Bug#385068: add some pam features

General Stone Mon, 28 Aug 2006 14:12:18 -0700

Package: cupsys
Version: 1.2.2-1
Severity: wishlist
Tags: patch

Please add these pam features:


1) pam_set_item(pamh, PAM_TTY, "cups")
   -----------------------------------
   Need by some pam-modules which need the 'tty' variable, like
   pam_group, pam_access, pam_time, etc.

2) pam_set_item(pamh, PAM_RHOST, con->http.hostname)
   -------------------------------------------------
   Usefull for some pam-modules like pam_access, etc and for the logs,
   which are created by pam.

3) pam_setcred(pamh, PAM_ESTABLISH_CRED|PAM_SILENT)
   ------------------------------------------------
   Need by some pam-modules like pam_tally, pam_group, etc.


The patch is in the attachment and for the original tarball.

Thanks.

- Markus Nass

-- 
Key fingerprint = DC3C 257C 2B71 8FA4 F609  F7F7 7C14 F806 5665 77FD

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Was nicht fliegen kann, kann auch nicht abstürzen.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff -urN old/cups-1.2.2/scheduler/auth.c new/cups-1.2.2/scheduler/auth.c
--- old/cups-1.2.2/scheduler/auth.c     2006-06-07 22:58:29.000000000 +0200
+++ new/cups-1.2.2/scheduler/auth.c     2006-08-28 21:28:59.000000000 +0200
@@ -510,6 +510,28 @@
              return;
            }
 
+           pamerr = pam_set_item(pamh, PAM_TTY, "cups");
+           if (pamerr != PAM_SUCCESS)
+           {
+             cupsdLogMessage(CUPSD_LOG_ERROR,
+                             "cupsdAuthorize: pam_set_item() returned %d "
+                             "(%s)!\n",
+                             pamerr, pam_strerror(pamh, pamerr));
+             pam_end(pamh, 0);
+             return;
+           }
+
+           pamerr = pam_set_item(pamh, PAM_RHOST, con->http.hostname);
+           if (pamerr != PAM_SUCCESS)
+           {
+             cupsdLogMessage(CUPSD_LOG_ERROR,
+                             "cupsdAuthorize: pam_set_item() returned %d "
+                             "(%s)!\n",
+                             pamerr, pam_strerror(pamh, pamerr));
+             pam_end(pamh, 0);
+             return;
+           }
+
            pamerr = pam_authenticate(pamh, PAM_SILENT);
            if (pamerr != PAM_SUCCESS)
            {
@@ -532,6 +554,17 @@
              return;
            }
 
+           pamerr = pam_setcred(pamh, PAM_ESTABLISH_CRED|PAM_SILENT);
+           if (pamerr != PAM_SUCCESS)
+           {
+             cupsdLogMessage(CUPSD_LOG_ERROR,
+                             "cupsdAuthorize: pam_setcred() returned %d "
+                             "(%s)!\n",
+                             pamerr, pam_strerror(pamh, pamerr));
+             pam_end(pamh, 0);
+             return;
+           }
+
            pam_end(pamh, PAM_SUCCESS);
 
 #elif defined(HAVE_USERSEC_H)

signature.asc
Description: OpenPGP digital signature

Bug#385068: add some pam features

Reply via email to