[Pkg-shadow-devel] Bug#287108: marked as done (different 'login'/'su -' behaviour regarding pam_env.so)

Debian Bug Tracking System owner at bugs.debian.org
Mon Sep 26 18:48:11 UTC 2005 

Your message dated Mon, 26 Sep 2005 20:39:15 +0200
with message-id <20050926183915.GF25812 at djedefre.onera>
and subject line Closing bugs formerly fixed in experimental and now fixed in unstable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 24 Dec 2004 14:42:03 +0000
>From arg at online.com.ua Fri Dec 24 06:42:03 2004
Return-path: <arg at online.com.ua>
Received: from cluster2.uol.ua (cluster1.uol.ua) [195.123.61.210] (root)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Chqdm-0000SS-00; Fri, 24 Dec 2004 06:42:03 -0800
Received: from [194.242.119.105] (account arg at online.com.ua HELO localhost)
  by cluster1.uol.ua ( Ukraine Online SMTP 4.2.2)
  with ESMTP-TLS id 10974208; Fri, 24 Dec 2004 16:52:41 +0200
Date: Fri, 24 Dec 2004 16:41:37 +0200
From: Alexander Gatin <arg at online.com.ua>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: different 'login'/'su -' behaviour regarding pam_env.so
Message-ID: <20041224144137.GA31983 at cherokee.kiev.ua>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="2oS5YaxWCcQjTEyO"
Content-Disposition: inline
X-Reportbug-Version: 3.2
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Package: login
Version: 1:4.0.3-30.4
Severity: important
Tags: patch


Hello!

I have noticed (a long time ago, BTW) that login and
"su -" exhibit diffrent behavior when using pam_env.so
("auth required pam_env.so" line in /etc/pam.d/login
and /etc/pam.d/su).

AFAIK, pam_env.so is used in Debian by default to set
LANG env for login sessions. Also pam_env.so is enabled
by default (?) in /etc/pam.d/login and there's no such
line in /etc/pam.d/su. Anyway, I enabled it in
/etc/pam.d/su to get similar behavior but without
success. I straced su, examined what env is passed to
shell and read su.c/login.c source code ('bout this
later).

First of all, why do I think it's better for 'su -' to
use pam_env? Because, from man su:
> OPTIONS
>        -      make this a login shell
and I think this means that su in "-" should mimic
'login' as close as possible.

Main problem that I had due to the inconsistent
behaviour, is loss of locale (LANG) after 'su -'
switch. I have "LANG=en_GB.UTF-8" in /etc/environment
(this is default Debian's way, isn't it?) and despite
using pam_env, this was lost after 'su -', contrary to
usual root login, when locale is correctly set. I was
forced to add
> [ "x$LANG" = "x" ] && export LANG="en_GB.UTF-8"
line in /etc/profile as workaround. I think it's a way
too ugly.

So, what have I found in login.c so different from
su.c?
It's a call to pam_getenvlist() and explicit addenv()
for all extracted from there variables.

Bear in mind, please, that I'm new to pam programming,
but I spent half a week studying source and tested su
with my patch applied.

I have one more question -- do you have smth. like
pam_xauth in RedHat, that deals with Xauthority accross
su, for example?


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (501, 'testing'), (500, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.4.27-debsec
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages login depends on:
ii  libc6                       2.3.2.ds1-18 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l

-- no debconf information

--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="su-login-pam_env.patch"

--- shadow-4.0.3/src/su.c.rjf	2004-12-21 01:55:24.000000000 +0200
+++ shadow-4.0.3/src/su.c	2004-12-24 15:32:09.000000000 +0200
@@ -729,6 +729,19 @@
 		pam_end(pamh, ret);
 		exit(1);
 	}
+	/* We should pass environment from pam_env.so to shell when mimicing
+	 * login (su -) and not preserving original environment. */
+	if (fakelogin && (change_environment ||
+			restricted_shell(pwent.pw_shell))) {
+		const char *const *env;
+
+		env = (const char *const *) pam_getenvlist (pamh);
+		while (env && *env) {
+			addenv (*env, NULL);
+			env++;
+		}
+	}
+
 	/* We must fork before setuid() because we need to call
 	 * pam_close_session() as root.
 	 */

--2oS5YaxWCcQjTEyO--

---------------------------------------
Received: (at 202840-done) by bugs.debian.org; 26 Sep 2005 18:39:49 +0000
>From bubulle at kheops.frmug.org Mon Sep 26 11:39:49 2005
Return-path: <bubulle at kheops.frmug.org>
Received: from perrier.eu.org (kheops.perrier.eu.org) [81.56.227.253] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1EJxtF-0005Ko-00; Mon, 26 Sep 2005 11:39:49 -0700
Received: from localhost (localhost [127.0.0.1])
	by kheops.perrier.eu.org (Postfix) with ESMTP id 008CC4FA08;
	Mon, 26 Sep 2005 20:39:16 +0200 (CEST)
Received: from kheops.perrier.eu.org ([127.0.0.1])
	by localhost (kheops [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 17928-04; Mon, 26 Sep 2005 20:39:16 +0200 (CEST)
Received: from mykerinos.kheops.frmug.org (mykerinos.kheops.frmug.org [192.168.1.3])
	by kheops.perrier.eu.org (Postfix) with ESMTP id 0F0CE4FA06;
	Mon, 26 Sep 2005 20:39:16 +0200 (CEST)
Received: by mykerinos.kheops.frmug.org (Postfix, from userid 1000)
	id D92F940A90B; Mon, 26 Sep 2005 20:39:15 +0200 (CEST)
Date: Mon, 26 Sep 2005 20:39:15 +0200
From: Christian Perrier <bubulle at kheops.frmug.org>
To: 325910-done at bugs.debian.org, 321761-done at bugs.debian.org,
	155279-done at bugs.debian.org, 202840-done at bugs.debian.org,
	287108-done at bugs.debian.org, 321384-done at bugs.debian.org,
	91733-done at bugs.debian.org, 95213-done at bugs.debian.org,
	260636-done at bugs.debian.org, 320229-done at bugs.debian.org,
	323575-done at bugs.debian.org, 323756-done at bugs.debian.org
Subject: Closing bugs formerly fixed in experimental and now fixed in unstable
Message-ID: <20050926183915.GF25812 at djedefre.onera>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at kheops.frmug.org
Delivered-To: 202840-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2

Version: 4.0.12-2

All these bugs were already fixed in experimental and should now be
closed with the last upload of 4.0.12-2 in unstable.

--

More information about the Pkg-shadow-devel mailing list