1 files changed, 123 insertions, 118 deletions

diff --git a/abs/core/coreutils/coreutils-pam.patch b/abs/core/coreutils/coreutils-pam.patch
index 7171522..e61908f 100644
--- a/abs/core/coreutils/coreutils-pam.patch
+++ b/abs/core/coreutils/coreutils-pam.patch
@@ -1,17 +1,96 @@
---- coreutils-6.7/src/Makefile.am.pam	2006-11-24 21:28:10.000000000 +0000
-+++ coreutils-6.7/src/Makefile.am	2007-01-09 17:00:01.000000000 +0000
-@@ -103,7 +103,7 @@
- # If necessary, add -lm to resolve use of pow in lib/strtod.c.
- uptime_LDADD = $(LDADD) $(POW_LIB) $(GETLOADAVG_LIBS)
+diff -urNp coreutils-8.4-orig/configure.ac coreutils-8.4/configure.ac
+--- coreutils-8.4-orig/configure.ac	2010-01-11 18:20:42.000000000 +0100
++++ coreutils-8.4/configure.ac	2010-02-12 10:17:46.000000000 +0100
+@@ -126,6 +126,13 @@ if test "$gl_gcc_warnings" = yes; then
+   AC_SUBST([GNULIB_WARN_CFLAGS])
+ fi
  
--su_LDADD = $(LDADD) $(LIB_CRYPT)
-+su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
++dnl Give the chance to enable PAM
++AC_ARG_ENABLE(pam, dnl
++[  --enable-pam              Enable use of the PAM libraries],
++[AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
++LIB_PAM="-ldl -lpam -lpam_misc"
++AC_SUBST(LIB_PAM)])
++
+ AC_FUNC_FORK
+ 
+ optional_bin_progs=
+diff -urNp coreutils-8.4-orig/doc/coreutils.texi coreutils-8.4/doc/coreutils.texi
+--- coreutils-8.4-orig/doc/coreutils.texi	2010-01-03 18:06:20.000000000 +0100
++++ coreutils-8.4/doc/coreutils.texi	2010-02-12 10:17:46.000000000 +0100
+@@ -15081,8 +15081,11 @@ to certain shells, etc.).
+ @findex syslog
+ @command{su} can optionally be compiled to use @code{syslog} to report
+ failed, and optionally successful, @command{su} attempts.  (If the system
+-supports @code{syslog}.)  However, GNU @command{su} does not check if the
+-user is a member of the @code{wheel} group; see below.
++supports @code{syslog}.)
++
++This version of @command{su} has support for using PAM for
++authentication.  You can edit @file{/etc/pam.d/su} to customize its
++behaviour.
+ 
+ The program accepts the following options.  Also see @ref{Common options}.
+ 
+@@ -15124,6 +15127,8 @@ environment variables except @env{TERM},
+ @env{PATH} to a compiled-in default value.  Change to @var{user}'s home
+ directory.  Prepend @samp{-} to the shell's name, intended to make it
+ read its login startup file(s).
++Additionaly @env{DISPLAY} and @env{XAUTHORITY} environment variables 
++are preserved as well for PAM functionality.
+ 
+ @item -m
+ @itemx -p
+@@ -15163,33 +15168,6 @@ Exit status:
+ the exit status of the subshell otherwise
+ @end display
+ 
+-@cindex wheel group, not supported
+-@cindex group wheel, not supported
+-@cindex fascism
+-@subsection Why GNU @command{su} does not support the @samp{wheel} group
+-
+-(This section is by Richard Stallman.)
+-
+-@cindex Twenex
+-@cindex MIT AI lab
+-Sometimes a few of the users try to hold total power over all the
+-rest.  For example, in 1984, a few users at the MIT AI lab decided to
+-seize power by changing the operator password on the Twenex system and
+-keeping it secret from everyone else.  (I was able to thwart this coup
+-and give power back to the users by patching the kernel, but I
+-wouldn't know how to do that in Unix.)
+-
+-However, occasionally the rulers do tell someone.  Under the usual
+-@command{su} mechanism, once someone learns the root password who
+-sympathizes with the ordinary users, he or she can tell the rest.  The
+-``wheel group'' feature would make this impossible, and thus cement the
+-power of the rulers.
+-
+-I'm on the side of the masses, not that of the rulers.  If you are
+-used to supporting the bosses and sysadmins in whatever they do, you
+-might find this idea strange at first.
+-
+-
+ @node timeout invocation
+ @section @command{timeout}: Run a command with a time limit
+ 
+diff -urNp coreutils-8.4-orig/src/Makefile.am coreutils-8.4/src/Makefile.am
+--- coreutils-8.4-orig/src/Makefile.am	2010-01-03 18:06:20.000000000 +0100
++++ coreutils-8.4/src/Makefile.am	2010-02-12 10:17:46.000000000 +0100
+@@ -361,7 +361,7 @@ factor_LDADD += $(LIB_GMP)
+ uptime_LDADD += $(GETLOADAVG_LIBS)
+ 
+ # for crypt
+-su_LDADD += $(LIB_CRYPT)
++su_LDADD += $(LIB_CRYPT) @LIB_PAM@
  
- dir_LDADD += $(LIB_ACL)
- ls_LDADD += $(LIB_ACL)
---- coreutils-6.7/src/su.c.pam	2007-01-09 17:00:01.000000000 +0000
-+++ coreutils-6.7/src/su.c	2007-01-09 17:16:43.000000000 +0000
-@@ -38,6 +38,16 @@
+ # for various ACL functions
+ copy_LDADD += $(LIB_ACL)
+diff -urNp coreutils-8.4-orig/src/su.c coreutils-8.4/src/su.c
+--- coreutils-8.4-orig/src/su.c	2010-02-12 10:15:15.000000000 +0100
++++ coreutils-8.4/src/su.c	2010-02-12 10:24:29.000000000 +0100
+@@ -37,6 +37,16 @@
     restricts who can su to UID 0 accounts.  RMS considers that to
     be fascist.
  
@@ -28,9 +107,9 @@
     Compile-time options:
     -DSYSLOG_SUCCESS	Log successful su's (by default, to root) with syslog.
     -DSYSLOG_FAILURE	Log failed su's (by default, to root) with syslog.
-@@ -59,6 +69,15 @@
-    prototype (returning `int') in <unistd.h>.  */
- #define getusershell _getusershell_sys_proto_
+@@ -53,6 +63,15 @@
+ #include <pwd.h>
+ #include <grp.h>
  
 +#ifdef USE_PAM
 +# include <signal.h>
@@ -44,18 +123,13 @@
  #include "system.h"
  #include "getpass.h"
  
-@@ -128,15 +147,22 @@
+@@ -120,10 +139,17 @@
  /* The user to become if none is specified.  */
  #define DEFAULT_USER "root"
  
 +#ifndef USE_PAM
  char *crypt (char const *key, char const *salt);
 +#endif
- char *getusershell (void);
- void endusershell (void);
- void setusershell (void);
- 
- extern char **environ;
  
 -static void run_shell (char const *, char const *, char **, size_t)
 +static void run_shell (char const *, char const *, char **, size_t,
@@ -68,7 +142,7 @@
  
  /* If true, pass the `-f' option to the subshell.  */
  static bool fast_startup;
-@@ -225,7 +251,26 @@
+@@ -209,7 +235,26 @@ log_su (struct passwd const *pw, bool su
  }
  #endif
  
@@ -95,7 +169,7 @@
     Return true if the user gives the correct password for entry PW,
     false if not.  Return true without asking for a password if run by UID 0
     or if PW has an empty password.  */
-@@ -233,6 +278,44 @@
+@@ -217,6 +262,44 @@ log_su (struct passwd const *pw, bool su
  static bool
  correct_password (const struct passwd *pw)
  {
@@ -140,7 +214,7 @@
    char *unencrypted, *encrypted, *correct;
  #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
    /* Shadow passwd stuff for SVR3 and maybe other systems.  */
-@@ -257,6 +340,7 @@
+@@ -241,6 +324,7 @@ correct_password (const struct passwd *p
    encrypted = crypt (unencrypted, correct);
    memset (unencrypted, 0, strlen (unencrypted));
    return STREQ (encrypted, correct);
@@ -148,26 +222,26 @@
  }
  
  /* Update `environ' for the new shell based on PW, with SHELL being
-@@ -270,12 +354,18 @@
+@@ -254,12 +338,18 @@ modify_environment (const struct passwd 
        /* Leave TERM unchanged.  Set HOME, SHELL, USER, LOGNAME, PATH.
           Unset all other environment variables.  */
        char const *term = getenv ("TERM");
 +      char const *display = getenv ("DISPLAY");
 +      char const *xauthority = getenv ("XAUTHORITY");
        if (term)
- 	term = xstrdup (term);
+         term = xstrdup (term);
        environ = xmalloc ((6 + !!term) * sizeof (char *));
        environ[0] = NULL;
        if (term)
- 	xsetenv ("TERM", term);
+         xsetenv ("TERM", term);
 +      if (display)
-+	xsetenv ("DISPLAY", display);
++        xsetenv ("DISPLAY", display);
 +      if (xauthority)
-+	xsetenv ("XAUTHORITY", xauthority);
++        xsetenv ("XAUTHORITY", xauthority);
        xsetenv ("HOME", pw->pw_dir);
        xsetenv ("SHELL", shell);
        xsetenv ("USER", pw->pw_name);
-@@ -308,8 +398,13 @@
+@@ -292,8 +382,13 @@ change_identity (const struct passwd *pw
  {
  #ifdef HAVE_INITGROUPS
    errno = 0;
@@ -177,13 +251,13 @@
 +    pam_close_session(pamh, 0);
 +    pam_end(pamh, PAM_ABORT);
 +#endif
-     error (EXIT_FAILURE, errno, _("cannot set groups"));
+     error (EXIT_CANCELED, errno, _("cannot set groups"));
 +  }
    endgrent ();
  #endif
    if (setgid (pw->pw_gid))
-@@ -318,6 +413,31 @@
-     error (EXIT_FAILURE, errno, _("cannot set user id"));
+@@ -302,6 +397,31 @@ change_identity (const struct passwd *pw
+     error (EXIT_CANCELED, errno, _("cannot set user id"));
  }
  
 +#ifdef USE_PAM
@@ -214,12 +288,12 @@
  /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
     If COMMAND is nonzero, pass it to the shell with the -c option.
     Pass ADDITIONAL_ARGS to the shell as more arguments; there
-@@ -325,17 +445,49 @@
+@@ -309,17 +429,49 @@ change_identity (const struct passwd *pw
  
  static void
  run_shell (char const *shell, char const *command, char **additional_args,
--	   size_t n_additional_args)
-+	   size_t n_additional_args, const struct passwd *pw)
+-           size_t n_additional_args)
++           size_t n_additional_args, const struct passwd *pw)
  {
    size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
    char const **args = xnmalloc (n_args, sizeof *args);
@@ -265,7 +339,7 @@
        shell_basename = last_component (shell);
        arg0 = xmalloc (strlen (shell_basename) + 2);
        arg0[0] = '-';
-@@ -360,6 +512,66 @@
+@@ -344,6 +496,67 @@ run_shell (char const *shell, char const
      error (0, errno, "%s", shell);
      exit (exit_status);
    }
@@ -303,12 +377,12 @@
 +
 +      pid = waitpid(-1, &status, WUNTRACED);
 +
-+      if (WIFSTOPPED(status)) {
-+          kill(getpid(), SIGSTOP);
++      if (((pid_t)-1 != pid) && (0 != WIFSTOPPED (status))) {
++          kill(getpid(), WSTOPSIG(status));
 +          /* once we get here, we must have resumed */
 +          kill(pid, SIGCONT);
 +      }
-+    } while (WIFSTOPPED(status));
++    } while (0 != WIFSTOPPED(status));
 +  }
 +
 +  if (caught) {
@@ -327,12 +401,13 @@
 +    fprintf(stderr, " ...killed.\n");
 +    exit(-1);
 +  }
-+  exit (WEXITSTATUS(status));
++  exit ((0 != WIFEXITED (status)) ? WEXITSTATUS (status)
++                                  : WTERMSIG (status) + 128);
 +#endif /* USE_PAM */
  }
  
  /* Return true if SHELL is a restricted shell (one not returned by
-@@ -527,9 +739,9 @@
+@@ -511,9 +724,9 @@ main (int argc, char **argv)
    shell = xstrdup (shell ? shell : pw->pw_shell);
    modify_environment (pw, shell);
  
@@ -342,82 +417,12 @@
 -    error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
 +#endif
  
+   /* error() flushes stderr, but does not check for write failure.
+      Normally, we would catch this via our atexit() hook of
+@@ -523,5 +736,5 @@ main (int argc, char **argv)
+   if (ferror (stderr))
+     exit (EXIT_CANCELED);
+ 
 -  run_shell (shell, command, argv + optind, MAX (0, argc - optind));
 +  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
  }
---- coreutils-6.7/doc/coreutils.texi.pam	2006-10-27 15:30:48.000000000 +0100
-+++ coreutils-6.7/doc/coreutils.texi	2007-01-09 17:00:01.000000000 +0000
-@@ -13395,8 +13395,11 @@
- @findex syslog
- @command{su} can optionally be compiled to use @code{syslog} to report
- failed, and optionally successful, @command{su} attempts.  (If the system
--supports @code{syslog}.)  However, GNU @command{su} does not check if the
--user is a member of the @code{wheel} group; see below.
-+supports @code{syslog}.)
-+
-+This version of @command{su} has support for using PAM for
-+authentication.  You can edit @file{/etc/pam.d/su} to customize its
-+behaviour.
- 
- The program accepts the following options.  Also see @ref{Common options}.
- 
-@@ -12815,6 +12815,8 @@
- @env{PATH} to a compiled-in default value.  Change to @var{user}'s home
- directory.  Prepend @samp{-} to the shell's name, intended to make it
- read its login startup file(s).
-+Additionaly @env{DISPLAY} and @env{XAUTHORITY} environment variables 
-+are preserved as well for PAM functionality.
-
- @item -m
- @itemx -p
-@@ -13477,33 +13480,6 @@
- the exit status of the subshell otherwise
- @end display
- 
--@cindex wheel group, not supported
--@cindex group wheel, not supported
--@cindex fascism
--@subsection Why GNU @command{su} does not support the @samp{wheel} group
--
--(This section is by Richard Stallman.)
--
--@cindex Twenex
--@cindex MIT AI lab
--Sometimes a few of the users try to hold total power over all the
--rest.  For example, in 1984, a few users at the MIT AI lab decided to
--seize power by changing the operator password on the Twenex system and
--keeping it secret from everyone else.  (I was able to thwart this coup
--and give power back to the users by patching the kernel, but I
--wouldn't know how to do that in Unix.)
--
--However, occasionally the rulers do tell someone.  Under the usual
--@command{su} mechanism, once someone learns the root password who
--sympathizes with the ordinary users, he or she can tell the rest.  The
--``wheel group'' feature would make this impossible, and thus cement the
--power of the rulers.
--
--I'm on the side of the masses, not that of the rulers.  If you are
--used to supporting the bosses and sysadmins in whatever they do, you
--might find this idea strange at first.
--
--
- @node timeout invocation
- @section @command{timeout}: Run a command with a time limit
- 
---- coreutils-6.7/configure.ac.pam	2006-12-07 21:30:24.000000000 +0000
-+++ coreutils-6.7/configure.ac	2007-01-09 17:18:04.000000000 +0000
-@@ -44,6 +44,13 @@
- gl_INIT
- coreutils_MACROS
- 
-+dnl Give the chance to enable PAM
-+AC_ARG_ENABLE(pam, dnl
-+[  --enable-pam              Enable use of the PAM libraries],
-+[AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
-+LIB_PAM="-ldl -lpam -lpam_misc"
-+AC_SUBST(LIB_PAM)])
-+
- AC_FUNC_FORK
-
- optional_bin_progs=
-