From 48f76ecb25bae6ab86468be253b17de38b55b08d Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Tue, 23 Aug 2005 13:44:21 +0000
Subject: Relevant BUGIDs: none

Purpose of commit: new feature

Commit summary:
---------------

Change major version number back to "0".
Add more patches from ALT-Linux/OWL:
---
 CHANGELOG                       |   6 ++-
 libpam/Makefile.am              |   2 +-
 libpam/pam_item.c               |  10 +++-
 libpam/pam_private.h            |   1 +
 libpam_misc/Makefile.am         |   2 +-
 libpamc/Makefile.am             |   2 +-
 modules/pam_limits/pam_limits.c |  24 +++++----
 modules/pam_motd/pam_motd.c     | 110 ++++++++++++++++++++--------------------
 po/de.po                        |   2 +-
 9 files changed, 88 insertions(+), 71 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 238dec06..52d550f8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -77,7 +77,11 @@ BerliOS Bugs are marked with (BerliOS #XXXX).
 * pam_securetty: Be fail-close on user lookups, always log failures,
   not just with "debug" (Solar Designer)
 * Add gettext support
-* Add translations for cs, hu, nb, pa and pt
+* Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR,
+  pt, zh_CN and zh_TW
+* pam_limits: Apply ALT-Linux/OWL patch
+* pam_motd: Apply ALT-Linux/OWL patch
+* libpam: Cache pam_get_user() failures
 
 0.80: Wed Jul 13 13:23:20 CEST 2005
 * pam_tally: test for NULL data before dereferencing them (t8m)
diff --git a/libpam/Makefile.am b/libpam/Makefile.am
index 9cf45e82..f33c3db3 100644
--- a/libpam/Makefile.am
+++ b/libpam/Makefile.am
@@ -14,7 +14,7 @@ include_HEADERS = $(addprefix include/security/, _pam_compat.h _pam_macros.h _pa
 
 noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h
 
-libpam_la_LDFLAGS = -no-undefined -version-info 1:0:0
+libpam_la_LDFLAGS = -no-undefined -version-info 81:0:81
 if HAVE_VERSIONING
   libpam_la_LDFLAGS += -Wl,--version-script=libpam.map
 endif
diff --git a/libpam/pam_item.c b/libpam/pam_item.c
index 96e88247..ff35559e 100644
--- a/libpam/pam_item.c
+++ b/libpam/pam_item.c
@@ -50,10 +50,12 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item)
 
     case PAM_USER:
 	RESET(pamh->user, item);
+	pamh->former.fail_user = PAM_SUCCESS;
 	break;
 
     case PAM_USER_PROMPT:
 	RESET(pamh->prompt, item);
+	pamh->former.fail_user = PAM_SUCCESS;
 	break;
 
     case PAM_TTY:
@@ -127,6 +129,7 @@ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item)
 		memcpy(tconv, item, sizeof(struct pam_conv));
 		_pam_drop(pamh->pam_conversation);
 		pamh->pam_conversation = tconv;
+		pamh->former.fail_user = PAM_SUCCESS;
 	    }
 	}
         break;
@@ -254,6 +257,9 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
 	return PAM_SUCCESS;
     }
 
+    if (pamh->former.fail_user != PAM_SUCCESS)
+	return pamh->former.fail_user;
+
     /* will need a prompt */
     use_prompt = prompt;
     if (use_prompt == NULL) {
@@ -308,6 +314,7 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
 	 */
 	D(("pam_get_user: no response provided"));
 	retval = PAM_CONV_ERR;
+	pamh->former.fail_user = retval;
     } else if (retval == PAM_SUCCESS) {            /* copy the username */
 	/*
 	 * now we set the PAM_USER item -- this was missing from pre.53
@@ -316,7 +323,8 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
 	 */
 	RESET(pamh->user, resp->resp);
 	*user = pamh->user;
-    }
+    } else
+	pamh->former.fail_user = retval;
 
     if (resp) {
 	/*
diff --git a/libpam/pam_private.h b/libpam/pam_private.h
index 9d759ca9..53375bbb 100644
--- a/libpam/pam_private.h
+++ b/libpam/pam_private.h
@@ -122,6 +122,7 @@ struct _pam_former_state {
     int status;            /* the status before returning incomplete */
 
 /* state info used by pam_get_user() function */
+    int fail_user;
     int want_user;
     char *prompt;          /* saved prompt information */
 
diff --git a/libpam_misc/Makefile.am b/libpam_misc/Makefile.am
index b5bc9048..25d83b2e 100644
--- a/libpam_misc/Makefile.am
+++ b/libpam_misc/Makefile.am
@@ -11,7 +11,7 @@ include_HEADERS = include/security/pam_misc.h
 AM_CFLAGS = -I$(top_srcdir)/libpam/include \
 	-I$(top_srcdir)/libpamc/include -I$(srcdir)/include
 
-libpam_misc_la_LDFLAGS = -version-info 1:0:0
+libpam_misc_la_LDFLAGS = -no-undefined -version-info 81:0:81
 if HAVE_VERSIONING
   libpam_misc_la_LDFLAGS += -Wl,--version-script=libpam_misc.map
 endif
diff --git a/libpamc/Makefile.am b/libpamc/Makefile.am
index 0bfd5f6b..5f33ecbf 100644
--- a/libpamc/Makefile.am
+++ b/libpamc/Makefile.am
@@ -14,7 +14,7 @@ noinst_HEADERS = libpamc.h
 
 AM_CFLAGS=-I$(top_srcdir)/libpam/include -I$(srcdir)/include
 
-libpamc_la_LDFLAGS = -version-info 1:0:0
+libpamc_la_LDFLAGS = -no-undefined -version-info 81:0:81
 if HAVE_VERSIONING
   libpamc_la_LDFLAGS += -Wl,--version-script=libpamc.map
 endif
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index d21ad16a..10ff8969 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -61,6 +61,7 @@ static const char *limits_def_names[] = {
 };
 
 struct user_limits_struct {
+    int supported;
     int src_soft;
     int src_hard;
     struct rlimit limit;
@@ -73,7 +74,6 @@ struct pam_limit_s {
     int flag_numsyslogins; /* whether to limit logins only for a
 			      specific user or to count all logins */
     int priority;	 /* the priority to run user process with */
-    int supported[RLIM_NLIMITS];
     struct user_limits_struct limits[RLIM_NLIMITS];
     char conf_file[BUFSIZ];
     int utmp_after_pam_call;
@@ -229,13 +229,12 @@ static int init_limits(struct pam_limit_s *pl)
     for(i = 0; i < RLIM_NLIMITS; i++) {
 	int r = getrlimit(i, &pl->limits[i].limit);
 	if (r == -1) {
-	    if (errno == EINVAL) {
-		pl->supported[i] = 0;
-	    } else {
+	    pl->limits[i].supported = 0;
+	    if (errno != EINVAL) {
 		retval = !PAM_SUCCESS;
 	    }
 	} else {
-	    pl->supported[i] = 1;
+	    pl->limits[i].supported = 1;
 	    pl->limits[i].src_soft = LIMITS_DEF_NONE;
 	    pl->limits[i].src_hard = LIMITS_DEF_NONE;
 	}
@@ -570,12 +569,17 @@ static int setup_limits(pam_handle_t *pamh,
     }
 
     for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) {
-        if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
-            pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
-	if (!pl->supported[i]) {
+	if (!pl->limits[i].supported) {
 	    /* skip it if its not known to the system */
 	    continue;
 	}
+	if (pl->limits[i].src_soft == LIMITS_DEF_NONE &&
+	    pl->limits[i].src_hard == LIMITS_DEF_NONE) {
+	    /* skip it if its not initialized */
+	    continue;
+	}
+        if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max)
+            pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max;
 	status |= setrlimit(i, &pl->limits[i].limit);
     }
 
@@ -634,7 +638,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
     retval = init_limits(&pl);
     if (retval != PAM_SUCCESS) {
         _pam_log(LOG_WARNING, "cannot initialize");
-        return PAM_IGNORE;
+        return PAM_ABORT;
     }
 
     retval = parse_config_file(pamh, pwd->pw_name, ctrl, &pl);
@@ -644,7 +648,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
     }
     if (retval != PAM_SUCCESS) {
         _pam_log(LOG_WARNING, "error parsing the configuration file");
-        return PAM_IGNORE;
+        return retval;
     }
 
     if (ctrl & PAM_DO_SETREUID) {
diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
index 291d76d9..5cea38bf 100644
--- a/modules/pam_motd/pam_motd.c
+++ b/modules/pam_motd/pam_motd.c
@@ -47,23 +47,17 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED,
 static char default_motd[] = DEFAULT_MOTD;
 
 PAM_EXTERN
-int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
-                   const char **argv)
+int pam_sm_open_session(pam_handle_t *pamh, int flags,
+			int argc, const char **argv)
 {
-     int retval = PAM_IGNORE;
-     int fd;
-     char *mtmp=NULL;
-     char *motd_path=NULL;
-     const void *void_conv;
-     const struct pam_conv *conversation;
-     struct pam_message message;
-     struct pam_message *pmessage = &message;
-     struct pam_response *resp = NULL;
-     struct stat st;
-
-     if (flags & PAM_SILENT) {
+    int retval = PAM_IGNORE;
+    int fd;
+    char *motd_path = NULL;
+    char *mtmp = NULL;
+
+    if (flags & PAM_SILENT) {
 	return retval;
-     }
+    }
 
     for (; argc-- > 0; ++argv) {
         if (!strncmp(*argv,"motd=",5)) {
@@ -75,49 +69,55 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc,
                 D(("failed to duplicate motd path - ignored"));
             }
 	}
-     }
+    }
 
-     if (motd_path == NULL)
+    if (motd_path == NULL)
 	motd_path = default_motd;
 
-     message.msg_style = PAM_TEXT_INFO;
-
-     if ((fd = open(motd_path, O_RDONLY, 0)) >= 0) {
-       if (motd_path != default_motd)
-         free(motd_path);
-       /* fill in message buffer with contents of motd */
-       if ((fstat(fd, &st) < 0) || !st.st_size) {
-         close(fd);
-         return retval;
-       }
-       message.msg = mtmp = malloc(st.st_size+1);
-       /* if malloc failed... */
-       if (!message.msg) {
-           close(fd);
-           return retval;
-       }
-       if (_pammodutil_read(fd, mtmp, st.st_size) == st.st_size) {
-	   if (mtmp[st.st_size-1] == '\n')
-		mtmp[st.st_size-1] = '\0';
-	   else
-		mtmp[st.st_size] = '\0';
-	   close(fd);
-
- 	   /* Use conversation function to give user contents of motd */
-	   if (pam_get_item(pamh, PAM_CONV, &void_conv) ==
-	               PAM_SUCCESS && void_conv) {
-	       conversation = void_conv;
-	       conversation->conv(1, (const struct pam_message **)&pmessage,
-	            &resp, conversation->appdata_ptr);
-	       if (resp)
-	           _pam_drop_reply(resp, 1);
-           }
-       }
-       free(mtmp);
-     } else {
-       if (motd_path != default_motd)
-         free(motd_path);
-     }
+    while ((fd = open(motd_path, O_RDONLY, 0)) >= 0) {
+	const void *void_conv = NULL;
+	struct pam_message message;
+	struct pam_message *pmessage = &message;
+	struct pam_response *resp = NULL;
+	struct stat st;
+
+	/* fill in message buffer with contents of motd */
+	if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000)
+	    break;
+
+	if (!(message.msg = mtmp = malloc(st.st_size+1)))
+	    break;
+
+	if (_pammodutil_read(fd, mtmp, st.st_size) != st.st_size)
+	    break;
+
+	if (mtmp[st.st_size-1] == '\n')
+	    mtmp[st.st_size-1] = '\0';
+	else
+	    mtmp[st.st_size] = '\0';
+
+	message.msg_style = PAM_TEXT_INFO;
+
+	/* Use conversation function to give user contents of motd */
+	if (pam_get_item(pamh, PAM_CONV, &void_conv) == PAM_SUCCESS
+	    && void_conv) {
+	    const struct pam_conv *conversation = void_conv;
+	    conversation->conv(1, (const struct pam_message **)&pmessage,
+			       &resp, conversation->appdata_ptr);
+	    if (resp)
+		_pam_drop_reply(resp, 1);
+	}
+
+	break;
+    }
+
+    free(mtmp);
+
+    if (fd >= 0)
+	close(fd);
+
+    if (motd_path != default_motd)
+	free(motd_path);
 
      return retval;
 }
diff --git a/po/de.po b/po/de.po
index 32d70474..6ddd88e6 100644
--- a/po/de.po
+++ b/po/de.po
@@ -258,7 +258,7 @@ msgstr "Kommunikationsfehler"
 
 #: libpam/pam_strerror.c:57
 msgid "Authentication token manipulation error"
-msgstr "Fehler aufgrund von Manipulationen am Authentifizierungs-Token"
+msgstr "Fehler beim Ändern des Authentifizierungs-Token"
 
 #: libpam/pam_strerror.c:59
 msgid "Authentication information cannot be recovered"
-- 
cgit v1.2.3