From: "Mike Gilbert" <floppym@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/
Date: Wed, 8 Sep 2021 18:29:54 +0000 (UTC) [thread overview]
Message-ID: <1631125765.bf8a15acdb09aef0eedfaeb743e1ae566120e0b7.floppym@gentoo> (raw)
commit: bf8a15acdb09aef0eedfaeb743e1ae566120e0b7
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 8 18:28:49 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Sep 8 18:29:25 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf8a15ac
sys-apps/systemd: backport fix for pam_systemd_home
Closes: https://bugs.gentoo.org/811093
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../systemd/files/249-home-secret-assert.patch | 106 +++++++++++++++++++++
sys-apps/systemd/systemd-249.4-r2.ebuild | 1 +
2 files changed, 107 insertions(+)
diff --git a/sys-apps/systemd/files/249-home-secret-assert.patch b/sys-apps/systemd/files/249-home-secret-assert.patch
new file mode 100644
index 00000000000..e6e2a8e7cc7
--- /dev/null
+++ b/sys-apps/systemd/files/249-home-secret-assert.patch
@@ -0,0 +1,106 @@
+From 6a09dbb89507449d158af6c7097d2c51ce83205f Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 5 Sep 2021 11:16:26 +0900
+Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error
+ may be null
+
+When RefHome() bus method is called in acquire_home(), secret is NULL.
+
+Fixes #20639.
+---
+ src/home/pam_systemd_home.c | 19 ++++++++++++++++++-
+ 1 file changed, 18 insertions(+), 1 deletion(-)
+
+diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c
+index 836ed0d5e96d..a04d50208a8e 100644
+--- a/src/home/pam_systemd_home.c
++++ b/src/home/pam_systemd_home.c
+@@ -281,7 +281,6 @@ static int handle_generic_user_record_error(
+ const sd_bus_error *error) {
+
+ assert(user_name);
+- assert(secret);
+ assert(error);
+
+ int r;
+@@ -301,6 +300,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ /* This didn't work? Ask for an (additional?) password */
+
+ if (strv_isempty(secret->password))
+@@ -326,6 +327,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ if (strv_isempty(secret->password)) {
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: ");
+@@ -350,6 +353,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: ");
+ if (r != PAM_SUCCESS)
+ return PAM_CONV_ERR; /* no logging here */
+@@ -367,6 +372,8 @@ static int handle_generic_user_record_error(
+
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) {
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name);
+
+ r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true);
+@@ -377,6 +384,8 @@ static int handle_generic_user_record_error(
+
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) {
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name);
+
+ r = user_record_set_fido2_user_presence_permitted(secret, true);
+@@ -387,6 +396,8 @@ static int handle_generic_user_record_error(
+
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) {
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name);
+
+ r = user_record_set_fido2_user_verification_permitted(secret, true);
+@@ -403,6 +414,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+ if (r != PAM_SUCCESS)
+@@ -422,6 +435,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+ if (r != PAM_SUCCESS)
+@@ -441,6 +456,8 @@ static int handle_generic_user_record_error(
+ } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) {
+ _cleanup_(erase_and_freep) char *newp = NULL;
+
++ assert(secret);
++
+ (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name);
+ r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: ");
+ if (r != PAM_SUCCESS)
diff --git a/sys-apps/systemd/systemd-249.4-r2.ebuild b/sys-apps/systemd/systemd-249.4-r2.ebuild
index 95d20177016..dd5462b694d 100644
--- a/sys-apps/systemd/systemd-249.4-r2.ebuild
+++ b/sys-apps/systemd/systemd-249.4-r2.ebuild
@@ -226,6 +226,7 @@ src_prepare() {
# Add local patches here
PATCHES+=(
"${FILESDIR}/249-libudev-static.patch"
+ "${FILESDIR}/249-home-secret-assert.patch"
"${FILESDIR}/249-fido2.patch"
)
next reply other threads:[~2021-09-08 18:29 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-08 18:29 Mike Gilbert [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-05-28 0:51 [gentoo-commits] repo/gentoo:master commit in: sys-apps/systemd/, sys-apps/systemd/files/ Sam James
2024-05-05 15:43 Sam James
2024-04-18 4:20 Mike Gilbert
2024-03-04 2:51 Sam James
2024-02-24 15:51 Mike Gilbert
2023-12-24 11:58 Sam James
2023-12-12 2:50 Sam James
2023-08-17 1:08 Mike Gilbert
2023-08-05 23:07 Sam James
2023-08-02 21:14 Sam James
2023-07-27 22:55 Sam James
2023-02-26 19:27 Mike Gilbert
2022-11-07 16:15 Mike Gilbert
2022-10-19 18:13 Mike Gilbert
2022-05-21 22:23 Mike Gilbert
2022-03-25 4:56 Sam James
2021-12-25 18:20 Mike Gilbert
2021-12-09 19:40 Mike Gilbert
2021-11-14 23:53 Mike Gilbert
2021-11-07 5:27 Georgy Yakovlev
2021-09-14 23:47 Mike Gilbert
2021-09-08 18:29 Mike Gilbert
2021-07-08 20:23 Mike Gilbert
2021-06-20 17:18 Mike Gilbert
2021-05-19 19:37 Mike Gilbert
2020-11-08 17:51 Mike Gilbert
2020-05-21 0:13 Mike Gilbert
2020-04-27 14:41 Mike Gilbert
2020-04-17 16:36 Mike Gilbert
2020-02-06 15:24 Mike Gilbert
2020-02-05 18:24 Mike Gilbert
2019-11-17 19:56 Mike Gilbert
2019-08-11 16:28 Mike Gilbert
2019-07-10 18:21 Mike Gilbert
2019-07-10 15:37 Mike Gilbert
2019-07-08 15:47 Mike Gilbert
2019-06-08 20:44 Mike Gilbert
2019-02-18 23:32 Mike Gilbert
2018-12-26 4:02 Mike Gilbert
2018-05-24 20:33 Mike Gilbert
2018-04-18 16:50 Mike Gilbert
2018-04-05 20:12 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-04-01 16:31 Mike Gilbert
2018-03-26 21:17 Mike Gilbert
2018-03-10 17:29 Mike Gilbert
2018-02-08 17:17 Jason Donenfeld
2017-12-19 2:01 Mike Gilbert
2017-12-17 19:03 Mike Gilbert
2017-11-19 20:09 Mike Gilbert
2017-10-26 21:37 Mike Gilbert
2017-10-08 14:40 Mike Gilbert
2017-08-13 23:08 Mike Gilbert
2017-07-17 15:28 Mike Gilbert
2017-07-02 15:56 Mike Gilbert
2017-06-28 20:31 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2017-01-10 22:22 Mike Gilbert
2016-11-04 1:06 Mike Gilbert
2016-10-30 3:52 Mike Gilbert
2016-04-10 1:05 Mike Gilbert
2015-09-26 1:53 Mike Gilbert
2015-09-25 14:52 Mike Gilbert
2015-08-22 17:16 Mike Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1631125765.bf8a15acdb09aef0eedfaeb743e1ae566120e0b7.floppym@gentoo \
--to=floppym@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox