Bug#385068: add some pam features

To: submit@bugs.debian.org
Subject: Bug#385068: add some pam features
From: General Stone <generalstone@gmx.net>
Date: Mon, 28 Aug 2006 22:28:30 +0200
Message-id: <[🔎] 44F351EE.6080000@gmx.net>
Reply-to: generalstone@gmx.net, 385068@bugs.debian.org

Package: cupsys
Version: 1.2.2-1
Severity: wishlist
Tags: patch

Please add these pam features:

1) pam_set_item(pamh, PAM_TTY, "cups")
   -----------------------------------
   Need by some pam-modules which need the 'tty' variable, like
   pam_group, pam_access, pam_time, etc.

2) pam_set_item(pamh, PAM_RHOST, con->http.hostname)
   -------------------------------------------------
   Usefull for some pam-modules like pam_access, etc and for the logs,
   which are created by pam.

3) pam_setcred(pamh, PAM_ESTABLISH_CRED|PAM_SILENT)
   ------------------------------------------------
   Need by some pam-modules like pam_tally, pam_group, etc.


The patch is in the attachment and for the original tarball.

Thanks.

- Markus Nass

-- 
Key fingerprint = DC3C 257C 2B71 8FA4 F609  F7F7 7C14 F806 5665 77FD

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Was nicht fliegen kann, kann auch nicht abstürzen.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

diff -urN old/cups-1.2.2/scheduler/auth.c new/cups-1.2.2/scheduler/auth.c
--- old/cups-1.2.2/scheduler/auth.c	2006-06-07 22:58:29.000000000 +0200
+++ new/cups-1.2.2/scheduler/auth.c	2006-08-28 21:28:59.000000000 +0200
@@ -510,6 +510,28 @@
 	      return;
 	    }
 
+	    pamerr = pam_set_item(pamh, PAM_TTY, "cups");
+	    if (pamerr != PAM_SUCCESS)
+	    {
+	      cupsdLogMessage(CUPSD_LOG_ERROR,
+	                      "cupsdAuthorize: pam_set_item() returned %d "
+			      "(%s)!\n",
+        	              pamerr, pam_strerror(pamh, pamerr));
+	      pam_end(pamh, 0);
+	      return;
+	    }
+
+	    pamerr = pam_set_item(pamh, PAM_RHOST, con->http.hostname);
+	    if (pamerr != PAM_SUCCESS)
+	    {
+	      cupsdLogMessage(CUPSD_LOG_ERROR,
+	                      "cupsdAuthorize: pam_set_item() returned %d "
+			      "(%s)!\n",
+        	              pamerr, pam_strerror(pamh, pamerr));
+	      pam_end(pamh, 0);
+	      return;
+	    }
+
 	    pamerr = pam_authenticate(pamh, PAM_SILENT);
 	    if (pamerr != PAM_SUCCESS)
 	    {
@@ -532,6 +554,17 @@
 	      return;
 	    }
 
+	    pamerr = pam_setcred(pamh, PAM_ESTABLISH_CRED|PAM_SILENT);
+	    if (pamerr != PAM_SUCCESS)
+	    {
+	      cupsdLogMessage(CUPSD_LOG_ERROR,
+	                      "cupsdAuthorize: pam_setcred() returned %d "
+			      "(%s)!\n",
+        	              pamerr, pam_strerror(pamh, pamerr));
+	      pam_end(pamh, 0);
+	      return;
+	    }
+
 	    pam_end(pamh, PAM_SUCCESS);
 
 #elif defined(HAVE_USERSEC_H)

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Bug#385068: add some pam features
  - From: Roger Leigh <rleigh@whinlatter.ukfsn.org>

Prev by Date: gutenprint 5.0.0-1 MIGRATED to testing
Next by Date: gs-esp 8.15.2.dfsg.1-2 MIGRATED to testing
Previous by thread: gutenprint 5.0.0-1 MIGRATED to testing
Next by thread: Bug#385068: add some pam features
Index(es):
- Date
- Thread