- rel 10

- add patch to fix su/audit problems,
	http://lists.freedesktop.org/archives/systemd-devel/2012-March/004726.html

Changed files:
    ReleaseSession.patch -> 1.1
    systemd.spec -> 1.145

diff --git a/ReleaseSession.patch b/ReleaseSession.patch
new file mode 100644 (file)
index 0000000..d91a421
--- /dev/null
+++ b/ReleaseSession.patch
@@ -0,0 +1,151 @@
+From 75c8e3cffd7da8eede614cf61384957af2c82a29 Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Thu, 22 Mar 2012 01:06:40 +0000
+Subject: logind: close FIFO before ending sessions cleanly
+
+For clean session endings ask logind explicitly to get rid of the FIFO
+before closing it so that the FIFO logic doesn't result in su/sudo to be
+terminated immediately.
+---
+diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
+index d8f4d89..ea6b89f 100644
+--- a/src/login/logind-dbus.c
++++ b/src/login/logind-dbus.c
+@@ -80,6 +80,9 @@
+         "   <arg name=\"seat\" type=\"s\" direction=\"out\"/>\n"        \
+         "   <arg name=\"vtnr\" type=\"u\" direction=\"out\"/>\n"        \
+         "  </method>\n"                                                 \
++        "  <method name=\"ReleaseSession\">\n"                          \
++        "   <arg name=\"id\" type=\"s\" direction=\"in\"/>\n"           \
++        "  </method>\n"                                                 \
+         "  <method name=\"ActivateSession\">\n"                         \
+         "   <arg name=\"id\" type=\"s\" direction=\"in\"/>\n"           \
+         "  </method>\n"                                                 \
+@@ -1075,6 +1078,33 @@ static DBusHandlerResult manager_message_handler(
+                 if (r < 0)
+                         return bus_send_error_reply(connection, message, &error, r);
+ 
++        } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ReleaseSession")) {
++                const char *name;
++                Session *session;
++
++                if (!dbus_message_get_args(
++                                    message,
++                                    &error,
++                                    DBUS_TYPE_STRING, &name,
++                                    DBUS_TYPE_INVALID))
++                        return bus_send_error_reply(connection, message, &error, -EINVAL);
++
++                session = hashmap_get(m->sessions, name);
++                if (!session)
++                        return bus_send_error_reply(connection, message, &error, -ENOENT);
++
++                /* We use the FIFO to detect stray sessions where the
++                process invoking PAM dies abnormally. We need to make
++                sure that that process is not killed if at the clean
++                end of the session it closes the FIFO. Hence, with
++                this call explicitly turn off the FIFO logic, so that
++                the PAM code can finish clean up on its own */
++                session_remove_fifo(session);
++
++                reply = dbus_message_new_method_return(message);
++                if (!reply)
++                        goto oom;
++
+         } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSession")) {
+                 const char *name;
+                 Session *session;
+diff --git a/src/login/pam-module.c b/src/login/pam-module.c
+index 8544413..4106d2b 100644
+--- a/src/login/pam-module.c
++++ b/src/login/pam-module.c
+@@ -414,7 +414,6 @@ _public_ PAM_EXTERN int pam_sm_open_session(
+                         "/org/freedesktop/login1",
+                         "org.freedesktop.login1.Manager",
+                         "CreateSession");
+-
+         if (!m) {
+                 pam_syslog(handle, LOG_ERR, "Could not allocate create session message.");
+                 r = PAM_BUF_ERR;
+@@ -620,11 +619,77 @@ _public_ PAM_EXTERN int pam_sm_close_session(
+                 int argc, const char **argv) {
+ 
+         const void *p = NULL;
++        const char *id;
++        DBusConnection *bus = NULL;
++        DBusMessage *m = NULL, *reply = NULL;
++        DBusError error;
++        int r;
+ 
+-        pam_get_data(handle, "systemd.session-fd", &p);
++        assert(handle);
++
++        dbus_error_init(&error);
++
++        id = pam_getenv(handle, "XDG_SESSION_ID");
++        if (id) {
++
++                /* Before we go and close the FIFO we need to tell
++                 * logind that this is a clean session shutdown, so
++                 * that it doesn't just go and slaughter us
++                 * immediately after closing the fd */
++
++                bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error);
++                if (!bus) {
++                        pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error));
++                        r = PAM_SESSION_ERR;
++                        goto finish;
++                }
++
++                m = dbus_message_new_method_call(
++                                "org.freedesktop.login1",
++                                "/org/freedesktop/login1",
++                                "org.freedesktop.login1.Manager",
++                                "ReleaseSession");
++                if (!m) {
++                        pam_syslog(handle, LOG_ERR, "Could not allocate release session message.");
++                        r = PAM_BUF_ERR;
++                        goto finish;
++                }
++
++                if (!dbus_message_append_args(m,
++                                              DBUS_TYPE_STRING, &id,
++                                              DBUS_TYPE_INVALID)) {
++                        pam_syslog(handle, LOG_ERR, "Could not attach parameters to message.");
++                        r = PAM_BUF_ERR;
++                        goto finish;
++                }
+ 
++                reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error);
++                if (!reply) {
++                        pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error));
++                        r = PAM_SESSION_ERR;
++                        goto finish;
++                }
++        }
++
++        r = PAM_SUCCESS;
++
++finish:
++        pam_get_data(handle, "systemd.session-fd", &p);
+         if (p)
+                 close_nointr(PTR_TO_INT(p) - 1);
+ 
+-        return PAM_SUCCESS;
++        dbus_error_free(&error);
++
++        if (bus) {
++                dbus_connection_close(bus);
++                dbus_connection_unref(bus);
++        }
++
++        if (m)
++                dbus_message_unref(m);
++
++        if (reply)
++                dbus_message_unref(reply);
++
++        return r;
+ }
+--
+cgit v0.9.0.2-2-gbebe

diff --git a/systemd.spec b/systemd.spec
index 629143e6efdbbe6b4df29e38aa918fb8f2d98e17..4ab2615b4c23a290ae7d7e2c1f53f47d919b6377 100644 (file)
--- a/systemd.spec
+++ b/systemd.spec
@@ -16,7 +16,7 @@ Summary:      A System and Service Manager
 Summary(pl.UTF-8):     systemd - zarządca systemu i usług dla Linuksa
 Name:          systemd
 Version:       44
-Release:       9
+Release:       10
 License:       GPL v2+
 Group:         Base
 Source0:       http://www.freedesktop.org/software/systemd/%{name}-%{version}.tar.xz
@@ -39,6 +39,7 @@ Patch3:               pld-sysv-network.patch
 Patch4:                tmpfiles-not-fatal.patch
 Patch5:                CVE-2012-1174.patch
 Patch6:                dont-trash-X-sessions.patch
+Patch7:                ReleaseSession.patch
 URL:           http://www.freedesktop.org/wiki/Software/systemd
 BuildRequires: acl-devel
 %{?with_audit:BuildRequires:   audit-libs-devel}
@@ -316,6 +317,7 @@ Force update of packages that provide tmpfiles.d configuration
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 cp -p %{SOURCE2} src/systemd_booted.c
 
 %build