1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
--- vixie-cron-3.0.1.orig/Makefile Thu May 30 19:47:00 2002
+++ vixie-cron-3.0.1/Makefile Thu May 30 20:54:46 2002
@@ -55,7 +55,7 @@
INCLUDE = -I.
#INCLUDE =
#<<need getopt()>>
-LIBS =
+LIBS = -lpam
#<<optimize or debug?>>
OPTIM = $(RPM_OPT_FLAGS)
#OPTIM = -g
--- vixie-cron-3.0.1.orig/do_command.c Thu May 30 19:47:00 2002
+++ vixie-cron-3.0.1/do_command.c Thu May 30 20:55:50 2002
@@ -25,6 +25,18 @@
#include "cron.h"
+#include <security/pam_appl.h>
+static pam_handle_t *pamh = NULL;
+static const struct pam_conv conv = {
+ NULL
+};
+#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ pam_end(pamh, retcode); exit(1); \
+ }
+
+
static void child_process(entry *, user *);
static int safe_p(const char *, const char *);
@@ -65,6 +77,7 @@
int stdin_pipe[2], stdout_pipe[2];
char *input_data, *usernm, *mailto;
int children = 0;
+ int retcode = 0;
Debug(DPROC, ("[%ld] child_process('%s')\n", (long)getpid(), e->cmd))
@@ -134,6 +147,16 @@
*p = '\0';
}
+
+ retcode = pam_start("cron", usernm, &conv, &pamh);
+ PAM_FAIL_CHECK;
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_open_session(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+ PAM_FAIL_CHECK;
+
/* fork again, this time so we can exec the user's command.
*/
switch (vfork()) {
@@ -507,6 +530,9 @@
Debug(DPROC, (", dumped core"))
Debug(DPROC, ("\n"))
}
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+ retcode = pam_close_session(pamh, PAM_SILENT);
+ pam_end(pamh, retcode);
}
static int
|