diff --git a/.PyPAM.metadata b/.PyPAM.metadata new file mode 100644 index 0000000..cf78c3c --- /dev/null +++ b/.PyPAM.metadata @@ -0,0 +1 @@ +fac6c2958fffc38454b1104d2d0f1f28563eff42 SOURCES/PyPAM-0.5.0.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..52f0d00 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/PyPAM-0.5.0.tar.gz diff --git a/SOURCES/PyPAM-0.5.0-dealloc.patch b/SOURCES/PyPAM-0.5.0-dealloc.patch new file mode 100644 index 0000000..b73dd0b --- /dev/null +++ b/SOURCES/PyPAM-0.5.0-dealloc.patch @@ -0,0 +1,17 @@ +diff -up PyPAM-0.5.0/PAMmodule.c.dealloc PyPAM-0.5.0/PAMmodule.c +--- PyPAM-0.5.0/PAMmodule.c.dealloc 2011-01-17 22:48:22.000000000 +0100 ++++ PyPAM-0.5.0/PAMmodule.c 2011-01-18 21:24:59.000000000 +0100 +@@ -538,10 +538,11 @@ static void PyPAM_dealloc(PyPAMObject *s + free(self->service); + free(self->user); + free(self->conv); +- pam_end(self->pamh, PAM_SUCCESS); ++ if (self->pamh) ++ pam_end(self->pamh, PAM_SUCCESS); + dlclose(self->dlh2); + dlclose(self->dlh1); +- PyMem_DEL(self); ++ PyObject_Del(self); + } + + static PyObject * PyPAM_getattr(PyPAMObject *self, char *name) diff --git a/SOURCES/PyPAM-0.5.0-memory-errors.patch b/SOURCES/PyPAM-0.5.0-memory-errors.patch new file mode 100644 index 0000000..6e0b4c0 --- /dev/null +++ b/SOURCES/PyPAM-0.5.0-memory-errors.patch @@ -0,0 +1,128 @@ +diff -up PyPAM-0.5.0/PAMmodule.c.memory PyPAM-0.5.0/PAMmodule.c +--- PyPAM-0.5.0/PAMmodule.c.memory 2012-05-07 17:22:54.503914026 +0200 ++++ PyPAM-0.5.0/PAMmodule.c 2012-05-07 17:23:15.644381942 +0200 +@@ -37,33 +37,48 @@ static void PyPAM_Err(PyPAMObject *self, + + err_msg = pam_strerror(self->pamh, result); + error = Py_BuildValue("(si)", err_msg, result); +- Py_INCREF(PyPAM_Error); + PyErr_SetObject(PyPAM_Error, error); ++ Py_XDECREF(error); + } + + static int PyPAM_conv(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) + { +- PyObject *args; +- ++ PyObject *args, *msgList, *respList, *item; ++ struct pam_response *response, *spr; + PyPAMObject* self = (PyPAMObject *) appdata_ptr; ++ + if (self->callback == NULL) + return PAM_CONV_ERR; + + Py_INCREF(self); + +- PyObject* msgList = PyList_New(num_msg); +- ++ msgList = PyList_New(num_msg); ++ if (msgList == NULL) { ++ Py_DECREF(self); ++ return PAM_CONV_ERR; ++ } ++ + for (int i = 0; i < num_msg; i++) { +- PyList_SetItem(msgList, i, +- Py_BuildValue("(si)", msg[i]->msg, msg[i]->msg_style)); ++ item = Py_BuildValue("(si)", msg[i]->msg, msg[i]->msg_style); ++ if (item == NULL) { ++ Py_DECREF(msgList); ++ Py_DECREF(self); ++ return PAM_CONV_ERR; ++ } ++ PyList_SetItem(msgList, i, item); + } +- ++ + args = Py_BuildValue("(OO)", self, msgList); +- PyObject* respList = PyEval_CallObject(self->callback, args); ++ if (args == NULL) { ++ Py_DECREF(self); ++ Py_DECREF(msgList); ++ return PAM_CONV_ERR; ++ } ++ respList = PyEval_CallObject(self->callback, args); + Py_DECREF(args); + Py_DECREF(self); +- ++ + if (respList == NULL) + return PAM_CONV_ERR; + +@@ -71,11 +86,15 @@ static int PyPAM_conv(int num_msg, const + Py_DECREF(respList); + return PAM_CONV_ERR; + } +- +- *resp = (struct pam_response *) malloc( ++ ++ response = (struct pam_response *) malloc( + PyList_Size(respList) * sizeof(struct pam_response)); ++ if (response == NULL) { ++ Py_DECREF(respList); ++ return PAM_CONV_ERR; ++ } ++ spr = response; + +- struct pam_response* spr = *resp; + for (int i = 0; i < PyList_Size(respList); i++, spr++) { + PyObject* respTuple = PyList_GetItem(respList, i); + char* resp_text; +@@ -85,7 +104,7 @@ static int PyPAM_conv(int num_msg, const + free((--spr)->resp); + --i; + } +- free(*resp); ++ free(response); + Py_DECREF(respList); + return PAM_CONV_ERR; + } +@@ -95,7 +114,8 @@ static int PyPAM_conv(int num_msg, const + } + + Py_DECREF(respList); +- ++ *resp = response; ++ + return PAM_SUCCESS; + } + +@@ -122,7 +142,11 @@ static PyObject * PyPAM_pam(PyObject *se + PyPAMObject_Type.ob_type = &PyType_Type; + p = (PyPAMObject *) PyObject_NEW(PyPAMObject, &PyPAMObject_Type); + ++ if (p == NULL) ++ return NULL; ++ + if ((spc = (struct pam_conv *) malloc(sizeof(struct pam_conv))) == NULL) { ++ Py_DECREF((PyObject *)p); + PyErr_SetString(PyExc_MemoryError, "out of memory"); + return NULL; + } +@@ -455,9 +479,15 @@ static PyObject * PyPAM_getenvlist(PyObj + } + + retval = PyList_New(0); ++ if (retval == NULL) ++ return NULL; + + while ((cp = *(result++)) != NULL) { + entry = Py_BuildValue("s", cp); ++ if (entry == NULL) { ++ Py_DECREF(retval); ++ return NULL; ++ } + PyList_Append(retval, entry); + Py_DECREF(entry); + } diff --git a/SOURCES/PyPAM-0.5.0-nofree.patch b/SOURCES/PyPAM-0.5.0-nofree.patch new file mode 100644 index 0000000..f27e9d5 --- /dev/null +++ b/SOURCES/PyPAM-0.5.0-nofree.patch @@ -0,0 +1,60 @@ +diff --git a/PAMmodule.c b/PAMmodule.c +index 03cb799..a7ff8a5 100644 +--- a/PAMmodule.c ++++ b/PAMmodule.c +@@ -24,8 +24,6 @@ typedef struct { + char *service; + char *user; + PyObject *callback; +- struct pam_response *response_data; +- int response_len; + PyObject *user_data; + void *dlh1, *dlh2; + } PyPAMObject; +@@ -54,15 +52,6 @@ static int PyPAM_conv(int num_msg, const struct pam_message **msg, + + Py_INCREF(self); + +- if (NULL != self->response_data) { +- for (int i = 0; i < self->response_len; i++) { +- free(self->response_data[0].resp); +- } +- free(self->response_data); +- self->response_data = NULL; +- self->response_len = 0; +- } +- + PyObject* msgList = PyList_New(num_msg); + + for (int i = 0; i < num_msg; i++) { +@@ -92,6 +81,10 @@ static int PyPAM_conv(int num_msg, const struct pam_message **msg, + char* resp_text; + int resp_retcode = 0; + if (!PyArg_ParseTuple(respTuple, "si", &resp_text, &resp_retcode)) { ++ while (i > 0) { ++ free((--spr)->resp); ++ --i; ++ } + free(*resp); + Py_DECREF(respList); + return PAM_CONV_ERR; +@@ -100,10 +93,6 @@ static int PyPAM_conv(int num_msg, const struct pam_message **msg, + spr->resp_retcode = resp_retcode; + Py_DECREF(respTuple); + } +- +- // Save this so we can free it later. +- self->response_data = *resp; +- self->response_len = PyList_Size(respList); + + Py_DECREF(respList); + +@@ -144,8 +133,6 @@ static PyObject * PyPAM_pam(PyObject *self, PyObject *args) + p->user = NULL; + Py_INCREF(Py_None); + p->callback = Py_None; +- p->response_data = NULL; +- p->response_len = 0; + Py_INCREF(Py_None); + p->user_data = Py_None; + diff --git a/SOURCES/PyPAM-0.5.0-return-value.patch b/SOURCES/PyPAM-0.5.0-return-value.patch new file mode 100644 index 0000000..6e771e9 --- /dev/null +++ b/SOURCES/PyPAM-0.5.0-return-value.patch @@ -0,0 +1,57 @@ +diff -up PyPAM-0.5.0/PAMmodule.c.retval PyPAM-0.5.0/PAMmodule.c +--- PyPAM-0.5.0/PAMmodule.c.retval 2012-05-04 21:47:51.000000000 +0200 ++++ PyPAM-0.5.0/PAMmodule.c 2012-05-07 09:42:27.690963206 +0200 +@@ -248,7 +248,7 @@ static PyObject * PyPAM_setcred(PyObject + result = pam_setcred(_self->pamh, flags); + + if (result != PAM_SUCCESS) { +- PyErr_SetString(PyPAM_Error, "Not authenticated"); ++ PyPAM_Err(_self, result); + return NULL; + } + +@@ -270,7 +270,7 @@ static PyObject * PyPAM_acct_mgmt(PyObje + result = pam_acct_mgmt(_self->pamh, flags); + + if (result != PAM_SUCCESS) { +- PyErr_SetString(PyPAM_Error, "Not authenticated"); ++ PyPAM_Err(_self, result); + return NULL; + } + +@@ -292,7 +292,7 @@ static PyObject * PyPAM_chauthtok(PyObje + result = pam_chauthtok(_self->pamh, flags); + + if (result != PAM_SUCCESS) { +- PyErr_SetString(PyPAM_Error, "Not authenticated"); ++ PyPAM_Err(_self, result); + return NULL; + } + +@@ -314,7 +314,7 @@ static PyObject * PyPAM_open_session(PyO + result = pam_open_session(_self->pamh, flags); + + if (result != PAM_SUCCESS) { +- PyErr_SetString(PyPAM_Error, "Not authenticated"); ++ PyPAM_Err(_self, result); + return NULL; + } + +@@ -336,7 +336,7 @@ static PyObject * PyPAM_close_session(Py + result = pam_close_session(_self->pamh, flags); + + if (result != PAM_SUCCESS) { +- PyErr_SetString(PyPAM_Error, "Not authenticated"); ++ PyPAM_Err(_self, result); + return NULL; + } + +@@ -433,7 +433,7 @@ static PyObject * PyPAM_putenv(PyObject + result = pam_putenv(_self->pamh, val); + + if (result != PAM_SUCCESS) { +- PyErr_SetString(PyPAM_Error, "Not authenticated"); ++ PyPAM_Err(_self, result); + return NULL; + } + diff --git a/SOURCES/PyPAM-dlopen.patch b/SOURCES/PyPAM-dlopen.patch new file mode 100644 index 0000000..8cdf93a --- /dev/null +++ b/SOURCES/PyPAM-dlopen.patch @@ -0,0 +1,15 @@ +diff --git a/PAMmodule.c.orig b/PAMmodule.c +index f6730f1..7276415 100644 +--- a/PAMmodule.c.orig ++++ b/PAMmodule.c +@@ -149,8 +149,8 @@ static PyObject * PyPAM_pam(PyObject *self, PyObject *args) + Py_INCREF(Py_None); + p->user_data = Py_None; + +- p->dlh1 = dlopen("libpam.so", RTLD_LAZY | RTLD_GLOBAL); +- p->dlh2 = dlopen("libpam_misc.so", RTLD_LAZY | RTLD_GLOBAL); ++ p->dlh1 = dlopen("libpam.so.0", RTLD_LAZY | RTLD_GLOBAL); ++ p->dlh2 = dlopen("libpam_misc.so.0", RTLD_LAZY | RTLD_GLOBAL); + + return (PyObject *) p; + } diff --git a/SPECS/PyPAM.spec b/SPECS/PyPAM.spec new file mode 100644 index 0000000..fdaf568 --- /dev/null +++ b/SPECS/PyPAM.spec @@ -0,0 +1,136 @@ +%if ! (0%{?fedora} > 12 || 0%{?rhel} > 5) +%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} +%endif + +Summary: PAM bindings for Python +Name: PyPAM +Version: 0.5.0 +Release: 19%{?dist} +# Note that the upstream site is dead. +Source0: http://www.pangalactic.org/PyPAM/%{name}-%{version}.tar.gz +Url: http://www.pangalactic.org/PyPAM +Patch0: PyPAM-dlopen.patch +Patch1: PyPAM-0.5.0-dealloc.patch +Patch2: PyPAM-0.5.0-nofree.patch +Patch3: PyPAM-0.5.0-memory-errors.patch +Patch4: PyPAM-0.5.0-return-value.patch +License: LGPLv2 +Group: Development/Libraries +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: python2-devel pam-devel +Requires: python +%filter_provides_in %{python_sitearch}/PAMmodule.so$ +%filter_setup + +%description +PAM (Pluggable Authentication Module) bindings for Python. + +%prep +%setup -q +%patch0 -p1 -b .dlopen +%patch1 -p1 -b .dealloc +%patch2 -p1 -b .nofree +%patch3 -p1 -b .memory +%patch4 -p1 -b .retval +# remove prebuild rpm and others binaries +rm -rf build dist + +%build +CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %{__python} setup.py build + +%install +rm -rf $RPM_BUILD_ROOT +%{__python} setup.py install --root=$RPM_BUILD_ROOT +# Make sure we don't include binary files in the docs +chmod 644 examples/pamtest.py +rm -f examples/pamexample + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-, root, root, -) +%{python_sitearch}/PAMmodule.so +%{python_sitearch}/*.egg-info +%doc AUTHORS NEWS README ChangeLog COPYING INSTALL +%doc examples + +%changelog +* Tue Jan 28 2014 Daniel Mach - 0.5.0-19 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.5.0-18 +- Mass rebuild 2013-12-27 + +* Wed Feb 13 2013 Fedora Release Engineering - 0.5.0-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jul 18 2012 Fedora Release Engineering - 0.5.0-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon May 7 2012 Tomáš Mráz - 0.5.0-15 +- fix one more memory leak + +* Mon May 7 2012 Tomáš Mráz - 0.5.0-14 +- always return the error code in exceptions (#819244) + +* Fri May 4 2012 Tomáš Mráz - 0.5.0-13 +- fix memory manipulation errors (leaks, doublefree CVE-2012-1502) + +* Thu Jan 12 2012 Fedora Release Engineering - 0.5.0-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Feb 23 2011 Miroslav Suchý 0.5.0-10 +- 679714 - deallocate the conversation response only in case of error + +* Mon Feb 07 2011 Fedora Release Engineering - 0.5.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 19 2011 Miroslav Suchý 0.5.0-9 +- 658955 - fix two bugs in the PAM object deallocation +- add -fno-strict-aliasing to CFLAGS + +* Thu Aug 05 2010 Miroslav Suchý 0.5.0-7 +- 612998 - PyPAM do not work with python3 (msuchy@redhat.com) + +* Thu Aug 05 2010 Miroslav Suchý 0.5.0-6 +- 612998 - fix condition for BR (msuchy@redhat.com) + +* Thu Aug 05 2010 Miroslav Suchý 0.5.0-5 +- 612998 - return back BR for python + +* Thu Aug 05 2010 Miroslav Suchý 0.5.0-4 +- 612998 - remove binaries. Just in case +- 612998 - filter provide PAMmodule.so()(64bit) +- 612998 - do not use INSTALLED_FILES feature, and enumerate files manualy +- 612998 - use %%{__python} in %%build section +- 612998 - fix buildrequires for PyPAM +- 612998 - add macros for rhel5 + +* Fri Jul 09 2010 Miroslav Suchý 0.5.0-3 +- rebuild + +* Fri Jul 09 2010 Miroslav Suchý 0.5.0-2 +- rebase PyPAM-dlopen.patch to latest source + +* Fri Jul 09 2010 Miroslav Suchý 0.5.0-1 +- rebase to PyPAM 0.5.0 + +* Fri Mar 06 2009 Devan Goodwin 0.4.2-26 +- Fix bad patch whitespace. + +* Fri Feb 27 2009 Dennis Gilmore 0.4.2-25 +- rebuild to pick up ppc ppc64 ia64 arches + +* Fri Feb 27 2009 Devan Goodwin 0.4.2-23 +- Rebuild for new rel-eng tools. + +* Fri May 16 2008 Michael Mraka 0.4.2-20 +- fixed file ownership + +* Tue Jun 22 2004 Mihai Ibanescu 0.4.2-5 +- Rebuilt + +* Fri Jul 11 2003 Mihai Ibanescu +- Adapted the original rpm to build with python 2.2