Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2010-10-04  Dmitry V. Levin  <ldv@altlinux.org>

	* libpam/pam_modutil_priv.c: New file.
	* libpam/Makefile.am (libpam_la_SOURCES): Add it.
	* libpam/include/security/pam_modutil.h (struct pam_modutil_privs,
	PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv,
	pam_modutil_regain_priv): New declarations.
	* libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface.
	* modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface.
	* modules/pam_mail/pam_mail.c (_do_mail): Likewise.
	* modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session,
	pam_sm_close_session): Likewise.
	(pam_sm_open_session): Remove redundant fchown call.
	Fixes CVE-2010-3430, CVE-2010-3431.

1 files changed, 24 insertions, 0 deletions

diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h
index ffdf5ad0..317202de 100644
--- a/libpam/include/security/pam_modutil.h
+++ b/libpam/include/security/pam_modutil.h
@@ -100,6 +100,30 @@ pam_modutil_write(int fd, const char *buffer, int count);
 extern int PAM_NONNULL((1,3))
 pam_modutil_audit_write(pam_handle_t *pamh, int type,
 			const char *message, int retval);
+
+struct pam_modutil_privs {
+	gid_t *grplist;
+	int number_of_groups;
+	int allocated;
+	gid_t old_gid;
+	uid_t old_uid;
+	int is_dropped;
+};
+
+#define PAM_MODUTIL_NGROUPS     64
+#define PAM_MODUTIL_DEF_PRIVS(n) \
+	gid_t n##_grplist[PAM_MODUTIL_NGROUPS]; \
+	struct pam_modutil_privs n = { n##_grplist, PAM_MODUTIL_NGROUPS, 0, -1, -1, 0 }
+
+extern int PAM_NONNULL((1,2,3))
+pam_modutil_drop_priv(pam_handle_t *pamh,
+		      struct pam_modutil_privs *p,
+		      const struct passwd *pw);
+
+extern int PAM_NONNULL((1,2))
+pam_modutil_regain_priv(pam_handle_t *pamh,
+		      struct pam_modutil_privs *p);
+
 #ifdef __cplusplus
 }
 #endif