Your message dated Mon, 26 Sep 2005 20:47:07 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#327876: fixed in pam 0.79-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Sep 2005 17:36:03 +0000
>From [EMAIL PROTECTED] Mon Sep 12 10:36:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.metronet.co.uk [213.162.97.75]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EEsDr-0004C3-00; Mon, 12 Sep 2005 10:36:03 -0700
Received: from riva.pelham.vpn.ucam.org
(83-216-156-196.colinw664.adsl.metronet.co.uk [83.216.156.196])
by smtp.metronet.co.uk (MetroNet Mail) with ESMTP id 7481C415A6C
for <[EMAIL PROTECTED]>; Mon, 12 Sep 2005 18:35:46 +0100 (BST)
Received: from cjwatson by riva.pelham.vpn.ucam.org with local (Exim 3.36 #1
(Debian))
for [EMAIL PROTECTED]
id 1EEsDn-0002Ws-00; Mon, 12 Sep 2005 18:35:59 +0100
Date: Mon, 12 Sep 2005 18:35:59 +0100
From: Colin Watson <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: pam_getenv doesn't work at all
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="BwCQnh7xodEAoBMC"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--BwCQnh7xodEAoBMC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: libpam-runtime
Version: 0.76-22
Severity: important
Tags: patch
pam_getenv doesn't work at all. It has the following problems:
* It attempts to parse /etc/environment using the syntax of
/etc/security/pam_env.conf (the DEFAULT and OVERRIDE stuff). That
won't work.
* It says 'my $val;' inside a block, and then attempts to access $val
outside that block.
* It exits zero even when it fails to find the environment variable
you asked for. I suppose this might not be considered a bug, but it
seems likely to cause unreliability in scripts that could otherwise
say something like 'LANG="$(pam_getenv -l LANG || echo C)"'.
The attached patch corrects these problems. I won't really object much
if you decide it should exit zero, but the script is useless unless the
other two points are fixed.
Thanks,
--
Colin Watson [EMAIL PROTECTED]
--BwCQnh7xodEAoBMC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="pam_getenv.patch"
diff -u pam-0.76/debian/local/pam_getenv pam-0.76/debian/local/pam_getenv
--- pam-0.76/debian/local/pam_getenv
+++ pam-0.76/debian/local/pam_getenv
@@ -23,6 +23,11 @@
system locale information. These options will allow this script to be
a stable interface even in that environment.
+=head1 EXIT STATUS
+
+Zero if the environment variable was found; non-zero if it was not found or
+if some error occurred.
+
=cut
# Copyright 2004 by Sam Hartman
@@ -30,12 +35,13 @@
# version 2, or at your option any later version.
use strict;
-use vars qw(*ENVFILE);
+use vars qw(*CONFIGFILE *ENVFILE);
-sub read_line() {
+sub read_line($) {
+ my $fh = shift;
my $line;
local $_;
- line: while (<ENVFILE>) {
+ line: while (<$fh>) {
chomp;
s/^\s+//;
s/\#.*$//;
@@ -81,21 +87,44 @@
-
-
-open (ENVFILE, "/etc/environment")
- or die "Cannot open environment file: $!\n";
-
+my $lookup;
while ($_ = shift) {
next if $_ eq "-s";
next if $_ eq "-l";
-my $var;
- variable: while ($var = parse_line(read_line())) {
- my $val;
- next variable unless $var->{Name} eq $_;
-unless ($val = expand_val($var->{Override})) {
- $val = expand_val($var->{Default});
+ $lookup = $_;
+ last;
+}
+
+unless (defined $lookup) {
+ die "Usage: pam_getenv [-l] [-s] env_var\n";
}
- print ($val, "\n");
- exit(0);
+
+my %allvars;
+
+open (CONFIGFILE, "/etc/security/pam_env.conf")
+ or die "Cannot open environment file: $!\n";
+
+while (my $var = parse_line(read_line(\*CONFIGFILE))) {
+ my $val;
+ unless ($val = expand_val($var->{Override})) {
+ $val = expand_val($var->{Default});
}
+ $allvars{$var->{Name}} = $val;
}
-
+if (open (ENVFILE, "/etc/environment")) {
+ while (my $line = read_line(\*ENVFILE)) {
+ $line =~ s/^export //;
+ $line =~ /(.*?)=(.+)/ or next;
+ my ($var, $val) = ($1, $2);
+ # This is bizarre logic (" and ' match each other, quotes are only
+ # significant at the start and end of the string, and the trailing quote
+ # may be omitted), but it's what pam_env does.
+ $val =~ s/^["'](.*?)["']?$/$1/;
+ $allvars{$var} = $val;
+ }
+}
+
+if (exists $allvars{$lookup}) {
+ print $allvars{$lookup}, "\n";
+ exit(0);
+} else {
+ exit(1);
+}
diff -u pam-0.76/debian/changelog pam-0.76/debian/changelog
--- pam-0.76/debian/changelog
+++ pam-0.76/debian/changelog
@@ -1,3 +1,14 @@
+pam (0.76-22ubuntu3) breezy; urgency=low
+
+ * Fix pam_getenv, which never worked:
+ - Parse /etc/security/pam_env.conf using its own syntax, and then
+ /etc/environment using its own syntax rather than the syntax of
+ /etc/security/pam_env.conf.
+ - 'my $val' was used in an incorrect scope; fixed.
+ - Exit non-zero if the requested environment variable is not found.
+
+ -- Colin Watson <[EMAIL PROTECTED]> Mon, 12 Sep 2005 18:32:54 +0100
+
pam (0.76-22ubuntu2) breezy; urgency=low
* debian/rules: Install unix_chkpwd setgid shadow instead of setuid root.
--BwCQnh7xodEAoBMC--
---------------------------------------
Received: (at 327876-close) by bugs.debian.org; 27 Sep 2005 03:48:42 +0000
>From [EMAIL PROTECTED] Mon Sep 26 20:48:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EK6Qt-0002hk-00; Mon, 26 Sep 2005 20:47:07 -0700
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#327876: fixed in pam 0.79-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 26 Sep 2005 20:47:07 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 8
Source: pam
Source-Version: 0.79-1
We believe that the bug you reported is fixed in the latest version of
pam, which is due to be installed in the Debian FTP archive:
libpam-cracklib_0.79-1_i386.deb
to pool/main/p/pam/libpam-cracklib_0.79-1_i386.deb
libpam-doc_0.79-1_all.deb
to pool/main/p/pam/libpam-doc_0.79-1_all.deb
libpam-modules_0.79-1_i386.deb
to pool/main/p/pam/libpam-modules_0.79-1_i386.deb
libpam-runtime_0.79-1_all.deb
to pool/main/p/pam/libpam-runtime_0.79-1_all.deb
libpam0g-dev_0.79-1_i386.deb
to pool/main/p/pam/libpam0g-dev_0.79-1_i386.deb
libpam0g_0.79-1_i386.deb
to pool/main/p/pam/libpam0g_0.79-1_i386.deb
pam_0.79-1.diff.gz
to pool/main/p/pam/pam_0.79-1.diff.gz
pam_0.79-1.dsc
to pool/main/p/pam/pam_0.79-1.dsc
pam_0.79.orig.tar.gz
to pool/main/p/pam/pam_0.79.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve Langasek <[EMAIL PROTECTED]> (supplier of updated pam package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 25 Sep 2005 22:08:20 -0700
Source: pam
Binary: libpam0g-dev libpam0g libpam-modules libpam-doc libpam-runtime
libpam-cracklib
Architecture: source i386 all
Version: 0.79-1
Distribution: unstable
Urgency: low
Maintainer: Sam Hartman <[EMAIL PROTECTED]>
Changed-By: Steve Langasek <[EMAIL PROTECTED]>
Description:
libpam-cracklib - PAM module to enable cracklib support.
libpam-doc - Documentation of PAM
libpam-modules - Pluggable Authentication Modules for PAM
libpam-runtime - Runtime support for the PAM library
libpam0g - Pluggable Authentication Modules library
libpam0g-dev - Development files for PAM
Closes: 248310 249499 284954 295296 300775 319026 323982 327876 330097
Changes:
pam (0.79-1) unstable; urgency=low
.
* New upstream version (closes: #284954, #300775).
- includes some fixes for typos (closes: #319026).
- pam_unix should now be LSB 3.0-compliant (closes: #323982).
- fixes segfaults in libpam on config file syntax errors
(closes: #330097).
* Drop patches 000_bootstrap, 004_libpam_makefile_static_works,
011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes,
025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set,
033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE,
035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required,
041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors,
051_32_bit_pam_lastlog_ll_time, and
053_pam_unix_user_known_returns_user_unknown which have been
integrated upstream.
* Merge one last bit of patch 053 into patch 043, where it should have
been in the first place
* Patch 057: SELinux support:
- add support to pam_unix for copying SELinux security contexts when
writing out new passwd/shadow files and creating lockfiles
- support calling unix_chkpwd if opening /etc/shadow fails due to
SELinux permissions
- allow unix_chkpwd to authenticate for any user when in an SELinux
context (hurray!); we depend on SELinux policies to prevent the
helper's use as a brute force tool
- also support querying user expiration info via unix_chkpwd
- misc cleanup: clean up file descriptors when invoking unix_chkpwd
(closes: #248310)
- make pam_rootok check the SELinux passwd class permissions, not just
the uid
- add new pam_selinux module (closes: #249499)
* Build-depend on libselinux1-dev.
* Fix pam_getenv, so that it can read the actual format of /etc/environment
instead of trying to read it using the syntax of
/etc/security/pam_env.conf; thanks to Colin Watson for the patch.
Closes: #327876.
* Set LC_COLLATE=C when using alphabetic range expressions in
debian/rules; bah, so *that's* what kept happening to my README file
when trying to build out of svn! Closes: #295296.
* Add a reference to the text of the GPL to debian/copyright.
Files:
b538a52de86f4ec392e47e916de5da26 935 base optional pam_0.79-1.dsc
e33cc6e6fd86b01d0a44ec3232a2fb74 491964 base optional pam_0.79.orig.tar.gz
76b7ed9a2ce75c3b98a5c08d07d53e95 127029 base optional pam_0.79-1.diff.gz
712ee3ba2994dcde53cfc1a1d902822c 62900 base required
libpam-runtime_0.79-1_all.deb
9f6225763560fba7b5160a71077a6389 674712 doc optional libpam-doc_0.79-1_all.deb
97b75dfca8ecaf2643107673df7bee46 77758 base required libpam0g_0.79-1_i386.deb
f8d043742dacff0b1da3fdc45e7d83cb 181676 base required
libpam-modules_0.79-1_i386.deb
ecbf56a7bb3930a2eff53573595d1558 115480 libdevel optional
libpam0g-dev_0.79-1_i386.deb
0aa8356c9bbd004a0294e9a3f6cb0f38 57820 libs optional
libpam-cracklib_0.79-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDOIxvKN6ufymYLloRAk5PAJ4pIunm/TewJai4u7AJxIdWyQFGtgCeMTdc
1Ewv31KV3kxWGlHBPzSxX+g=
=QPW8
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
