
pegasus-2.5.1-obz5046.patch pegasus-2.5.1-obz5047.patch
pegasus-2.5.1-obz5048.patch pegasus-2.5.1-obz5049.patch
pegasus-2.5.1-obz5051.patch pegasus-2.5.1-obz5053.patch
pegasus-2.5.1-obz5059.patch pegasus-2.5.1-obz5072.patch
pegasus-2.5.1-obz5073.patch pegasus-2.5.1-obz5083.patch
pegasus-2.5.1-obz5090.patch pegasus-2.5.1-obz5115.patch
pegasus-2.5.1-obz5119.patch pegasus-2.5.1-obz5180.patch
pegasus-2.5.1-parallel_make.patch pegasus-2.5.2-PATH_MAX.patch
pegasus-2.5.2-cmpi-provider-lib.patch
pegasus-2.5.2-local-or-remote-auth.patch
pegasus-2.6.0-local-or-remote-auth.patch
Log Message:
update to 2.6.1, fix wrong init script (#245339)
pegasus-2.6.1-init_script.patch:
--- NEW FILE pegasus-2.6.1-init_script.patch ---
--- pegasus-2.6.1/rpm/tog-pegasus.rc_old 2007-08-30 09:30:13.000000000 +0200
+++ pegasus-2.6.1/rpm/tog-pegasus.rc 2007-08-30 10:21:42.000000000 +0200
@@ -5,17 +5,22 @@
# processname: cimserver
# pidfile: /var/run/tog-pegasus/cimserver.pid
#
+
+### BEGIN INIT INFO
+# Provides: lsb-pegasus
+# Required-Start: $syslog $network
+# Should-Start: $time
+# Required-Stop: $syslog
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Description: init script for Pegasus CIMServer
+### END INIT INFO
+
CIMSERVER_BIN=/usr/sbin/cimserver
prog=cimserver
LOCKFILE=/var/lock/subsys/tog-pegasus
. /etc/rc.d/init.d/functions
-if [ ! -x $CIMSERVER_BIN ]; then
- echo -n "tog-pegasus $1: $CIMSERVER_BIN not found or not executable.";
- failure;
- exit 1;
-fi;
-
[ -e /etc/sysconfig/tog-pegasus ] && . /etc/sysconfig/tog-pegasus;
PEGASUS_SSL_CONF_FILE=${PEGASUS_SSL_CONF_FILE:=/etc/Pegasus/ssl.cnf}
@@ -26,7 +31,26 @@
RETVAL=0
case "$1" in
- start)
+ start)
+ pid=`pidofproc $CIMSERVER_BIN`
+ RETVAL=$?
+ if [ "$RETVAL" -eq 0 ]; then
+ echo "tog-pegasus $1: $CIMSERVER_BIN is already running";
+ exit 0;
+ fi;
+
+ if [ ! -e $CIMSERVER_BIN ]; then
+ echo "tog-pegasus $1: $CIMSERVER_BIN not found";
+ failure;
+ exit 5;
+ fi;
+
+ if [ ! -x $CIMSERVER_BIN ]; then
+ echo "tog-pegasus $1: $CIMSERVER_BIN not executable";
+ failure;
+ exit 4;
+ fi;
+
if [ ! -e ${PEGASUS_SSL_CONF_FILE} ] || [ ! -e ${PEGASUS_SSL_CERT_FILE} ] ||
[ ! -e ${PEGASUS_SSL_KEY_FILE} ] || [ ! -e ${PEGASUS_SSL_TRUSTSTORE} ]; then
if [ -x /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts ]; then
@@ -71,10 +95,10 @@
RETVAL=$?
if [ "$RETVAL" -eq 0 ]; then
echo -n $"CIM server ($pid) is running";
- success;
+ RETVAL=0
else
echo -n $"CIM server is not running";
- failure;
+ RETVAL=3
fi
echo
;;
@@ -103,7 +127,7 @@
;;
*)
echo "Usage: $0 {start|stop|status|restart|reload|force-reload|try-restart}"
- exit 1
+ RETVAL=3
esac
exit $RETVAL
pegasus-2.6.1-local-or-remote-auth.patch:
--- NEW FILE pegasus-2.6.1-local-or-remote-auth.patch ---
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfo.h pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfo.h
--- pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfo.h 2007-03-23 10:36:53.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfo.h 2007-08-17 11:18:15.000000000 -0700
@@ -343,6 +343,22 @@
return _rep->getRemotePrivilegedUserAccessChecked();
}
+ /** Indicate whether the user is Remote
+ */
+ Boolean isRemoteUser() const
+ {
+ _checkRep();
+ return _rep->isRemoteUser();
+ }
+
+ /** Set the Remote User flag
+ */
+ void setRemoteUser(Boolean remoteUser)
+ {
+ _checkRep();
+ _rep->setRemoteUser(remoteUser);
+ }
+
private:
AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep)
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.cpp pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.cpp
--- pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.cpp 2007-03-23 10:36:53.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.cpp 2007-08-17 11:26:28.000000000 -0700
@@ -51,7 +51,8 @@
_privileged(false),
_authType(String::EMPTY),
_connectionAuthenticated(false),
- _wasRemotePrivilegedUserAccessChecked(false)
+ _wasRemotePrivilegedUserAccessChecked(false),
+ _remoteUser(true)
{
PEG_METHOD_ENTER(
TRC_AUTHENTICATION, "AuthenticationInfoRep::AuthenticationInfoRep");
@@ -59,6 +60,15 @@
PEG_METHOD_EXIT();
}
+void AuthenticationInfoRep::setRemoteUser(Boolean remoteUser)
+{
+ PEG_METHOD_ENTER(TRC_AUTHENTICATION,
+ "AuthenticationInfoRep::setRemoteUser");
+
+ _remoteUser = remoteUser;
+
+ PEG_METHOD_EXIT();
+}
AuthenticationInfoRep::~AuthenticationInfoRep()
{
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.h pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.h
--- pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.h 2007-03-23 10:36:53.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.h 2007-08-17 11:18:15.000000000 -0700
@@ -136,6 +136,13 @@
void setSecurityAssociation();
#endif
+ Boolean isRemoteUser() const
+ {
+ return _remoteUser;
+ }
+
+ void setRemoteUser(Boolean remoteUser);
+
//PEP187
Array<SSLCertificateInfo*> getClientCertificateChain()
{
@@ -180,6 +187,7 @@
Boolean _wasRemotePrivilegedUserAccessChecked;
Array<SSLCertificateInfo*> _clientCertificate;
+ Boolean _remoteUser;
};
PEGASUS_NAMESPACE_END
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/HTTPConnection.cpp pegasus-2.6.1/src/Pegasus/Common/HTTPConnection.cpp
--- pegasus-2.6.1.orig/src/Pegasus/Common/HTTPConnection.cpp 2007-08-02 01:08:02.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Common/HTTPConnection.cpp 2007-08-17 11:18:15.000000000 -0700
@@ -2042,6 +2042,30 @@
#endif
}
+ // Allow authenticators to differentiate Remote and Local users:
+ struct sockaddr_in sin_peer, sin_svr; // don't need to worry about IPv6 yet ...
+ socklen_t slen1=sizeof(struct sockaddr_in), slen2=sizeof(struct sockaddr_in);
+ uint32_t sock = _socket.get()->getSocket() ;
+ memset(&sin_peer,'\0',slen1);
+ memset(&sin_svr, '\0',slen2);
+ if ( ( ::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 )
+ ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 )
+ )
+ {
+ if( sin_peer.sin_family == AF_INET )
+ {
+ if( ((ntohl( sin_peer.sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+ // message was sent FROM localhost interface
+ message->fromRemoteHost = false;
+ }
+ if( sin_svr.sin_family == AF_INET )
+ {
+ if( ((ntohl( sin_svr.sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+ // message was sent TO localhost interface
+ message->fromRemoteHost = false;
+ }
+ }
+
//
// increment request count
//
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.cpp pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.cpp
--- pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.cpp 2007-05-25 10:39:01.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.cpp 2007-08-17 11:18:15.000000000 -0700
@@ -120,7 +120,8 @@
queueId(queueId_),
authInfo(0),
acceptLanguagesDecoded(false),
- contentLanguagesDecoded(false)
+ contentLanguagesDecoded(false),
+ fromRemoteHost(true)
{
if (cimException_)
cimException = *cimException_;
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.h pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.h
--- pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.h 2007-05-25 10:39:01.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.h 2007-08-17 11:18:15.000000000 -0700
@@ -75,6 +75,7 @@
ContentLanguageList contentLanguages;
Boolean acceptLanguagesDecoded;
Boolean contentLanguagesDecoded;
+ Boolean fromRemoteHost;
CIMException cimException;
void parse(
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp
--- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2006-11-08 04:41:28.000000000 -0800
+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2007-08-17 11:18:15.000000000 -0700
@@ -139,7 +139,7 @@
}
authInfo->setRemotePrivilegedUserAccessChecked();
- authenticated = _basicAuthenticator->authenticate(userName, password);
+ authenticated = _basicAuthenticator->authenticate(userName, password, authInfo->isRemoteUser());
// Log audit message.
PEG_AUDIT_LOG(logBasicAuthentication(
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticator.h pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticator.h
--- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2006-01-30 08:18:28.000000000 -0800
+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2007-08-17 11:18:15.000000000 -0700
@@ -67,7 +67,8 @@
*/
virtual Boolean authenticate(
const String& userName,
- const String& password) = 0;
+ const String& password,
+ Boolean isRemoteUser) = 0;
/** Construct and return the HTTP Basic authentication challenge header
@return A string containing the authentication challenge header.
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h
--- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2006-08-09 14:13:04.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2007-08-17 11:18:15.000000000 -0700
@@ -73,7 +73,8 @@
*/
Boolean authenticate(
const String& userName,
- const String& password);
+ const String& password,
+ Boolean isRemoteUser);
/** Verify PAM account management for the requesting user.
@param userName String containing the user name
@@ -102,7 +103,8 @@
Boolean _authenticateByPAM(
const String& userName,
- const String& password);
+ const String& password,
+ Boolean isRemoteUser);
void _createPAMStandalone();
@@ -158,7 +160,8 @@
*/
Boolean authenticate(
const String& userName,
- const String& password);
+ const String& password,
+ Boolean isRemoteUser);
/** Verify whether the user is valid.
@param userName String containing the user name
@@ -220,7 +223,8 @@
Boolean _authenticateByPAM(
const String& userName,
- const String& password);
+ const String& password,
+ Boolean isRemoteUser);
#if defined(PEGASUS_USE_PAM_STANDALONE_PROC)
PAMBasicAuthenticatorStandAlone _pamBasicAuthenticatorStandAlone;
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp
--- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2006-01-30 08:18:28.000000000 -0800
+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2007-08-17 11:18:15.000000000 -0700
@@ -92,7 +92,8 @@
Boolean PAMBasicAuthenticator::authenticate(
const String& userName,
- const String& password)
+ const String& password,
+ Boolean isRemoteUser)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"PAMBasicAuthenticator::authenticate()");
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
--- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2007-04-04 04:04:52.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2007-08-17 11:38:49.000000000 -0700
@@ -48,6 +48,8 @@
#include <prot.h>
#endif
+#include <syslog.h>
+
#if defined (PEGASUS_USE_PAM_STANDALONE_PROC)
#include <Pegasus/Common/Logger.h>
#include <pwd.h>
@@ -130,7 +132,8 @@
Boolean PAMBasicAuthenticator::authenticate(
const String& userName,
- const String& password)
+ const String& password,
+ Boolean isRemoteUser)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"PAMBasicAuthenticator::authenticate()");
@@ -138,7 +141,7 @@
Boolean authenticated;
#if !defined(PEGASUS_USE_PAM_STANDALONE_PROC)
- authenticated = _authenticateByPAM(userName, password);
+ authenticated = _authenticateByPAM(userName, password, isRemoteUser);
#else
//
// Mutex to Serialize Authentication calls.
@@ -156,7 +159,8 @@
Boolean PAMBasicAuthenticator::_authenticateByPAM(
const String& userName,
- const String& password)
+ const String& password,
+ Boolean isRemoteUser)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"PAMBasicAuthenticator::_authenticateByPAM()");
@@ -166,6 +170,7 @@
pam_handle_t *phandle;
char *name;
APP_DATA mydata;
+ int retcode;
//
// Store the password for PAM authentication
@@ -180,12 +185,28 @@
// "PAMBasicAuthenticator::_authenticateByPAM() - userName = %s; userPassword = %s",
// (const char *)userName.getCString(), (const char *)password.getCString()));
+ // NOTE: if any pam call should log anything, our syslog socket will be redirected
+ // to the AUTH facility, so we need to redirect it back after each pam call.
+
//
//Call pam_start since you need to before making any other PAM calls
//
- if ( ( pam_start(service,
+ if ( ( retcode = pam_start(service,
(const char *)userName.getCString(), &pconv, &phandle) ) != PAM_SUCCESS )
{
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog( LOG_ERR, "pam_start failed: %s", pam_strerror(phandle, retcode));
+ PEG_METHOD_EXIT();
+ return (authenticated);
+ }
+
+ if ( (retcode = pam_set_item(phandle, PAM_TTY, isRemoteUser ? "wbemNetwork" : "wbemLocal")) != PAM_SUCCESS )
+ {
+ pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog( LOG_ERR, "pam_set_item(PAM_TTY=wbem) failed: %s", pam_strerror(phandle, retcode));
PEG_METHOD_EXIT();
return (authenticated);
}
@@ -193,7 +214,7 @@
//
//Call pam_authenticate to authenticate the user
//
- if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS )
+ if ( ( retcode = pam_authenticate(phandle, 0) ) == PAM_SUCCESS )
{
PEG_TRACE_CSTRING(TRC_AUTHENTICATION, Tracer::LEVEL4,
"pam_authenticate successful.");
@@ -202,21 +223,41 @@
//checking for password and account expiration, as well as verifying access
//hour restrictions.
//
- if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS )
+ if ( ( retcode = pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS )
{
PEG_TRACE_CSTRING(TRC_AUTHENTICATION, Tracer::LEVEL4,
"pam_acct_mgmt successful.");
authenticated = true;
}
+ else
+ {
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_acct_mgmt failed: %s",pam_strerror(phandle, retcode));
+ }
+ }
+ else
+ {
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_authenticate failed: %s",pam_strerror(phandle, retcode));
}
//
//Call pam_end to end our PAM work
//
pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
PEG_METHOD_EXIT();
+ if ( ! authenticated )
+ syslog(LOG_ERR, "PAM authentication failed for %s user: %s",
+ isRemoteUser ? "remote" : "local",
+ (const char*)userName.getCString()
+ );
+
return (authenticated);
}
@@ -232,6 +273,7 @@
pam_handle_t *phandle;
char *name;
APP_DATA mydata;
+ int retcode;
const char *service = "wbem";
pconv.conv = PAMBasicAuthenticator::pamValidateUserCallback;
@@ -240,9 +282,22 @@
//
// Call pam_start since you need to before making any other PAM calls
//
- if ( pam_start(service,
- (const char *)userName.getCString(), &pconv, &phandle) != PAM_SUCCESS)
+ if ( (retcode = pam_start(service,
+ (const char *)userName.getCString(), &pconv, &phandle)) != PAM_SUCCESS)
+ {
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog( LOG_ERR, "pam_start() failed: %s", pam_strerror(phandle, retcode));
+ PEG_METHOD_EXIT();
+ return (authenticated);
+ }
+
+ if ( (retcode = pam_set_item(phandle, PAM_TTY, "wbemLocal")) != PAM_SUCCESS )
{
+ pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog( LOG_ERR, "pam_set_item(PAM_TTY=wbemLocal) failed: %s", pam_strerror(phandle, retcode));
PEG_METHOD_EXIT();
return (authenticated);
}
@@ -252,16 +307,28 @@
// checking for account expiration, as well as verifying access
// hour restrictions.
//
- if ( pam_acct_mgmt(phandle, 0) == PAM_SUCCESS )
+ if ( (retcode = pam_acct_mgmt(phandle, 0)) == PAM_SUCCESS )
{
authenticated = true;
}
+ else
+ {
+ pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog( LOG_ERR, "pam_acct_mgmt() failed: %s", pam_strerror(phandle, retcode));
+ PEG_METHOD_EXIT();
+ return (authenticated);
+ }
//
//Call pam_end to end our PAM work
//
pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+
#else
//
// Mutex to Serialize Authentication calls.
diff -Nur pegasus-2.6.1.orig/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp pegasus-2.6.1/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp
--- pegasus-2.6.1.orig/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2007-04-04 04:04:52.000000000 -0700
+++ pegasus-2.6.1/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2007-08-17 11:18:15.000000000 -0700
@@ -274,6 +274,9 @@
}
}
+ // Let Authenticators know whether this user is Local or Remote:
+ httpMessage->authInfo->setRemoteUser( httpMessage->fromRemoteHost );
+
//
// Handle authentication:
//
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/tog-pegasus/devel/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- sources 12 Mar 2007 11:28:47 -0000 1.8
+++ sources 30 Aug 2007 10:33:37 -0000 1.9
@@ -1 +1 @@
-396243b5781eae66c8a8b187b7f85141 pegasus-2.6.0.tar.gz
+fa4c1f760482e7222f4a8790185c09dc pegasus-2.6.1.tar.gz
Index: tog-pegasus.spec
===================================================================
RCS file: /cvs/extras/rpms/tog-pegasus/devel/tog-pegasus.spec,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- tog-pegasus.spec 28 Mar 2007 18:01:34 -0000 1.48
+++ tog-pegasus.spec 30 Aug 2007 10:33:37 -0000 1.49
@@ -26,7 +26,7 @@
%if %{NODEBUGINFO}
%define debug_package %{nil}
%endif
-%define srcname pegasus
+%define srcname pegasus-2.6.1
%define pegasus_gid 65
%define pegasus_uid 66
@@ -40,8 +40,8 @@
%endif
%endif
-Version: 2.6.0
-Release: 2%{?dist}
+Version: 2.6.1
+Release: 1%{?dist}
Epoch: 2
#
Summary: OpenPegasus WBEM Services for Linux
@@ -53,7 +53,7 @@
#
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%{_target_cpu}-%(%{__id} -u -n)
#
-Source: http://www.openpegasus.org/uploads/40/10123/%{srcname}-%{version}.tar.gz
+Source: http://www.openpegasus.org/uploads/40/10123/pegasus-%{version}.tar.gz
Source1: README.RedHat.Security
Source2: genOpenPegasusSSLCerts
Source3: pegasus_arch_alternatives
@@ -70,13 +70,14 @@
# 6: don't see how http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5099 fixed it
Patch6: pegasus-2.6.0-cmpi-provider-lib.patch
# 7: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5010
-Patch7: pegasus-2.6.0-local-or-remote-auth.patch
+Patch7: pegasus-2.6.1-local-or-remote-auth.patch
# 8: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5012
Patch8: pegasus-2.5.1-pam-wbem.patch
# 11: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5006
Patch11: pegasus-2.5.1-fix_tests.patch
#
Patch39: pegasus-2.6.0-cimuser.patch
+Patch40: pegasus-2.6.1-init_script.patch
#
Conflicts: openwbem
Provides: tog-pegasus-cimserver
@@ -138,6 +139,7 @@
%patch8 -p1 -b .pam-wbem
%patch11 -p1 -b .fix-tests
%patch39 -p1 -b .cimuser
+%patch40 -p1 -b .init_script
find . -name 'CVS' -exec /bin/rm -rf '{}' ';' >/dev/null 2>&1 ||:;
%build
@@ -422,6 +424,10 @@
%changelog
+* Thu Aug 30 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 2.6.1-1
+- Update to 2.6.1
+- Fix wrong init script (#245339)
+
* Wed Mar 28 2007 Vitezslav Crhonek <vcrhonek at redhat.com> - 2.6.0-2
- Update changelog
- Build with Open Pegasus' Makefiles, istall with RedHats (Mark Hamzy)
--- pegasus-2.5-add_cmpi_provider_lib.patch DELETED ---
--- pegasus-2.5-bz173401.patch DELETED ---
--- pegasus-2.5-enable_cql.patch DELETED ---
--- pegasus-2.5-install_id.patch DELETED ---
--- pegasus-2.5-local-or-remote-auth.patch DELETED ---
--- pegasus-2.5-make_install.patch DELETED ---
--- pegasus-2.5-redhat.patch DELETED ---
--- pegasus-2.5-syslog_h.patch DELETED ---
--- pegasus-2.5.1-AutoPtr-Core.patch DELETED ---
--- pegasus-2.5.1-HOSTNAME_MAX.patch DELETED ---
--- pegasus-2.5.1-PATH_MAX.patch DELETED ---
--- pegasus-2.5.1-PIE.patch DELETED ---
--- pegasus-2.5.1-bz198185.patch DELETED ---
--- pegasus-2.5.1-cmpi-provider-lib.patch DELETED ---
--- pegasus-2.5.1-enable_cql.patch DELETED ---
--- pegasus-2.5.1-fix_repupgrade.patch DELETED ---
--- pegasus-2.5.1-fix_zseries_flags.patch DELETED ---
--- pegasus-2.5.1-linkflags.patch DELETED ---
--- pegasus-2.5.1-local-or-remote-auth.patch DELETED ---
--- pegasus-2.5.1-no-rpath.patch DELETED ---
--- pegasus-2.5.1-obz4934.patch DELETED ---
--- pegasus-2.5.1-obz4945.patch DELETED ---
--- pegasus-2.5.1-obz4955.patch DELETED ---
--- pegasus-2.5.1-obz4956.patch DELETED ---
--- pegasus-2.5.1-obz4968_upcalls_oop.patch DELETED ---
--- pegasus-2.5.1-obz4978.patch DELETED ---
--- pegasus-2.5.1-obz4983.patch DELETED ---
--- pegasus-2.5.1-obz4984.patch DELETED ---
--- pegasus-2.5.1-obz4986.patch DELETED ---
--- pegasus-2.5.1-obz5046.patch DELETED ---
--- pegasus-2.5.1-obz5047.patch DELETED ---
--- pegasus-2.5.1-obz5048.patch DELETED ---
--- pegasus-2.5.1-obz5049.patch DELETED ---
--- pegasus-2.5.1-obz5051.patch DELETED ---
--- pegasus-2.5.1-obz5053.patch DELETED ---
--- pegasus-2.5.1-obz5059.patch DELETED ---
--- pegasus-2.5.1-obz5072.patch DELETED ---
--- pegasus-2.5.1-obz5073.patch DELETED ---
--- pegasus-2.5.1-obz5083.patch DELETED ---
--- pegasus-2.5.1-obz5090.patch DELETED ---
--- pegasus-2.5.1-obz5115.patch DELETED ---
--- pegasus-2.5.1-obz5119.patch DELETED ---
--- pegasus-2.5.1-obz5180.patch DELETED ---
--- pegasus-2.5.1-parallel_make.patch DELETED ---
--- pegasus-2.5.2-PATH_MAX.patch DELETED ---
--- pegasus-2.5.2-cmpi-provider-lib.patch DELETED ---
--- pegasus-2.5.2-local-or-remote-auth.patch DELETED ---
--- pegasus-2.6.0-local-or-remote-auth.patch DELETED ---
More information about the fedora-extras-commits
mailing list