rpms/rsh/devel netkit-rsh-0.17-audit.patch, 1.1, 1.2 rsh.spec, 1.42, 1.43
Adam Tkac (atkac)
fedora-extras-commits at redhat.com
Tue Mar 25 14:16:02 UTC 2008
Author: atkac
Update of /cvs/pkgs/rpms/rsh/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3232
Modified Files:
netkit-rsh-0.17-audit.patch rsh.spec
Log Message:
- fixed NULL pointer dereference (#437815)
- cleanup in audit patch
netkit-rsh-0.17-audit.patch:
Index: netkit-rsh-0.17-audit.patch
===================================================================
RCS file: /cvs/pkgs/rpms/rsh/devel/netkit-rsh-0.17-audit.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- netkit-rsh-0.17-audit.patch 26 Oct 2007 07:13:24 -0000 1.1
+++ netkit-rsh-0.17-audit.patch 25 Mar 2008 14:15:44 -0000 1.2
@@ -1,158 +1,6 @@
-diff -urp netkit-rsh-0.17.orig/configure netkit-rsh-0.17/configure
---- netkit-rsh-0.17.orig/configure 2007-10-20 08:27:09.000000000 -0400
-+++ netkit-rsh-0.17/configure 2007-10-20 10:57:52.000000000 -0400
-@@ -19,8 +19,9 @@
- Usage: configure [options]
- --help Show this message
- --with-debug Enable debugging
-- --without-pam Disable PAM support
-+ --without-pam Disable PAM support
- --without-shadow Disable shadow password support
-+ --without-audit Disable audit support
- --prefix=path Prefix for location of files [/usr]
- --exec-prefix=path Location for arch-depedent files [prefix]
- --installroot=root Top of filesystem tree to install in [/]
-@@ -47,6 +48,7 @@
- --with-c-compiler=*) CC=`echo $1 | sed 's/^[^=]*=//'` ;;
- --without-pam|--disable-pam) WITHOUT_PAM=1;;
- --without-shadow|--disable-shadow) WITHOUT_SHADOW=1;;
-+ --without-audit|--disable-audit) WITHOUT_AUDIT=1;;
- *) echo "Unrecognized option: $1"; exit 1;;
- esac
- shift
-@@ -342,6 +344,32 @@
-
- ##################################################
-
-+echo -n 'Checking for AUDIT... '
-+if [ x$WITHOUT_AUDIT != x ]; then
-+ echo disabled
-+else
-+cat <<EOF >__conftest.c
-+#include <stdio.h>
-+#include <libaudit.h>
-+int main() {
-+ audit_log_acct_message(1, AUDIT_USER_LOGIN, NULL, NULL, NULL, 0, NULL, NULL, NULL, 0);
-+ return 0;
-+}
-+
-+EOF
-+if (
-+ $CC $CFLAGS __conftest.c -laudit -o __conftest || exit 1
-+ ) >/dev/null 2>&1; then
-+ echo 'yes'
-+ USE_AUDIT=1
-+ else
-+ echo 'no'
-+ fi
-+fi
-+rm -f __conftest*
-+
-+##################################################
-+
- echo -n 'Checking for crypt... '
- cat <<EOF >__conftest.c
- int main() { crypt("aa", "bb"); }
-@@ -593,5 +621,6 @@
- echo "USE_PAM=$USE_PAM"
- echo "USE_SHADOW=$USE_SHADOW"
- echo "LIBSHADOW=$LIBSHADOW"
-+ echo "USE_AUDIT=$USE_AUDIT"
- ) > MCONFIG
-
-diff -urp netkit-rsh-0.17.orig/rexecd/rexecd.c netkit-rsh-0.17/rexecd/rexecd.c
---- netkit-rsh-0.17.orig/rexecd/rexecd.c 2007-10-20 08:27:09.000000000 -0400
-+++ netkit-rsh-0.17/rexecd/rexecd.c 2007-10-20 10:11:31.000000000 -0400
-@@ -312,9 +312,12 @@ doit(struct sockaddr_in *fromp)
- PAM_password = pass;
- pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh);
- PAM_BAIL;
-- pam_set_item (pamh, PAM_RUSER, user);
-- pam_set_item (pamh, PAM_RHOST, remote);
-- pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
-+ pam_error = pam_set_item (pamh, PAM_RUSER, user);
-+ PAM_BAIL;
-+ pam_error = pam_set_item (pamh, PAM_RHOST, remote);
-+ PAM_BAIL;
-+ pam_error = pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
-+ PAM_BAIL;
- pam_error = pam_authenticate(pamh, 0);
- PAM_BAIL;
- pam_error = pam_acct_mgmt(pamh, 0);
-diff -urp netkit-rsh-0.17.orig/rlogind/auth.c netkit-rsh-0.17/rlogind/auth.c
---- netkit-rsh-0.17.orig/rlogind/auth.c 2007-10-20 08:27:09.000000000 -0400
-+++ netkit-rsh-0.17/rlogind/auth.c 2007-10-20 09:06:54.000000000 -0400
-@@ -117,17 +117,39 @@ int auth_checkauth(const char *remoteuse
- retval = pam_start("rlogin", localuser, &conv, &pamh);
- if (retval != PAM_SUCCESS) {
- syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retval));
-+ pam_end(pamh, retval);
- fatal(STDERR_FILENO, "initialization failed", 0);
- }
-
-- pam_set_item(pamh, PAM_USER, localuser);
-- pam_set_item(pamh, PAM_RUSER, remoteuser);
-- pam_set_item(pamh, PAM_RHOST, host);
-- pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */
-+ retval = pam_set_item(pamh, PAM_USER, localuser);
-+ if (retval != PAM_SUCCESS) {
-+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval));
-+ pam_end(pamh, retval);
-+ fatal(STDERR_FILENO, "initialization failed", 0);
-+ }
-+ retval = pam_set_item(pamh, PAM_RUSER, remoteuser);
-+ if (retval != PAM_SUCCESS) {
-+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval));
-+ pam_end(pamh, retval);
-+ fatal(STDERR_FILENO, "initialization failed", 0);
-+ }
-+ retval = pam_set_item(pamh, PAM_RHOST, host);
-+ if (retval != PAM_SUCCESS) {
-+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval));
-+ pam_end(pamh, retval);
-+ fatal(STDERR_FILENO, "initialization failed", 0);
-+ }
-+ retval = pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */
-+ if (retval != PAM_SUCCESS) {
-+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval));
-+ pam_end(pamh, retval);
-+ fatal(STDERR_FILENO, "initialization failed", 0);
-+ }
-
- network_confirm();
- retval = attempt_auth();
- if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) {
-+ pam_end(pamh, retval);
- syslog(LOG_ERR, "PAM authentication denied for in.rlogind");
- exit(1);
- } else if (retval != PAM_SUCCESS) {
-diff -urp netkit-rsh-0.17.orig/rlogind/rlogind.c netkit-rsh-0.17/rlogind/rlogind.c
---- netkit-rsh-0.17.orig/rlogind/rlogind.c 2007-10-20 08:27:09.000000000 -0400
-+++ netkit-rsh-0.17/rlogind/rlogind.c 2007-10-20 08:59:13.000000000 -0400
-@@ -357,9 +357,9 @@ static void child(const char *hname, con
- }
- termenv[3] = NULL;
-
-+ auth_finish();
-+ closeall();
- if (authenticated) {
-- auth_finish();
-- closeall();
- execle(_PATH_LOGIN, "login", "-p",
- "-h", hname, "-f", localuser, NULL, termenv);
- }
-@@ -368,8 +368,6 @@ static void child(const char *hname, con
- syslog(LOG_AUTH|LOG_INFO, "rlogin with an option as a name!");
- exit(1);
- }
-- auth_finish();
-- closeall();
- execle(_PATH_LOGIN, "login", "-p",
- "-h", hname, localuser, NULL, termenv);
- }
-diff -urp netkit-rsh-0.17.orig/rshd/Makefile netkit-rsh-0.17/rshd/Makefile
---- netkit-rsh-0.17.orig/rshd/Makefile 2007-10-20 08:27:09.000000000 -0400
-+++ netkit-rsh-0.17/rshd/Makefile 2007-10-20 11:00:49.000000000 -0400
+diff -up netkit-rsh-0.17/rshd/Makefile.audit netkit-rsh-0.17/rshd/Makefile
+--- netkit-rsh-0.17/rshd/Makefile.audit 2008-03-25 12:33:26.000000000 +0100
++++ netkit-rsh-0.17/rshd/Makefile 2008-03-25 12:33:26.000000000 +0100
@@ -9,6 +9,10 @@ ifeq ($(USE_PAM),1)
CFLAGS += -DUSE_PAM
LIBS += -ldl -lpam -lpam_misc
@@ -164,9 +12,9 @@
rshd: $(OBJS)
$(CC) $(LDFLAGS) $^ $(LIBS) -o $@
-diff -urp netkit-rsh-0.17.orig/rshd/rshd.c netkit-rsh-0.17/rshd/rshd.c
---- netkit-rsh-0.17.orig/rshd/rshd.c 2007-10-20 08:27:09.000000000 -0400
-+++ netkit-rsh-0.17/rshd/rshd.c 2007-10-20 11:04:16.000000000 -0400
+diff -up netkit-rsh-0.17/rshd/rshd.c.audit netkit-rsh-0.17/rshd/rshd.c
+--- netkit-rsh-0.17/rshd/rshd.c.audit 2008-03-25 12:33:26.000000000 +0100
++++ netkit-rsh-0.17/rshd/rshd.c 2008-03-25 12:35:37.000000000 +0100
@@ -90,6 +90,10 @@ char rcsid[] =
static pam_handle_t *pamh;
#endif /* USE_PAM */
@@ -178,32 +26,36 @@
#define OPTIONS "aDhlLn"
static int keepalive = 1;
-@@ -243,9 +247,21 @@ static struct passwd *doauth(const char
+@@ -224,6 +228,14 @@ static void stderr_parent(int sock, int
+ exit(0);
+ }
+
++#define PAM_SET_ITEM(item,val) \
++ do { \
++ retcode = pam_set_item(pamh, (item), (val)); \
++ if (retcode != PAM_SUCCESS) { \
++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode)); \
++ exit (1); \
++ } \
++ } while (0)
+
+ static struct passwd *doauth(const char *remuser,
+ const char *hostname,
+@@ -243,9 +255,10 @@ static struct passwd *doauth(const char
syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retcode));
exit (1);
}
- pam_set_item (pamh, PAM_RUSER, remuser);
- pam_set_item (pamh, PAM_RHOST, hostname);
- pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */
-+ retcode = pam_set_item (pamh, PAM_RUSER, remuser);
-+ if (retcode != PAM_SUCCESS) {
-+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode));
-+ exit (1);
-+ }
-+ retcode = pam_set_item (pamh, PAM_RHOST, hostname);
-+ if (retcode != PAM_SUCCESS) {
-+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode));
-+ exit (1);
-+ }
-+ retcode = pam_set_item (pamh, PAM_TTY, "rsh"); /* we don't use a tty, so punt */
-+ if (retcode != PAM_SUCCESS) {
-+ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retcode));
-+ exit (1);
-+ }
++
++ PAM_SET_ITEM(PAM_RUSER, remuser);
++ PAM_SET_ITEM(PAM_RHOST, hostname);
++ PAM_SET_ITEM(PAM_TTY, "rsh"); /* we don't use a tty, so punt */
retcode = pam_authenticate(pamh, 0);
if (retcode == PAM_SUCCESS) {
-@@ -365,6 +381,27 @@ static const char *findhostname(struct s
+@@ -365,6 +378,27 @@ static const char *findhostname(struct s
return NULL; /* not reachable */
}
@@ -231,11 +83,11 @@
static void
doit(struct sockaddr_storage *fromp, socklen_t fromlen)
{
-@@ -435,14 +472,21 @@ doit(struct sockaddr_storage *fromp, soc
+@@ -435,14 +469,21 @@ doit(struct sockaddr_storage *fromp, soc
setpwent();
pwd = doauth(remuser, hostname, locuser);
if (pwd == NULL) {
-+ if (log_audit(remuser, pwd->pw_uid, hostname, 0) <= 0) {
++ if (log_audit(remuser, -1, hostname, 0) <= 0) {
+ fail("Error sending audit event.\n",
+ remuser, hostname, locuser, cmdbuf);
+ }
@@ -247,10 +99,160 @@
error("Logins currently disabled.\n");
exit(1);
}
-+ if (log_audit(remuser, pwd->pw_uid, hostname, 1) <= 0) {
++ if (log_audit(NULL, pwd->pw_uid, hostname, 1) <= 0) {
+ fail("Error sending audit event.\n",
+ remuser, hostname, locuser, cmdbuf);
+ }
(void) write(2, "\0", 1);
sent_null = 1;
+diff -up netkit-rsh-0.17/rexecd/rexecd.c.audit netkit-rsh-0.17/rexecd/rexecd.c
+--- netkit-rsh-0.17/rexecd/rexecd.c.audit 2008-03-25 12:33:26.000000000 +0100
++++ netkit-rsh-0.17/rexecd/rexecd.c 2008-03-25 12:33:26.000000000 +0100
+@@ -312,9 +312,12 @@ doit(struct sockaddr_in *fromp)
+ PAM_password = pass;
+ pam_error = pam_start("rexec", PAM_username, &PAM_conversation,&pamh);
+ PAM_BAIL;
+- pam_set_item (pamh, PAM_RUSER, user);
+- pam_set_item (pamh, PAM_RHOST, remote);
+- pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
++ pam_error = pam_set_item (pamh, PAM_RUSER, user);
++ PAM_BAIL;
++ pam_error = pam_set_item (pamh, PAM_RHOST, remote);
++ PAM_BAIL;
++ pam_error = pam_set_item (pamh, PAM_TTY, "rexec"); /* we don't have a tty yet! */
++ PAM_BAIL;
+ pam_error = pam_authenticate(pamh, 0);
+ PAM_BAIL;
+ pam_error = pam_acct_mgmt(pamh, 0);
+diff -up netkit-rsh-0.17/rlogind/auth.c.audit netkit-rsh-0.17/rlogind/auth.c
+--- netkit-rsh-0.17/rlogind/auth.c.audit 2008-03-25 12:33:26.000000000 +0100
++++ netkit-rsh-0.17/rlogind/auth.c 2008-03-25 12:33:26.000000000 +0100
+@@ -102,6 +102,16 @@ static int attempt_auth(void) {
+ return retval;
+ }
+
++#define PAM_SET_ITEM(item,val) \
++ do { \
++ retval = pam_set_item(pamh, (item), (val)); \
++ if (retval != PAM_SUCCESS) { \
++ syslog(LOG_ERR, "pam_set_item: %s\n", pam_strerror(pamh, retval)); \
++ pam_end(pamh, retval); \
++ fatal(STDERR_FILENO, "initialization failed", 0); \
++ } \
++ } while (0)
++
+ /*
+ * This function must either die, return -1 on authentication failure,
+ * or return 0 on authentication success. Dying is discouraged.
+@@ -117,17 +127,19 @@ int auth_checkauth(const char *remoteuse
+ retval = pam_start("rlogin", localuser, &conv, &pamh);
+ if (retval != PAM_SUCCESS) {
+ syslog(LOG_ERR, "pam_start: %s\n", pam_strerror(pamh, retval));
++ pam_end(pamh, retval);
+ fatal(STDERR_FILENO, "initialization failed", 0);
+ }
+
+- pam_set_item(pamh, PAM_USER, localuser);
+- pam_set_item(pamh, PAM_RUSER, remoteuser);
+- pam_set_item(pamh, PAM_RHOST, host);
+- pam_set_item(pamh, PAM_TTY, "rlogin"); /* we don't have a tty yet! */
+-
++ PAM_SET_ITEM(PAM_USER, localuser);
++ PAM_SET_ITEM(PAM_RUSER, remoteuser);
++ PAM_SET_ITEM(PAM_RHOST, host);
++ PAM_SET_ITEM(PAM_TTY, "rlogin"); /* we don't have a tty yet! */
++
+ network_confirm();
+ retval = attempt_auth();
+ if ((retval == PAM_ACCT_EXPIRED) || (retval == PAM_PERM_DENIED)) {
++ pam_end(pamh, retval);
+ syslog(LOG_ERR, "PAM authentication denied for in.rlogind");
+ exit(1);
+ } else if (retval != PAM_SUCCESS) {
+diff -up netkit-rsh-0.17/rlogind/rlogind.c.audit netkit-rsh-0.17/rlogind/rlogind.c
+--- netkit-rsh-0.17/rlogind/rlogind.c.audit 2008-03-25 12:33:26.000000000 +0100
++++ netkit-rsh-0.17/rlogind/rlogind.c 2008-03-25 12:33:26.000000000 +0100
+@@ -357,9 +357,9 @@ static void child(const char *hname, con
+ }
+ termenv[3] = NULL;
+
++ auth_finish();
++ closeall();
+ if (authenticated) {
+- auth_finish();
+- closeall();
+ execle(_PATH_LOGIN, "login", "-p",
+ "-h", hname, "-f", localuser, NULL, termenv);
+ }
+@@ -368,8 +368,6 @@ static void child(const char *hname, con
+ syslog(LOG_AUTH|LOG_INFO, "rlogin with an option as a name!");
+ exit(1);
+ }
+- auth_finish();
+- closeall();
+ execle(_PATH_LOGIN, "login", "-p",
+ "-h", hname, localuser, NULL, termenv);
+ }
+diff -up netkit-rsh-0.17/configure.audit netkit-rsh-0.17/configure
+--- netkit-rsh-0.17/configure.audit 2000-07-29 20:00:29.000000000 +0200
++++ netkit-rsh-0.17/configure 2008-03-25 12:33:26.000000000 +0100
+@@ -19,8 +19,9 @@ while [ x$1 != x ]; do case $1 in
+ Usage: configure [options]
+ --help Show this message
+ --with-debug Enable debugging
+- --without-pam Disable PAM support
++ --without-pam Disable PAM support
+ --without-shadow Disable shadow password support
++ --without-audit Disable audit support
+ --prefix=path Prefix for location of files [/usr]
+ --exec-prefix=path Location for arch-depedent files [prefix]
+ --installroot=root Top of filesystem tree to install in [/]
+@@ -47,6 +48,7 @@ EOF
+ --with-c-compiler=*) CC=`echo $1 | sed 's/^[^=]*=//'` ;;
+ --without-pam|--disable-pam) WITHOUT_PAM=1;;
+ --without-shadow|--disable-shadow) WITHOUT_SHADOW=1;;
++ --without-audit|--disable-audit) WITHOUT_AUDIT=1;;
+ *) echo "Unrecognized option: $1"; exit 1;;
+ esac
+ shift
+@@ -342,6 +344,32 @@ rm -f __conftest*
+
+ ##################################################
+
++echo -n 'Checking for AUDIT... '
++if [ x$WITHOUT_AUDIT != x ]; then
++ echo disabled
++else
++cat <<EOF >__conftest.c
++#include <stdio.h>
++#include <libaudit.h>
++int main() {
++ audit_log_acct_message(1, AUDIT_USER_LOGIN, NULL, NULL, NULL, 0, NULL, NULL, NULL, 0);
++ return 0;
++}
++
++EOF
++if (
++ $CC $CFLAGS __conftest.c -laudit -o __conftest || exit 1
++ ) >/dev/null 2>&1; then
++ echo 'yes'
++ USE_AUDIT=1
++ else
++ echo 'no'
++ fi
++fi
++rm -f __conftest*
++
++##################################################
++
+ echo -n 'Checking for crypt... '
+ cat <<EOF >__conftest.c
+ int main() { crypt("aa", "bb"); }
+@@ -593,5 +621,6 @@ echo 'Generating MCONFIG...'
+ echo "USE_PAM=$USE_PAM"
+ echo "USE_SHADOW=$USE_SHADOW"
+ echo "LIBSHADOW=$LIBSHADOW"
++ echo "USE_AUDIT=$USE_AUDIT"
+ ) > MCONFIG
+
Index: rsh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/rsh/devel/rsh.spec,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- rsh.spec 14 Feb 2008 15:26:24 -0000 1.42
+++ rsh.spec 25 Mar 2008 14:15:44 -0000 1.43
@@ -1,7 +1,7 @@
Summary: Clients for remote access commands (rsh, rlogin, rcp).
Name: rsh
Version: 0.17
-Release: 46%{?dist}
+Release: 47%{?dist}
License: BSD
Group: Applications/Internet
@@ -186,6 +186,10 @@
%{_mandir}/man8/*.8*
%changelog
+* Tue Mar 25 2008 Adam Tkac <atkac redhat com> 0.17-47
+- fixed NULL pointer dereference (#437815)
+- cleanup in audit patch
+
* Thu Feb 14 2008 Adam Tkac <atkac redhat com> 0.17-46
- rebuild with gcc4.3
- build with -D_GNU_SOURCE
More information about the fedora-extras-commits
mailing list