Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pam for openSUSE:Factory checked in at 2022-10-15 16:34:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pam (Old) and /work/SRC/openSUSE:Factory/.pam.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam" Sat Oct 15 16:34:52 2022 rev:123 rq:1010468 version:1.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/pam/pam.changes 2022-07-07 12:57:16.615315470 +0200 +++ /work/SRC/openSUSE:Factory/.pam.new.2275/pam.changes 2022-10-15 16:36:07.469961225 +0200 @@ -1,0 +2,6 @@ +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert <[email protected]> + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- New: ---- pam_env_econf.patch tst-pam_env-retval.c ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pam.spec ++++++ --- /var/tmp/diff_new_pack.pjJ57O/_old 2022-10-15 16:36:08.537963791 +0200 +++ /var/tmp/diff_new_pack.pjJ57O/_new 2022-10-15 16:36:08.541963801 +0200 @@ -64,12 +64,14 @@ Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc +Source16: tst-pam_env-retval.c Patch1: pam-limit-nproc.patch Patch2: pam-hostnames-in-access_conf.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch Patch10: pam_xauth_data.3.xml.patch Patch11: pam-git.diff +Patch12: pam_env_econf.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -175,12 +177,14 @@ %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . +cp %{SOURCE16} ./modules/pam_env %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %build bash ./pam-login_defs-check.sh ++++++ pam_env_econf.patch ++++++ ++++ 1020 lines (skipped) ++++++ tst-pam_env-retval.c ++++++ /* * Check pam_env return values. * * Copyright (c) 2020-2022 Dmitry V. Levin <[email protected]> * Copyright (c) 2022 Stefan Schubert <[email protected]> */ #include "test_assert.h" #include <limits.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/stat.h> #include <security/pam_appl.h> #define MODULE_NAME "pam_env" #define TEST_NAME "tst-" MODULE_NAME "-retval" #define TEST_NAME_DIR TEST_NAME ".dir" static const char service_file[] = TEST_NAME ".service"; static const char missing_file[] = TEST_NAME ".missing"; static const char dir[] = TEST_NAME_DIR; static const char dir_usr[] = TEST_NAME_DIR "/usr"; static const char dir_usr_etc[] = TEST_NAME_DIR "/usr/etc"; static const char dir_usr_etc_security[] = TEST_NAME_DIR "/usr/etc/security"; static const char my_conf[] = TEST_NAME ".conf"; static const char my_env[] = TEST_NAME ".env"; static const char usr_env[] = TEST_NAME_DIR "/usr/etc/environment"; static const char usr_conf[] = TEST_NAME_DIR "/usr/etc/security/pam_env.conf"; static struct pam_conv conv; static void setup(void) { FILE *fp; ASSERT_EQ(0, mkdir(dir, 0755)); ASSERT_EQ(0, mkdir(dir_usr, 0755)); ASSERT_EQ(0, mkdir(dir_usr_etc, 0755)); ASSERT_EQ(0, mkdir(dir_usr_etc_security, 0755)); ASSERT_NE(NULL, fp = fopen(my_conf, "w")); ASSERT_LT(0, fprintf(fp, "EDITOR\tDEFAULT=vim\n" "PAGER\tDEFAULT=more\n")); ASSERT_EQ(0, fclose(fp)); ASSERT_NE(NULL, fp = fopen(my_env, "w")); ASSERT_LT(0, fprintf(fp, "test_value=foo\n" "test2_value=bar\n")); ASSERT_EQ(0, fclose(fp)); ASSERT_NE(NULL, fp = fopen(usr_env, "w")); ASSERT_LT(0, fprintf(fp, "usr_etc_test=foo\n" "usr_etc_test2=bar\n")); ASSERT_EQ(0, fclose(fp)); ASSERT_NE(NULL, fp = fopen(usr_conf, "w")); ASSERT_LT(0, fprintf(fp, "PAGER DEFAULT=emacs\n" "MANPAGER DEFAULT=less\n")); ASSERT_EQ(0, fclose(fp)); } static void cleanup(void) { ASSERT_EQ(0, unlink(my_conf)); ASSERT_EQ(0, unlink(my_env)); ASSERT_EQ(0, unlink(usr_env)); ASSERT_EQ(0, unlink(usr_conf)); ASSERT_EQ(0, rmdir(dir_usr_etc_security)); ASSERT_EQ(0, rmdir(dir_usr_etc)); ASSERT_EQ(0, rmdir(dir_usr)); ASSERT_EQ(0, rmdir(dir)); } static void check_array(const char **array1, char **array2) { for (const char **a1 = array1; *a1 != NULL; ++a1) { char **a2; for (a2 = array2; *a2 != NULL; ++a2) { if (strcmp(*a1, *a2) == 0) break; } ASSERT_NE(NULL, *a2); } } static void check_env(const char **list) { pam_handle_t *pamh = NULL; ASSERT_EQ(PAM_SUCCESS, pam_start_confdir(service_file, "", &conv, ".", &pamh)); ASSERT_NE(NULL, pamh); ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); char **env_list = pam_getenvlist(pamh); ASSERT_NE(NULL, env_list); check_array(list, env_list); for (char **e = env_list; *e != NULL; ++e) free(*e); free(env_list); ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); } int main(void) { pam_handle_t *pamh = NULL; FILE *fp; char cwd[PATH_MAX]; ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); setup(); /* * When conffile= specifies a missing file, all methods except * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. * The return code of the stack where every module returns PAM_IGNORE * is PAM_PERM_DENIED. */ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" "auth required %s/.libs/%s.so conffile=%s/%s\n" "account required %s/.libs/%s.so conffile=%s/%s\n" "password required %s/.libs/%s.so conffile=%s/%s\n" "session required %s/.libs/%s.so conffile=%s/%s\n", cwd, MODULE_NAME, cwd, missing_file, cwd, MODULE_NAME, cwd, missing_file, cwd, MODULE_NAME, cwd, missing_file, cwd, MODULE_NAME, cwd, missing_file)); ASSERT_EQ(0, fclose(fp)); ASSERT_EQ(PAM_SUCCESS, pam_start_confdir(service_file, "", &conv, ".", &pamh)); ASSERT_NE(NULL, pamh); ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, 0)); ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0)); ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); pamh = NULL; /* * When conffile= specifies a missing file, all methods except * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. * pam_permit is added after pam_env to convert PAM_IGNORE to PAM_SUCCESS. */ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" "auth required %s/.libs/%s.so conffile=%s/%s\n" "auth required %s/../pam_permit/.libs/pam_permit.so\n" "account required %s/.libs/%s.so conffile=%s/%s\n" "account required %s/../pam_permit/.libs/pam_permit.so\n" "password required %s/.libs/%s.so conffile=%s/%s\n" "password required %s/../pam_permit/.libs/pam_permit.so\n" "session required %s/.libs/%s.so conffile=%s/%s\n" "session required %s/../pam_permit/.libs/pam_permit.so\n", cwd, MODULE_NAME, cwd, missing_file, cwd, cwd, MODULE_NAME, cwd, missing_file, cwd, cwd, MODULE_NAME, cwd, missing_file, cwd, cwd, MODULE_NAME, cwd, missing_file, cwd)); ASSERT_EQ(0, fclose(fp)); ASSERT_EQ(PAM_SUCCESS, pam_start_confdir(service_file, "", &conv, ".", &pamh)); ASSERT_NE(NULL, pamh); ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); pamh = NULL; /* * conffile= specifies an existing file, * envfile= specifies an empty file. */ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" "session required %s/.libs/%s.so" " conffile=%s/%s envfile=%s\n", cwd, MODULE_NAME, cwd, my_conf, "/dev/null")); ASSERT_EQ(0, fclose(fp)); const char *env1[] = { "EDITOR=vim", "PAGER=more", NULL }; check_env(env1); /* * conffile= specifies an empty file, * envfile= specifies an existing file. */ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" "session required %s/.libs/%s.so" " conffile=%s envfile=%s/%s\n", cwd, MODULE_NAME, "/dev/null", cwd, my_env)); ASSERT_EQ(0, fclose(fp)); const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; check_env(env2); #if defined (USE_ECONF) && defined (VENDORDIR) /* envfile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" "session required %s/.libs/%s.so" " conffile=%s envfile=%s/%s/\n", cwd, MODULE_NAME, "/dev/null", cwd, dir)); ASSERT_EQ(0, fclose(fp)); const char *env3[] = {"usr_etc_test=foo", "usr_etc_test2=bar", NULL}; check_env(env3); /* conffile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" "session required %s/.libs/%s.so" " conffile=%s/%s/ envfile=%s\n", cwd, MODULE_NAME, cwd, dir, "/dev/null")); ASSERT_EQ(0, fclose(fp)); const char *env4[] = {"PAGER=emacs", "MANPAGER=less", NULL}; check_env(env4); #endif /* cleanup */ cleanup(); ASSERT_EQ(0, unlink(service_file)); return 0; }
