app/xdm/pam_user.patch

	pam_user.patch revision 1141
98N/AFrom 504bb1aee60d570d8676a61acbe32c66d6069c45 Mon Sep 17 00:00:00 2001
98N/AFrom: Dmitry V. Levin <ldv@altlinux.org>
1246N/ADate: Tue, 12 Jan 2010 14:38:33 +0000
98N/ASubject: [PATCH:xdm] greeter: fix logging of failed login attempts
98N/A
919N/AWhen PAM rejects a login attempt, the "username" variable remains
919N/Auninitialized, which results to garbage being syslogged instead of
919N/Alogin name.  Explicit initialization helps to avoid this issue.
919N/A
919N/AFixes FreeDesktop Bug #26015 <https://bugs.freedesktop.org/show_bug.cgi?id=26015>
919N/A
919N/ASigned-off-by: Dmitry V. Levin <ldv@altlinux.org>
919N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
919N/A---
919N/A greeter/greet.c |    2 +-
919N/A 1 files changed, 1 insertions(+), 1 deletions(-)
919N/A
919N/Adiff --git a/greeter/greet.c b/greeter/greet.c
919N/Aindex 61c7a52..f4c972b 100644
919N/A--- a/greeter/greet.c
919N/A+++ b/greeter/greet.c
919N/A@@ -500,7 +500,7 @@ greet_user_rtn GreetUser(
98N/A    struct myconv_data pcd      = { d, greet, NULL };
98N/A    struct pam_conv   pc        = { pamconv, &pcd };
98N/A    const char *      pam_fname;
98N/A-   char *        username;
810N/A+   char *        username  = NULL;
810N/A    const char *      login_prompt;
810N/A
810N/A
354N/A
354N/A--
354N/A1.7.3.2
354N/A
354N/AFrom afc752d1c483e77de9aa3cb9532a67d95fd27dd9 Mon Sep 17 00:00:00 2001
354N/AFrom: Alan Coopersmith <alan.coopersmith@sun.com>
354N/ADate: Tue, 16 Mar 2010 11:23:30 -0700
354N/ASubject: [PATCH:xdm] Make sure username is not NULL when calling syslog from FailedLogin()
606N/A
810N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@sun.com>
1123N/A---
606N/A greeter/greet.c |    7 ++++++-
354N/A 1 files changed, 6 insertions(+), 1 deletions(-)
810N/A
824N/Adiff --git a/greeter/greet.c b/greeter/greet.c
810N/Aindex 7f235ef..1afe2f1 100644
830N/A--- a/greeter/greet.c
1026N/A+++ b/greeter/greet.c
810N/A@@ -410,9 +410,14 @@ static void
1029N/A FailedLogin (struct display *d, struct greet_info *greet)
1123N/A {
1123N/A #ifdef USE_SYSLOG
1123N/A+    const char *username = greet->name;
1123N/A+
1123N/A+    if (username == NULL)
810N/A+   username = "username unavailable";
810N/A+
810N/A     syslog(LOG_AUTHPRIV|LOG_NOTICE,
1123N/A       "LOGIN FAILURE ON %s, %s",
810N/A-      d->name, greet->name);
851N/A+      d->name, username);
851N/A #endif
810N/A     DrawFail (login);
810N/A #ifndef USE_PAM
810N/A--
810N/A1.7.3.2
810N/A
851N/A
810N/AFrom e7986c0bc2ce191ddf27b385585454e946838805 Mon Sep 17 00:00:00 2001
851N/AFrom: Alan Coopersmith <alan.coopersmith@oracle.com>
810N/ADate: Thu, 2 Jun 2011 21:39:16 -0700
810N/ASubject: [PATCH:xdm] Stop using username retrieved from PAM before pam_end frees it.
810N/A
810N/AThe first time a failed login message was syslogged it had the right
810N/Ausername, but subsequent ones kept reusing that pointer, even though
810N/APAM had freed it and it may have been reused and filled with something
851N/Aelse, resulting in garbage user names for the later login failures.
810N/A
851N/ASigned-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
1010N/A---
851N/A greeter/greet.c |    4 ++++
810N/A 1 files changed, 4 insertions(+), 0 deletions(-)
810N/A
810N/Adiff --git a/greeter/greet.c b/greeter/greet.c
810N/Aindex 5182650..8426a65 100644
810N/A--- a/greeter/greet.c
810N/A+++ b/greeter/greet.c
1246N/A@@ -615,6 +615,10 @@ greet_user_rtn GreetUser(
1029N/A        greet->name = username;
810N/A        }
851N/A        FailedLogin (d, greet);
851N/A+       if (greet->name == username) {
851N/A+       /* pam_end frees the value returned by pam_get_item */
851N/A+       greet->name = NULL;
851N/A+       }
98N/A        RUN_AND_CHECK_PAM_ERROR(pam_end,
824N/A                    (*pamhp, pam_error));
98N/A    }
98N/A--
830N/A1.7.3.2
1026N/A
851N/A