~ubuntu-branches/ubuntu/lucid/pam/lucid-security
» Revision
66
: debian/patches-applied/security-dropprivs.patch
« back to all changes in this revision
Viewing changes to debian/patches-applied/security-dropprivs.patch
- browse files at revision 66
- compare with another revision
- download diff
- download tarball
- view history from revision 66
- Committer: Bazaar Package Importer
- Author(s): Marc Deslauriers
- Date: 2011-05-31 07:07:44 UTC
- Revision ID: james.westby@ubuntu.com-20110531070744-luhcz21mqjp47m91
Tags: 1.1.1-2ubuntu5.3
* SECURITY REGRESSION:
- debian/patches/security-dropprivs.patch: updated patch to preserve
ABI and prevent daemons from needing to be restarted. (LP: #790538)
- debian/patches/autoconf.patch: refreshed
- debian/patches/security-dropprivs.patch: updated patch to preserve
ABI and prevent daemons from needing to be restarted. (LP: #790538)
- debian/patches/autoconf.patch: refreshed
added
removed
debian/patches-applied/security-dropprivs.patch
1
1
Description: fix multiple issues with lack of adequate privilege dropping
2
Origin: upstream, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=60530da87ddd4ce280fbd5cae182dc7ac3b1a154
3
Origin: upstream, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
4
Origin: upstream, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=4e8357e4609be470ee5214be01e2d1d0e688f580
5
Origin: upstream, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=ffe7058c70253d574b1963c7c93002bd410fddc9
6
Origin: upstream, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123
7
Origin: upstream, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=cee7448470a6fe895269c760134dc95d6952d260
8
Origin: upstream, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a
2
Origin: backport, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=60530da87ddd4ce280fbd5cae182dc7ac3b1a154
3
Origin: backport, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
4
Origin: backport, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=4e8357e4609be470ee5214be01e2d1d0e688f580
5
Origin: backport, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=ffe7058c70253d574b1963c7c93002bd410fddc9
6
Origin: backport, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=05dafc06cd3dfeb7c4b24942e4e1ae33ff75a123
7
Origin: backport, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=cee7448470a6fe895269c760134dc95d6952d260
8
Origin: backport, http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commit;h=843807a3a90f52e7538be756616510730a24739a
9
9
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599832
10
10
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611136
11
11
12
12
Index: pam-1.1.1/libpam/Makefile.am
13
13
===================================================================
14
14
--- pam-1.1.1.orig/libpam/Makefile.am 2009-11-04 09:04:49.000000000 -0500
15
+++ pam-1.1.1/libpam/Makefile.am 2011-05-17 12:45:23.835438270 -0400
16
@@ -41,4 +41,5 @@
17
pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \
18
pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \
19
pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \
20
- pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c
21
+ pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \
22
+ pam_modutil_priv.c
23
Index: pam-1.1.1/libpam/Makefile.in
24
===================================================================
25
--- pam-1.1.1.orig/libpam/Makefile.in 2009-12-16 07:25:34.000000000 -0500
26
+++ pam-1.1.1/libpam/Makefile.in 2011-05-17 12:45:23.835438270 -0400
27
@@ -102,7 +102,8 @@
28
pam_modutil_getpwnam.lo pam_modutil_ioloop.lo \
29
pam_modutil_getgrgid.lo pam_modutil_getpwuid.lo \
30
pam_modutil_getgrnam.lo pam_modutil_getspnam.lo \
31
- pam_modutil_getlogin.lo pam_modutil_ingroup.lo
32
+ pam_modutil_getlogin.lo pam_modutil_ingroup.lo \
33
+ pam_modutil_priv.lo
34
libpam_la_OBJECTS = $(am_libpam_la_OBJECTS)
35
libpam_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
36
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
37
@@ -312,7 +313,8 @@
38
pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \
39
pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \
40
pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \
41
- pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c
42
+ pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \
43
+ pam_modutil_priv.c
44
45
all: all-am
46
47
@@ -410,6 +412,7 @@
48
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getspnam.Plo@am__quote@
49
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ingroup.Plo@am__quote@
50
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ioloop.Plo@am__quote@
51
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_priv.Plo@am__quote@
52
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_password.Plo@am__quote@
53
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_prelude.Plo@am__quote@
54
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_session.Plo@am__quote@
55
Index: pam-1.1.1/libpam/include/security/pam_modutil.h
56
===================================================================
57
--- pam-1.1.1.orig/libpam/include/security/pam_modutil.h 2011-05-17 12:45:04.855438275 -0400
58
+++ pam-1.1.1/libpam/include/security/pam_modutil.h 2011-05-17 12:45:23.835438270 -0400
59
@@ -101,6 +101,30 @@
60
extern int PAM_NONNULL((1,3))
61
pam_modutil_audit_write(pam_handle_t *pamh, int type,
62
const char *message, int retval);
63
+
64
+struct pam_modutil_privs {
65
+ gid_t *grplist;
66
+ int number_of_groups;
67
+ int allocated;
68
+ gid_t old_gid;
69
+ uid_t old_uid;
70
+ int is_dropped;
71
+};
72
+
73
+#define PAM_MODUTIL_NGROUPS 64
74
+#define PAM_MODUTIL_DEF_PRIVS(n) \
75
+ gid_t n##_grplist[PAM_MODUTIL_NGROUPS]; \
76
+ struct pam_modutil_privs n = { n##_grplist, PAM_MODUTIL_NGROUPS, 0, -1, -1, 0 }
77
+
78
+extern int PAM_NONNULL((1,2,3))
79
+pam_modutil_drop_priv(pam_handle_t *pamh,
80
+ struct pam_modutil_privs *p,
81
+ const struct passwd *pw);
82
+
83
+extern int PAM_NONNULL((1,2))
84
+pam_modutil_regain_priv(pam_handle_t *pamh,
85
+ struct pam_modutil_privs *p);
86
+
87
#ifdef __cplusplus
88
}
89
#endif
90
Index: pam-1.1.1/libpam/libpam.map
91
===================================================================
92
--- pam-1.1.1.orig/libpam/libpam.map 2009-11-04 07:51:15.000000000 -0500
93
+++ pam-1.1.1/libpam/libpam.map 2011-05-17 12:45:23.835438270 -0400
94
@@ -61,3 +61,9 @@
95
global:
96
pam_modutil_audit_write;
97
} LIBPAM_MODUTIL_1.0;
98
+
99
+LIBPAM_MODUTIL_1.1.3 {
100
+ global:
101
+ pam_modutil_drop_priv;
102
+ pam_modutil_regain_priv;
103
+} LIBPAM_MODUTIL_1.1;
15
+++ pam-1.1.1/libpam/Makefile.am 2011-05-31 07:05:35.974558499 -0400
16
@@ -18,7 +18,8 @@
17
include/security/pam_ext.h include/security/pam_modutil.h
18
19
noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \
20
- pam_modutil_private.h pam_static_modules.h
21
+ pam_modutil_private.h pam_static_modules.h \
22
+ include/security/_pam_privs.h
23
24
libpam_la_LDFLAGS = -no-undefined -version-info 82:2:82
25
libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@
26
@@ -42,3 +43,7 @@
27
pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \
28
pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \
29
pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c
30
+
31
+noinst_LIBRARIES = libpamprivs.a
32
+libpamprivs_a_SOURCES = pam_modutil_priv.c
33
+libpamprivs_a_CFLAGS = $(AM_CFLAGS) -fPIC
104
34
Index: pam-1.1.1/libpam/pam_modutil_priv.c
105
35
===================================================================
106
36
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
107
+++ pam-1.1.1/libpam/pam_modutil_priv.c 2011-05-17 12:45:23.835438270 -0400
108
@@ -0,0 +1,170 @@
37
+++ pam-1.1.1/libpam/pam_modutil_priv.c 2011-05-31 07:05:35.974558499 -0400
38
@@ -0,0 +1,171 @@
109
39
+/*
110
40
+ * $Id$
111
41
+ *
118
48
+
119
49
+#include "pam_modutil_private.h"
120
50
+#include <security/pam_ext.h>
51
+#include <security/_pam_privs.h>
121
52
+#include <unistd.h>
122
53
+#include <syslog.h>
123
54
+#include <pwd.h>
279
210
Index: pam-1.1.1/modules/pam_env/pam_env.c
280
211
===================================================================
281
212
--- pam-1.1.1.orig/modules/pam_env/pam_env.c 2009-06-29 03:24:27.000000000 -0400
282
+++ pam-1.1.1/modules/pam_env/pam_env.c 2011-05-17 12:45:23.835438270 -0400
283
@@ -772,13 +772,14 @@
213
+++ pam-1.1.1/modules/pam_env/pam_env.c 2011-05-31 07:05:35.974558499 -0400
214
@@ -41,6 +41,7 @@
215
#include <security/pam_modules.h>
216
#include <security/pam_modutil.h>
217
#include <security/_pam_macros.h>
218
+#include <security/_pam_privs.h>
219
#include <security/pam_ext.h>
220
221
/* This little structure makes it easier to keep variables together */
222
@@ -772,13 +773,14 @@
284
223
285
224
if(user_readenv && retval == PAM_SUCCESS) {
286
225
char *envpath = NULL;
297
236
if (!user_entry) {
298
237
pam_syslog(pamh, LOG_ERR, "No such user!?");
299
238
}
300
@@ -789,7 +790,15 @@
239
@@ -789,7 +791,15 @@
301
240
return PAM_BUF_ERR;
302
241
}
303
242
if (stat(envpath, &statbuf) == 0) {
317
256
Index: pam-1.1.1/modules/pam_mail/pam_mail.c
318
257
===================================================================
319
258
--- pam-1.1.1.orig/modules/pam_mail/pam_mail.c 2008-09-25 07:53:03.000000000 -0400
320
+++ pam-1.1.1/modules/pam_mail/pam_mail.c 2011-05-17 12:45:23.835438270 -0400
321
@@ -124,29 +124,16 @@
259
+++ pam-1.1.1/modules/pam_mail/pam_mail.c 2011-05-31 07:05:35.974558499 -0400
260
@@ -43,6 +43,7 @@
261
#include <security/pam_modules.h>
262
#include <security/_pam_macros.h>
263
#include <security/pam_modutil.h>
264
+#include <security/_pam_privs.h>
265
#include <security/pam_ext.h>
266
267
/* argument parsing */
268
@@ -124,29 +125,16 @@
322
269
323
270
static int
324
271
get_folder(pam_handle_t *pamh, int ctrl,
351
298
/*
352
299
* "~/xxx" and "~xxx" are treated as same
353
300
*/
354
@@ -168,18 +155,11 @@
301
@@ -168,18 +156,11 @@
355
302
356
303
/* put folder together */
357
304
372
319
if (asprintf(&folder, MAIL_FILE_FORMAT, pwd->pw_dir, "", path) < 0)
373
320
goto get_folder_cleanup;
374
321
} else {
375
@@ -192,11 +172,11 @@
322
@@ -192,11 +173,11 @@
376
323
377
324
for (i = 0; i < hashcount; i++) {
378
325
hash[2 * i] = '/';
386
333
_pam_overwrite(hash);
387
334
_pam_drop(hash);
388
335
if (rc < 0)
389
@@ -208,7 +188,6 @@
336
@@ -208,7 +189,6 @@
390
337
/* tidy up */
391
338
392
339
get_folder_cleanup:
394
341
path = NULL;
395
342
396
343
*folder_p = folder;
397
@@ -402,7 +381,9 @@
344
@@ -402,7 +382,9 @@
398
345
int retval, ctrl, type;
399
346
size_t hashcount;
400
347
char *folder = NULL;
404
351
405
352
/*
406
353
* this module (un)sets the MAIL environment variable, and checks if
407
@@ -411,9 +392,21 @@
354
@@ -411,9 +393,21 @@
408
355
409
356
ctrl = _pam_parse(pamh, flags, argc, argv, &path_mail, &hashcount);
410
357
427
374
if (retval != PAM_SUCCESS) {
428
375
D(("failed to find folder"));
429
376
return retval;
430
@@ -450,7 +443,19 @@
377
@@ -450,7 +444,19 @@
431
378
432
379
if ((est && !(ctrl & PAM_NO_LOGIN))
433
380
|| (!est && (ctrl & PAM_LOGOUT_TOO))) {
451
398
Index: pam-1.1.1/modules/pam_xauth/pam_xauth.c
452
399
===================================================================
453
400
--- pam-1.1.1.orig/modules/pam_xauth/pam_xauth.c 2009-11-04 07:04:53.000000000 -0500
454
+++ pam-1.1.1/modules/pam_xauth/pam_xauth.c 2011-05-17 12:45:23.835438270 -0400
401
+++ pam-1.1.1/modules/pam_xauth/pam_xauth.c 2011-05-31 07:05:35.974558499 -0400
455
402
@@ -35,8 +35,10 @@
456
403
457
404
#include "config.h"
464
411
#include <errno.h>
465
412
#include <fnmatch.h>
466
413
#include <grp.h>
467
@@ -87,7 +89,7 @@
414
@@ -55,6 +57,7 @@
415
#include <security/pam_modules.h>
416
#include <security/_pam_macros.h>
417
#include <security/pam_modutil.h>
418
+#include <security/_pam_privs.h>
419
#include <security/pam_ext.h>
420
421
#ifdef WITH_SELINUX
422
@@ -87,7 +90,7 @@
468
423
/* Run a given command (with a NULL-terminated argument list), feeding it the
469
424
* given input on stdin, and storing any output it generates. */
470
425
static int
473
428
uid_t uid, gid_t gid, const char *command, ...)
474
429
{
475
430
int ipipe[2], opipe[2], i;
476
@@ -126,9 +128,26 @@
431
@@ -126,9 +129,26 @@
477
432
const char *tmp;
478
433
int maxopened;
479
434
/* Drop privileges. */
503
458
/* Initialize the argument list. */
504
459
memset(args, 0, sizeof(args));
505
460
/* Set the pipe descriptors up as stdin and stdout, and close
506
@@ -215,9 +234,11 @@
461
@@ -215,9 +235,11 @@
507
462
{
508
463
char path[PATH_MAX];
509
464
struct passwd *pwd;
518
473
/* Check this user's <sense> file. */
519
474
pwd = pam_modutil_getpwnam(pamh, this_user);
520
475
if (pwd == NULL) {
521
@@ -233,11 +254,33 @@
476
@@ -233,11 +255,33 @@
522
477
"name of user's home directory is too long");
523
478
return PAM_SESSION_ERR;
524
479
}
557
512
char buf[LINE_MAX], *tmp;
558
513
/* Scan the file for a list of specs of users to "trust". */
559
514
while (fgets(buf, sizeof(buf), fp) != NULL) {
560
@@ -268,6 +311,7 @@
515
@@ -268,6 +312,7 @@
561
516
return PAM_PERM_DENIED;
562
517
} else {
563
518
/* Default to okay if the file doesn't exist. */
565
520
switch (errno) {
566
521
case ENOENT:
567
522
if (noent_code == PAM_SUCCESS) {
568
@@ -305,7 +349,7 @@
523
@@ -305,7 +350,7 @@
569
524
struct passwd *tpwd, *rpwd;
570
525
int fd, i, debug = 0;
571
526
int retval = PAM_SUCCESS;
574
529
575
530
/* Parse arguments. We don't understand many, so no sense in breaking
576
531
* this into a separate function. */
577
@@ -463,14 +507,15 @@
532
@@ -463,14 +508,15 @@
578
533
xauth, "-f", cookiefile, "nlist", display,
579
534
(unsigned long) getuid(), (unsigned long) getgid());
580
535
}
592
547
/* Check that we got a cookie. If not, we get creative. */
593
548
if (((cookie == NULL) || (strlen(cookie) == 0)) &&
594
549
((strncmp(display, "localhost:", 10) == 0) ||
595
@@ -521,7 +566,7 @@
550
@@ -521,7 +567,7 @@
596
551
(unsigned long) getuid(),
597
552
(unsigned long) getgid());
598
553
}
601
556
getuid(), getgid(),
602
557
xauth, "-f", cookiefile,
603
558
"nlist", t, NULL);
604
@@ -553,9 +598,10 @@
559
@@ -553,9 +599,10 @@
605
560
}
606
561
607
562
/* Generate a new file to hold the data. */
615
570
#ifdef WITH_SELINUX
616
571
if (is_selinux_enabled() > 0) {
617
572
struct selabel_handle *ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
618
@@ -573,31 +619,24 @@
573
@@ -573,31 +620,24 @@
619
574
}
620
575
}
621
576
}
657
612
658
613
/* Get a copy of the filename to save as a data item for
659
614
* removal at session-close time. */
660
@@ -669,7 +708,7 @@
615
@@ -669,7 +709,7 @@
661
616
(unsigned long) tpwd->pw_uid,
662
617
(unsigned long) tpwd->pw_gid);
663
618
}
666
621
tpwd->pw_uid, tpwd->pw_gid,
667
622
xauth, "-f", cookiefile, "nmerge", "-", NULL);
668
623
669
@@ -691,42 +730,56 @@
624
@@ -691,42 +731,56 @@
670
625
pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED,
671
626
int argc, const char **argv)
672
627
{
744
699
return PAM_SUCCESS;
745
700
}
746
701
702
Index: pam-1.1.1/libpam/include/security/_pam_privs.h
703
===================================================================
704
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
705
+++ pam-1.1.1/libpam/include/security/_pam_privs.h 2011-05-31 07:05:35.974558499 -0400
706
@@ -0,0 +1,74 @@
707
+/*
708
+ * Copyright (c) 2010 Dmitry V. Levin <ldv@altlinux.org>
709
+ *
710
+ * <security/pam_privs.h>
711
+ *
712
+ * Redistribution and use in source and binary forms, with or without
713
+ * modification, are permitted provided that the following conditions
714
+ * are met:
715
+ * 1. Redistributions of source code must retain the above copyright
716
+ * notice, and the entire permission notice in its entirety,
717
+ * including the disclaimer of warranties.
718
+ * 2. Redistributions in binary form must reproduce the above copyright
719
+ * notice, this list of conditions and the following disclaimer in the
720
+ * documentation and/or other materials provided with the distribution.
721
+ * 3. The name of the author may not be used to endorse or promote
722
+ * products derived from this software without specific prior
723
+ * written permission.
724
+ *
725
+ * ALTERNATIVELY, this product may be distributed under the terms of
726
+ * the GNU Public License, in which case the provisions of the GPL are
727
+ * required INSTEAD OF the above restrictions. (This clause is
728
+ * necessary due to a potential bad interaction between the GPL and
729
+ * the restrictions contained in a BSD-style copyright.)
730
+ *
731
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
732
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
733
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
734
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
735
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
736
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
737
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
738
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
739
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
740
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
741
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
742
+ */
743
+
744
+#ifndef _SECURITY__PAM_PRIVS_H
745
+#define _SECURITY__PAM_PRIVS_H
746
+
747
+#ifdef __cplusplus
748
+extern "C" {
749
+#endif
750
+
751
+#include <security/_pam_types.h>
752
+
753
+struct pam_modutil_privs {
754
+ gid_t *grplist;
755
+ int number_of_groups;
756
+ int allocated;
757
+ gid_t old_gid;
758
+ uid_t old_uid;
759
+ int is_dropped;
760
+};
761
+
762
+#define PAM_MODUTIL_NGROUPS 64
763
+#define PAM_MODUTIL_DEF_PRIVS(n) \
764
+ gid_t n##_grplist[PAM_MODUTIL_NGROUPS]; \
765
+ struct pam_modutil_privs n = { n##_grplist, PAM_MODUTIL_NGROUPS, 0, -1, -1, 0 }
766
+
767
+extern int PAM_NONNULL((1,2,3))
768
+pam_modutil_drop_priv(pam_handle_t *pamh,
769
+ struct pam_modutil_privs *p,
770
+ const struct passwd *pw);
771
+
772
+extern int PAM_NONNULL((1,2))
773
+pam_modutil_regain_priv(pam_handle_t *pamh,
774
+ struct pam_modutil_privs *p);
775
+
776
+#ifdef __cplusplus
777
+}
778
+#endif
779
+
780
+#endif /* _SECURITY__PAM_MODUTIL_H */
781
Index: pam-1.1.1/modules/pam_env/Makefile.am
782
===================================================================
783
--- pam-1.1.1.orig/modules/pam_env/Makefile.am 2009-06-29 03:24:27.000000000 -0400
784
+++ pam-1.1.1/modules/pam_env/Makefile.am 2011-05-31 07:05:35.974558499 -0400
785
@@ -22,7 +22,7 @@
786
endif
787
788
securelib_LTLIBRARIES = pam_env.la
789
-pam_env_la_LIBADD = -L$(top_builddir)/libpam -lpam
790
+pam_env_la_LIBADD = -L$(top_builddir)/libpam -lpam -lpamprivs
791
792
secureconf_DATA = pam_env.conf
793
sysconf_DATA = environment
794
Index: pam-1.1.1/modules/pam_mail/Makefile.am
795
===================================================================
796
--- pam-1.1.1.orig/modules/pam_mail/Makefile.am 2009-06-29 03:24:27.000000000 -0400
797
+++ pam-1.1.1/modules/pam_mail/Makefile.am 2011-05-31 07:05:35.974558499 -0400
798
@@ -22,7 +22,7 @@
799
endif
800
801
securelib_LTLIBRARIES = pam_mail.la
802
-pam_mail_la_LIBADD = -L$(top_builddir)/libpam -lpam
803
+pam_mail_la_LIBADD = -L$(top_builddir)/libpam -lpam -lpamprivs
804
805
if ENABLE_REGENERATE_MAN
806
noinst_DATA = README
807
Index: pam-1.1.1/modules/pam_xauth/Makefile.am
808
===================================================================
809
--- pam-1.1.1.orig/modules/pam_xauth/Makefile.am 2009-11-04 07:04:53.000000000 -0500
810
+++ pam-1.1.1/modules/pam_xauth/Makefile.am 2011-05-31 07:05:35.974558499 -0400
811
@@ -17,7 +17,7 @@
812
813
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
814
AM_LDFLAGS = -no-undefined -avoid-version -module \
815
- -L$(top_builddir)/libpam -lpam @LIBSELINUX@
816
+ -L$(top_builddir)/libpam -lpam -lpamprivs @LIBSELINUX@
817
if HAVE_VERSIONING
818
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
819
endif
Loggerhead is a web-based interface for Breezy
Version: 2.0.1