[sisyphus] Re: [sisyphus] Как-то login себя странно ведет. ..

Dmitry V. Levin =?iso-8859-1?q?ldv_=CE=C1_alt-linux=2Eorg?=
Вт Май 22 20:07:37 MSD 2001


On Wed, May 23, 2001 at 12:54:31PM +0400, Ivan Zakharyaschev wrote:
> > 	Покувыркавшись таким образом, переехал на runlevel 3, и
> > обнаружил
> > забавную штуку: после запуска системы при _первом_ вводе юзерского
> > логина
> > login на этой консоли уходит в даун, при этом в лог пишется, что сеанс
> > для
> > юзера запущен. Все дальнейшие входы юзером с любой другой консоли
> > проблемы не
> > представляют,и с данной после прибития на ней логина - тоже,
> > то есть эффект имеет место быть только один раз и только для юзера
> > (рута это все никак не касается вообще, вход-выход рутом никакого
> > эффекта
> > не производит).
> 
> У меня это тоже стало происходить: после ввода пароля login пишет в лог,
> что session opened, и подвисает. Подключившись к нему с помощью strace, я
> увидел, что он циклически пытается что-то сделать с /etc/fstab и
> /mnt/floppy.  Результаты прилагаю (благодаря цикличности файл сильно
> сжался). Дальше я с этим не разбирался.

Поскольку мне не удается воспроизвести эту ошибку, прошу помочь в
тестировании. Попробуйте собрать pam с прилагаемым в этом письме патчем.
Интересно, исправляет ли он ошибку?


Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@alt-linux.org
ALT Linux Team      http://www.altlinux.ru/
Fandra Project      http://www.fandra.org/
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.
----------- следующая часть -----------
--- pam-0.75/modules/pam_console/chmod.c~	Mon Apr 23 22:39:04 2001
+++ pam-0.75/modules/pam_console/chmod.c	Tue May 22 19:18:49 2001
@@ -93,16 +93,7 @@
 
   if (lstat (file, &file_stats) == -1)
     {
-      if (errno == ENOENT)
-        {
-          /* doesn't exist, check fstab */
-          errors |= change_via_fstab (file, changes, user, group);
-          return errors;
-	}
-      else
-        {
-          return 1;
-        }
+      return 1;
     }
 
   if (S_ISLNK (file_stats.st_mode))
----------- следующая часть -----------
Name: pam
Version: 0.75
Release: alt3

%define rhver 1

Summary: A security tool which provides authentication for applications
License: GPL or BSD
Group: System/Base
Url: http://www.us.kernel.org/pub/linux/libs/%name/index.html

Source0: %name-redhat-%version-%rhver.tar.bz2
Source1: pam_sameuid.tar
Source2: other.pamd
Source3: system-auth.pamd

Patch0: %name-0.68-read_string.patch
Patch1: %name-0.74-db2.patch
Patch2: %name-0.75-limits.conf.patch
Patch3: %name-0.75-console.perms.patch
Patch4: %name-0.75-pam_unix-chkpwd.patch
Patch5: %name-0.75-pam_unix-crypt.patch
Patch6: %name-0.75-pam_console-chmod.patch

Requires: lib%name = %version-%release
Requires: cracklib-dicts, glibc >= 2.2.1-ipl0.3mdk, pwdb >= 0.54-2, initscripts >= 3.94
Obsoletes: pamconfig
BuildPreReq: glibc-devel >= 2.2.1-ipl0.3mdk
BuildConflicts: openssl-devel < 0.9.6a

%define _pamdir %_sysconfdir/pam.d
%define _secdir %_sysconfdir/security

# Automatically added by buildreq on Tue May 15 2001
BuildRequires: bison cracklib-devel cracklib-dicts db2-devel db3-devel flex glib-devel groff openjade pwdb-devel sgml-tools

%package -n lib%name
Summary: Shared libraries for running %name-based software
Group: System/Libraries
Requires: lib%name = %version-%release

%package -n lib%name-devel
Summary: Headers for developing applications with %name
Group: Development/C
Requires: lib%name = %version-%release
Provides: %name-devel = %version
Obsoletes: %name-devel

%package -n lib%name-devel-static
Summary: Static libraries for developing applications with %name
Group: Development/C
Requires: lib%name-devel = %version-%release

%package doc
Summary: More documentation for %name
Group: Development/C
Requires: %name = %version-%release

%description
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication.

%description -n lib%name
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains shared libraries required for running
both PAM-aware applications and modules for use with PAM.

%description -n lib%name-devel
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains header files and static libraries used for building
both PAM-aware applications and modules for use with PAM.

%description -n lib%name-devel-static
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains static libraries used for building
statically linked PAM-aware applications for use with PAM.

%description doc
PAM (Pluggable Authentication Modules) is a system security tool
which allows system administrators to set authentication policy
without having to recompile programs which do authentication. This
package contains detailed documentation for use with PAM.

%prep
%setup -q -a1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
rm -f modules/pam_unix/*md5*

ln -sf defs/redhat.defs default.defs
for f in modules/pam_*/README; do
	d="${f%/*}"
	install -p -m644 "$f" "doc/txts/README.${d##*/}"
done

find -type f \( -name .cvsignore -o -name \*~ \) -print0 |xargs -r0 rm -f
find -type f -name Makefile\* -print0 |xargs -r0 fgrep -l 'install -' |
	xargs -r perl -pi -e 's/install -/\$(INSTALL) -/g'
find -type f -name Makefile\* -print0 |xargs -r0 grep -l '$(INSTALL).* -o.* -g' |
	xargs perl -pi -e 's|(\$\(INSTALL\).*) -o [A-Za-z$(){}]* -g [A-Za-z$(){}]*|$1|g'
perl -pi -e 's/ -u root//' conf/install
perl -pi -e 's/(installcmd -f)/$1 -p/' conf/install
for f in `find -type f |xargs grep -l '[^a-z]cp '`; do
	if file "$f" |fgrep -q 'shell script'; then
		perl -pi -e 's/([^a-z]cp )/$1-p /g' "$f"
	fi
done
ln -s ../../../libpam_misc/pam_misc.h libpam/include/security/pam_misc.h

%build
%add_optflags -DUSE_GNU
autoconf
%configure --prefix=/ --exec-prefix=/ --libdir=/lib --sbindir=/sbin \
	--enable-static-libpam --enable-fakeroot=$RPM_BUILD_ROOT
%make_build

%install
%make_install install LDCONFIG=:
make -C examples clean
chmod go-rw $RPM_BUILD_ROOT/sbin/*
# We do not support pwdb module, so we don't need helper.
chmod a-s $RPM_BUILD_ROOT/sbin/pwdb_chkpwd

mkdir -p $RPM_BUILD_ROOT%_libdir
pushd $RPM_BUILD_ROOT/lib
	for f in *.so; do
		ln -s ../../lib/`/bin/ls -l "$f" |awk '{print $11}'` "$RPM_BUILD_ROOT%_libdir/$f"
	done
popd

mv $RPM_BUILD_ROOT/lib/*.a $RPM_BUILD_ROOT%_libdir

install -p -m644 -D other.pamd $RPM_BUILD_ROOT%_pamdir/other
install -p -m644 $RPM_SOURCE_DIR/system-auth.pamd $RPM_BUILD_ROOT%_pamdir/system-auth

install -p -m644 doc/man/*.3 $RPM_BUILD_ROOT%_mandir/man3
install -p -m644 doc/man/*.8 $RPM_BUILD_ROOT%_mandir/man8

cp -p doc/{specs,figs}/*.txt doc/txts
find doc/txts -type f -name '*.txt' -print0 |xargs -r0 bzip2 -9
find doc/ps -type f \! -name '*.ps*' -print0 |xargs -r0 rm -f
find doc/ps -type f -name '*.ps' -print0 |xargs -r0 bzip2 -9

# make sure the modules built...
for d in modules/pam_*; do
	if [ -d "$d" ]; then
		m="${d##*/}"
		if ! ls -1 "$RPM_BUILD_ROOT/lib/security/$m"*.so; then
			echo "ERROR: $m module did not build."
			exit 1
		fi
	fi
done

%post -n lib%name -p /sbin/ldconfig
%postun -n lib%name -p /sbin/ldconfig

%files
%dir %_pamdir
%config %_pamdir/other
%config(noreplace) %_pamdir/system-auth
/sbin/*
/lib/security
%dir %_secdir
%config(noreplace) %_secdir/access.conf
%config(noreplace) %_secdir/time.conf
%config(noreplace) %_secdir/group.conf
%config(noreplace) %_secdir/limits.conf
%config(noreplace) %_secdir/pam_env.conf
%config(noreplace) %_secdir/console.perms
%dir %_secdir/console.apps
%dir /var/lock/console
%_mandir/man[58]/*

%files -n lib%name
/lib/*.so.*

%files -n lib%name-devel
%_libdir/*.so
%_includedir/*
%_mandir/man3/*

%files -n lib%name-devel-static
%_libdir/*.a

%files doc
%doc README TODO CHANGELOG ChangeLog Copyright pgp.keys.asc
%doc doc/{html,ps,txts} examples

%changelog
* Tue May 22 2001 Dmitry V. Levin <ldv на altlinux.ru> 0.75-alt3
- Attempt to fix loop in pam_console.

* Thu May 17 2001 Dmitry V. Levin <ldv на altlinux.ru> 0.75-alt2
- Fixed pam_unix-chkpwd helper.

* Tue May 15 2001 Dmitry V. Levin <ldv на altlinux.ru> 0.75-alt1
- 0.75 (rh release 1).
- Moved static libraries to devel-static subpackage.

* Thu Mar 01 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl5mdk
- Merged RH patches (rh release 12).
- Libification.

* Sat Feb 24 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl4mdk
- Merged RH patches (rh release 10).

* Fri Feb 23 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl3mdk
- changed console.perms:
  <console> 0600 <burner> 0600 root.cdwriter

* Sun Feb 11 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl2mdk
- Enhanced unix_chkpwd to support LOGNAME environment variable.
- Merged RH patches (rh release 5).

* Wed Jan 31 2001 Dmitry V. Levin <ldv на fandra.org> 0.74-ipl1mdk
- 0.74 (sync with Linux-PAM and pam-redhat).
- Moved development libraries from /lib to %_libdir.

* Fri Jan 12 2001 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl16mdk
- Use libc_crypt as crypt function (glibc >= 2.2.1-ipl0.3mdk).

* Wed Jan 10 2001 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl15mdk
- Integrated new feaures of glibc >= 2.2.1-ipl0.2mdk:
  + added blowfish crypt support for pam_unix (libcrypt);
  + dropped BSDIcrypt support for pam_unix (it was never used);
  + set default crypt to blowfish in system-auth.

* Fri Jan 05 2001 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl14mdk
- Updated console.perms patch.
- Built with db2.

* Wed Dec 06 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl13mdk
- Merge RH changes (26-->37).

* Tue Oct 17 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl12mdk
- Added pam_sameuid module.

* Fri Oct 06 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl11mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin на redhat.com>):
  + clean up logging in pam_xauth;
  + mova README.* files in txt subdirectory;
  + add pam_tally's application to allow counts to be reset;
  + move pam_filter modules to /lib/security/pam_filter;
  + add DRI and nvidia devices to console.perms.
- Fixed:
  + pam_stack now passes delay back.

* Wed Sep 27 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl10mdk
- Added:
  + BSDIcrypt support for pam_unix;
  + pam_limits in system-auth.

* Tue Sep 26 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl9mdk
- Merge last RH changes (by Nalin Dahyabhai <nalin на redhat.com>):
  + add a broken_shadow option to pam_unix;
  + add all module README files to the documentation list;
  + fix pam_stack debug and losing-track-of-the-result bug;
  + rework pam_console's usage of syslog to actually be sane (#14646);
  + take the LOG_ERR flag off of some of pam_console's new messages.
- Merge last MDK changes:
  + set all sound stuff to audio group;
  + add cdburner permissions;
  + add %_pamdir/system-auth;
  + noreplace configs.

* Mon Sep 04 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl8mdk
- Merge with last MDK changes.

* Fri Jul 21 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl7mdk
- Merge with last RH changes.
- Added: BSDIcrypt support.

* Wed May 31 2000 Dmitry V. Levin <ldv на fandra.org> 0.72-ipl6mdk
- Package splitplit into %name, %name-devel and %name-doc packages
- RE adaptions.

* Tue Feb 22 2000 Dmitry V. Levin <ldv на fandra.org>
- Fixes:
  + read_string bugfix
  + real buildroot packaging
- more documentation included
- Fandra adaptions.

* Sat Feb 05 2000 Nalin Dahyabhai <nalin на redhat.com>
- Fix pam_xauth bug #6191.

* Thu Feb 03 2000 Elliot Lee <sopwith на redhat.com>
- Add a patch to accept 'pts/N' in /etc/securetty as a match for tty '5'
  (which is what other pieces of the system think it is). Fixes bug #7641.

* Mon Jan 31 2000 Nalin Dahyabhai <nalin на redhat.com>
- argh, turn off gratuitous debugging

* Wed Jan 19 2000 Nalin Dahyabhai <nalin на redhat.com>
- update to 0.72
- fix pam_unix password-changing bug
- fix pam_unix's cracklib support
- change package URL

* Mon Jan 03 2000 Cristian Gafton <gafton на redhat.com>
- don't allow '/' on service_name

* Thu Oct 21 1999 Cristian Gafton <gafton на redhat.com>
- enhance the pam_userdb module some more

* Fri Sep 24 1999 Cristian Gafton <gafton на redhat.com>
- add documenatation

* Tue Sep 21 1999 Michael K. Johnson <johnsonm на redhat.com>
- a tiny change to pam_console to make it not loose track of console users

* Mon Sep 20 1999 Michael K. Johnson <johnsonm на redhat.com>
- a few fixes to pam_xauth to make it more robust

* Wed Jul 14 1999 Michael K. Johnson <johnsonm на redhat.com>
- pam_console: added <xconsole> to manage /dev/console

* Thu Jul 01 1999 Michael K. Johnson <johnsonm на redhat.com>
- pam_xauth: New refcounting implementation based on idea from Stephen Tweedie

* Sat Apr 17 1999 Michael K. Johnson <johnsonm на redhat.com>
- added video4linux devices to /etc/security/console.perms

* Fri Apr 16 1999 Michael K. Johnson <johnsonm на redhat.com>
- added joystick lines to /etc/security/console.perms

* Thu Apr 15 1999 Michael K. Johnson <johnsonm на redhat.com>
- fixed a couple segfaults in pam_xauth uncovered by yesterday's fix...

* Wed Apr 14 1999 Cristian Gafton <gafton на redhat.com>
- use gcc -shared to link the shared libs

* Wed Apr 14 1999 Michael K. Johnson <johnsonm на redhat.com>
- many bug fixes in pam_xauth
- pam_console can now handle broken applications that do not set
  the PAM_TTY item.

* Tue Apr 13 1999 Michael K. Johnson <johnsonm на redhat.com>
- fixed glob/regexp confusion in pam_console, added kbd and fixed fb devices
- added pam_xauth module

* Sat Apr 10 1999 Cristian Gafton <gafton на redhat.com>
- pam_lastlog does wtmp handling now

* Thu Apr 08 1999 Michael K. Johnson <johnsonm на redhat.com>
- added option parsing to pam_console
- added framebuffer devices to default console.perms settings

* Wed Apr 07 1999 Cristian Gafton <gafton на redhat.com>
- fixed empty passwd handling in pam_pwdb

* Mon Mar 29 1999 Michael K. Johnson <johnsonm на redhat.com>
- changed /dev/cdrom default user permissions back to 0600 in console.perms
  because some cdrom players open O_RDWR.

* Fri Mar 26 1999 Michael K. Johnson <johnsonm на redhat.com>
- added /dev/jaz and /dev/zip to console.perms

* Thu Mar 25 1999 Michael K. Johnson <johnsonm на redhat.com>
- changed the default user permissions for /dev/cdrom to 0400 in console.perms

* Fri Mar 19 1999 Michael K. Johnson <johnsonm на redhat.com>
- fixed a few bugs in pam_console

* Thu Mar 18 1999 Michael K. Johnson <johnsonm на redhat.com>
- pam_console authentication working
- added /etc/security/console.apps directory

* Mon Mar 15 1999 Michael K. Johnson <johnsonm на redhat.com>
- added pam_console files to filelist

* Fri Feb 12 1999 Cristian Gafton <gafton на redhat.com>
- upgraded to 0.66, some source cleanups

* Mon Dec 28 1998 Cristian Gafton <gafton на redhat.com>
- add patch from Savochkin Andrey Vladimirovich <saw на msu.ru> for umask
  security risk

* Fri Dec 18 1998 Cristian Gafton <gafton на redhat.com>
- upgrade to ver 0.65
- build the package out of internal CVS server
----------- следующая часть -----------
Было удалено вложение не в текстовом формате...
Имя     : =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Тип     : application/pgp-signature
Размер  : 232 байтов
Описание: =?iso-8859-1?q?=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4?=
Url     : <http://lists.altlinux.org/pipermail/sisyphus/attachments/20010522/16e404f3/attachment-0012.bin>


Подробная информация о списке рассылки Sisyphus