[devel] Re: [sisyphus] Как-то login себя странно ведет. ..

Ivan Zakharyaschev =?iso-8859-1?q?vanyaz_=CE=C1_mccme=2Eru?=
Ср Май 23 06:48:28 MSD 2001


On Tue, 22 May 2001, Dmitry V. Levin wrote:

> On Wed, May 23, 2001 at 12:54:31PM +0400, Ivan Zakharyaschev wrote:

> > У меня это тоже стало происходить: после ввода пароля login пишет в
> лог,
> > что session opened, и подвисает. Подключившись к нему с помощью
> strace, я
> > увидел, что он циклически пытается что-то сделать с /etc/fstab и
> > /mnt/floppy.  Результаты прилагаю (благодаря цикличности файл сильно
> > сжался). Дальше я с этим не разбирался.
>
> Поскольку мне не удается воспроизвести эту ошибку, прошу помочь в
> тестировании. Попробуйте собрать pam с прилагаемым в этом письме
> патчем.
> Интересно, исправляет ли он ошибку?

Я проверил -- этот патч не исправил. Развивая ту же идею, сделал другой
патч, который затрагивает другую ветку в той же функции -- и он сработал.
Дело в монтировании с помощью supermount, для которого у меня в fstab два
первых поля были равны (/mnt/floppy /mnt/floppy ...). Ну и легко видеть,
что при таком раскладе рекурсия между этими функциями в pam_console не
обрывается.

Приложенный патч, мне кажется, не достаточно хорош: он-таки не меняет прав
на /mnt/floppy при таком раскладе.


В принципе, supermount работает и с fsname=none -- так, по-моему, даже
правильнее. Не знаю, как всякие утилиты настройки проставляют это поле
сейчас, но раньше там ставилось не none, а так, как было у меня
(дублировался путь). Можно было бы поправить.

Но проблема с pam_console все равно остается: циклы в fstab могут, не
важно почему, возникать -- и это не должно мешать работе pam.


Еще во время сборки pam заметил такое сообщение:

make[1]: Entering directory `/usr/src/ivan/rpm/BUILD/pam-0.75/doc'
Processing file ../pam
<standard input>:1670: warning: `/'' not defined
<standard input>:1724: warning: `cp'' not defined (probable missing
space after `cp')
Processing file ../pam_appl
Processing file ../pam_modules
make[1]: Leaving directory `/usr/src/ivan/rpm/BUILD/pam-0.75/doc'

На всякий случай обращаю внимание.

-- 
Best regards,
	Ivan Z.
----------- следующая часть -----------
--- pam-0.75/modules/pam_console/chmod.c.orig	Wed May 23 04:13:11 2001
+++ pam-0.75/modules/pam_console/chmod.c	Wed May 23 04:24:17 2001
@@ -161,7 +161,9 @@
     {
       if(mntent->mnt_dir &&
          mntent->mnt_fsname &&
-	 (fnmatch(dir, mntent->mnt_dir, 0) == 0))
+	    (fnmatch(dir, mntent->mnt_dir, 0) == 0)
+        && ! (fnmatch(dir, mntent->mnt_fsname, 0) == 0)
+     )
         {
           errors |= change_file(mntent->mnt_fsname, changes, TRUE, user, group);
         }
----------- следующая часть -----------
Name: pam
Version: 0.75
Release: alt3_imz2

%define rhver 1

Summary: A security tool which provides authentication for applications
License: GPL or BSD
Group: System/Base
Url: http://www.us.kernel.org/pub/linux/libs/%name/index.html

Source0: %name-redhat-%version-%rhver.tar.bz2
Source1: pam_sameuid.tar
Source2: other.pamd
Source3: system-auth.pamd

Patch0: %name-0.68-read_string.patch
Patch1: %name-0.74-db2.patch
Patch2: %name-0.75-limits.conf.patch
Patch3: %name-0.75-console.perms.patch
Patch4: %name-0.75-pam_unix-chkpwd.patch
Patch5: %name-0.75-pam_unix-crypt.patch
Patch6: %name-0.75-break-supermount-loop.patch

Requires: lib%name = %version-%release
Requires: cracklib-dicts, glibc >= 2.2.1-ipl0.3mdk, pwdb >= 0.54-2, initscripts >= 3.94
Obsoletes: pamconfig
BuildPreReq: glibc-devel >= 2.2.1-ipl0.3mdk
BuildConflicts: openssl-devel < 0.9.6a

%define _pamdir %_sysconfdir/pam.d
%define _secdir %_sysconfdir/security

# Automatically added by buildreq on Tue May 15 2001
BuildRequires: bison cracklib-devel cracklib-dicts db2-devel db3-devel flex glib-devel groff openjade pwdb-devel sgml-tools

%package -n lib%name
Summary: Shared libraries for running %name-based software
Group: System/Libraries
Requires: lib%name = %version-%release

%package -n lib%name-devel
Summary: Headers for developing applications with %name
Group: Development/C
Requires: lib%name = %version-%release
Provides: %name-devel = %version
Obsoletes: %name-devel

%package -n lib%name-devel-static
Summary: Static libraries for developing applications with %name
Group: Development/C
Requires: lib%name-devel = %version-%release

%package doc
Summary: More documentation for %name
Group: Development/C
Requires: %name = %version-%release

%description
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication.

%description -n lib%name
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains shared libraries required for running
both PAM-aware applications and modules for use with PAM.

%description -n lib%name-devel
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains header files and static libraries used for building
both PAM-aware applications and modules for use with PAM.

%description -n lib%name-devel-static
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains static libraries used for building
statically linked PAM-aware applications for use with PAM.

%description doc
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains detailed documentation for use with PAM.

%prep
%setup -q -a1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
rm -f modules/pam_unix/*md5*

ln -sf defs/redhat.defs default.defs
for f in modules/pam_*/README; do
	d="${f%/*}"
	install -p -m644 "$f" "doc/txts/README.${d##*/}"
done

find -type f \( -name .cvsignore -o -name \*~ \) -print0 |xargs -r0 rm -f
find -type f -name Makefile\* -print0 |xargs -r0 fgrep -l 'install -' |
	xargs -r perl -pi -e 's/install -/\$(INSTALL) -/g'
find -type f -name Makefile\* -print0 |xargs -r0 grep -l '$(INSTALL).* -o.* -g' |
	xargs perl -pi -e 's|(\$\(INSTALL\).*) -o [A-Za-z$(){}]* -g [A-Za-z$(){}]*|$1|g'
perl -pi -e 's/ -u root//' conf/install
perl -pi -e 's/(installcmd -f)/$1 -p/' conf/install
for f in `find -type f |xargs grep -l '[^a-z]cp '`; do
	if file "$f" |fgrep -q 'shell script'; then
		perl -pi -e 's/([^a-z]cp )/$1-p /g' "$f"
	fi
done
ln -s ../../../libpam_misc/pam_misc.h libpam/include/security/pam_misc.h

%build
%add_optflags -DUSE_GNU
autoconf
%configure --prefix=/ --exec-prefix=/ --libdir=/lib --sbindir=/sbin \
	--enable-static-libpam --enable-fakeroot=$RPM_BUILD_ROOT
%make_build

%install
%make_install install LDCONFIG=:
make -C examples clean
chmod go-rw $RPM_BUILD_ROOT/sbin/*
# We do not support pwdb module, so we don't need helper.
chmod a-s $RPM_BUILD_ROOT/sbin/pwdb_chkpwd

mkdir -p $RPM_BUILD_ROOT%_libdir
pushd $RPM_BUILD_ROOT/lib
	for f in *.so; do
		ln -s ../../lib/`/bin/ls -l "$f" |awk '{print $11}'` "$RPM_BUILD_ROOT%_libdir/$f"
	done
popd

mv $RPM_BUILD_ROOT/lib/*.a $RPM_BUILD_ROOT%_libdir

install -p -m644 -D other.pamd $RPM_BUILD_ROOT%_pamdir/other
install -p -m644 $RPM_SOURCE_DIR/system-auth.pamd $RPM_BUILD_ROOT%_pamdir/system-auth

install -p -m644 doc/man/*.3 $RPM_BUILD_ROOT%_mandir/man3
install -p -m644 doc/man/*.8 $RPM_BUILD_ROOT%_mandir/man8

cp -p doc/{specs,figs}/*.txt doc/txts
find doc/txts -type f -name '*.txt' -print0 |xargs -r0 bzip2 -9
find doc/ps -type f \! -name '*.ps*' -print0 |xargs -r0 rm -f
find doc/ps -type f -name '*.ps' -print0 |xargs -r0 bzip2 -9

# make sure the modules built...
for d in modules/pam_*; do
	if [ -d "$d" ]; then
		m="${d##*/}"
		if ! ls -1 "$RPM_BUILD_ROOT/lib/security/$m"*.so; then
			echo "ERROR: $m module did not build."
			exit 1
		fi
	fi
done

%post -n lib%name -p /sbin/ldconfig
%postun -n lib%name -p /sbin/ldconfig

%files
%dir %_pamdir
%config %_pamdir/other
%config(noreplace) %_pamdir/system-auth
/sbin/*
/lib/security
%dir %_secdir
%config(noreplace) %_secdir/access.conf
%config(noreplace) %_secdir/time.conf
%config(noreplace) %_secdir/group.conf
%config(noreplace) %_secdir/limits.conf
%config(noreplace) %_secdir/pam_env.conf
%config(noreplace) %_secdir/console.perms
%dir %_secdir/console.apps
%dir /var/lock/console
%_mandir/man[58]/*

%files -n lib%name
/lib/*.so.*

%files -n lib%name-devel
%_libdir/*.so
%_includedir/*
%_mandir/man3/*

%files -n lib%name-devel-static
%_libdir/*.a

%files doc
%doc README TODO CHANGELOG ChangeLog Copyright pgp.keys.asc
%doc doc/{html,ps,txts} examples

%changelog
* Tue May 22 2001 Ivan Z.
- Another attempt to fix loop in pam_console.

* Tue May 22 2001 Dmitry V. Levin <ldv на altlinux.ru> 0.75-alt3
- Attempt to fix loop in pam_console.

* Thu May 17 2001 Dmitry V. Levin <ldv на altlinux.ru> 0.75-alt2
- Fixed pam_unix-chkpwd helper.

* Tue May 15 2001 Dmitry V. Levin <ldv на altlinux.ru> 0.75-alt1
- 0.75 (rh release 1).
- Moved static libraries to devel-static subpackage.

* Thu Mar 01 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl5mdk
- Merged RH patches (rh release 12).
- Libification.

* Sat Feb 24 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl4mdk
- Merged RH patches (rh release 10).

* Fri Feb 23 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl3mdk
- changed console.perms:
  <console> 0600 <burner> 0600 root.cdwriter

* Sun Feb 11 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl2mdk
- Enhanced unix_chkpwd to support LOGNAME environment variable.
- Merged RH patches (rh release 5).

* Wed Jan 31 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl1mdk
- 0.74 (sync with Linux-PAM and pam-redhat).
- Moved development libraries from /lib to %_libdir.

* Fri Jan 12 2001 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl16mdk
- Use libc_crypt as crypt function (glibc >= 2.2.1-ipl0.3mdk).

* Wed Jan 10 2001 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl15mdk
- Integrated new feaures of glibc >= 2.2.1-ipl0.2mdk:
  + added blowfish crypt support for pam_unix (libcrypt);
  + dropped BSDIcrypt support for pam_unix (it was never used);
  + set default crypt to blowfish in system-auth.

* Fri Jan 05 2001 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl14mdk
- Updated console.perms patch.
- Built with db2.

* Wed Dec 06 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl13mdk
- Merge RH changes (26-->37).

* Tue Oct 17 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl12mdk
- Added pam_sameuid module.

* Fri Oct 06 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl11mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin на redhat.com>):
  + clean up logging in pam_xauth;
  + mova README.* files in txt subdirectory;
  + add pam_tally's application to allow counts to be reset;
  + move pam_filter modules to /lib/security/pam_filter;
  + add DRI and nvidia devices to console.perms.
- Fixed:
  + pam_stack now passes delay back.

* Wed Sep 27 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl10mdk
- Added:
  + BSDIcrypt support for pam_unix;
  + pam_limits in system-auth.

* Tue Sep 26 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl9mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin на redhat.com>):
  + add a broken_shadow option to pam_unix;
  + add all module README files to the documentation list;
  + fix pam_stack debug and losing-track-of-the-result bug;
  + rework pam_console's usage of syslog to actually be sane (#14646);
  + take the LOG_ERR flag off of some of pam_console's new messages.
- Merge last MDK changes:
  + set all sound stuff to audio group;
  + add cdburner permissions;
  + add %_pamdir/system-auth;
  + noreplace configs.

* Mon Sep 04 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl8mdk
- Merge with last MDK changes.

* Fri Jul 21 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl7mdk
- Merge with last RH changes.
- Added: BSDIcrypt support.

* Wed May 31 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl6mdk
- Package splitplit into %name, %name-devel and %name-doc packages
- RE adaptions.

* Tue Feb 22 2000 Dmitry V. Levin <ldv на fandra.org>
- Fixes:
  + read_string bugfix
  + real buildroot packaging
- more documentation included
- Fandra adaptions.

* Sat Feb 05 2000 Nalin Dahyabhai <nalin на redhat.com>
- Fix pam_xauth bug #6191.

* Thu Feb 03 2000 Elliot Lee <sopwith на redhat.com>
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
  (which is what other pieces of the system think it is). Fixes bug #7641.

* Mon Jan 31 2000 Nalin Dahyabhai <nalin на redhat.com>
- argh, turn off gratuitous debugging

* Wed Jan 19 2000 Nalin Dahyabhai <nalin на redhat.com>
- update to 0.72
- fix pam_unix password-changing bug
- fix pam_unix's cracklib support
- change package URL

* Mon Jan 03 2000 Cristian Gafton <gafton на redhat.com>
- don't allow '/' on service_name

* Thu Oct 21 1999 Cristian Gafton <gafton на redhat.com>
- enhance the pam_userdb module some more

* Fri Sep 24 1999 Cristian Gafton <gafton на redhat.com>
- add documenatation

* Tue Sep 21 1999 Michael K. Johnson <johnsonm на redhat.com>
- a tiny change to pam_console to make it not loose track of console users

* Mon Sep 20 1999 Michael K. Johnson <johnsonm на redhat.com>
- a few fixes to pam_xauth to make it more robust

* Wed Jul 14 1999 Michael K. Johnson <johnsonm на redhat.com>
- pam_console: added <xconsole> to manage /dev/console

* Thu Jul 01 1999 Michael K. Johnson <johnsonm на redhat.com>
- pam_xauth: New refcounting implementation based on idea from Stephen Tweedie

* Sat Apr 17 1999 Michael K. Johnson <johnsonm на redhat.com>
- added video4linux devices to /etc/security/console.perms

* Fri Apr 16 1999 Michael K. Johnson <johnsonm на redhat.com>
- added joystick lines to /etc/security/console.perms

* Thu Apr 15 1999 Michael K. Johnson <johnsonm на redhat.com>
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...

* Wed Apr 14 1999 Cristian Gafton <gafton на redhat.com>
- use gcc -shared to link the shared libs

* Wed Apr 14 1999 Michael K. Johnson <johnsonm на redhat.com>
- many bug fixes in pam_xauth
- pam_console can now handle broken applications that do not set
  the PAM_TTY item.

* Tue Apr 13 1999 Michael K. Johnson <johnsonm на redhat.com>
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices
- added pam_xauth module

* Sat Apr 10 1999 Cristian Gafton <gafton на redhat.com>
- pam_lastlog does wtmp handling now

* Thu Apr 08 1999 Michael K. Johnson <johnsonm на redhat.com>
- added option parsing to pam_console
- added framebuffer devices to default console.perms settings

* Wed Apr 07 1999 Cristian Gafton <gafton на redhat.com>
- fixed empty passwd handling in pam_pwdb

* Mon Mar 29 1999 Michael K. Johnson <johnsonm на redhat.com>
- changed /dev/cdrom default user permissions back to 0600 in console.perms
  because some cdrom players open O_RDWR.

* Fri Mar 26 1999 Michael K. Johnson <johnsonm на redhat.com>
- added /dev/jaz and /dev/zip to console.perms

* Thu Mar 25 1999 Michael K. Johnson <johnsonm на redhat.com>
- changed the default user permissions for /dev/cdrom to 0400 in console.perms

* Fri Mar 19 1999 Michael K. Johnson <johnsonm на redhat.com>
- fixed a few bugs in pam_console

* Thu Mar 18 1999 Michael K. Johnson <johnsonm на redhat.com>
- pam_console authentication working
- added /etc/security/console.apps directory

* Mon Mar 15 1999 Michael K. Johnson <johnsonm на redhat.com>
- added pam_console files to filelist

* Fri Feb 12 1999 Cristian Gafton <gafton на redhat.com>
- upgraded to 0.66, some source cleanups

* Mon Dec 28 1998 Cristian Gafton <gafton на redhat.com>
- add patch from Savochkin Andrey Vladimirovich <saw на msu.ru> for umask
  security risk

* Fri Dec 18 1998 Cristian Gafton <gafton на redhat.com>
- upgrade to ver 0.65
- build the package out of internal CVS server


Подробная информация о списке рассылки Devel