diff -ur vixie-cron-3.0.1.orig/Makefile vixie-cron-3.0.1/Makefile --- vixie-cron-3.0.1.orig/Makefile Thu May 30 19:47:00 2002 +++ vixie-cron-3.0.1/Makefile Thu May 30 20:54:46 2002 @@ -55,7 +55,7 @@ INCLUDE = -I. #INCLUDE = #<<need getopt()>> -LIBS = +LIBS = -lpam #<<optimize or debug?>> OPTIM = $(RPM_OPT_FLAGS) #OPTIM = -g diff -ur vixie-cron-3.0.1.orig/do_command.c vixie-cron-3.0.1/do_command.c --- vixie-cron-3.0.1.orig/do_command.c Thu May 30 19:47:00 2002 +++ vixie-cron-3.0.1/do_command.c Thu May 30 20:55:50 2002 @@ -29,6 +29,18 @@ # include <syslog.h> #endif +#include <security/pam_appl.h> +static pam_handle_t *pamh = NULL; +static const struct pam_conv conv = { + NULL +}; +#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ + fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ + syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ + pam_end(pamh, retcode); exit(1); \ + } + + static void child_process __P((entry *, user *)), do_univ __P((user *)); @@ -77,6 +89,7 @@ register char *input_data; char *usernm, *mailto; int children = 0; + int retcode = 0; Debug(DPROC, ("[%d] child_process('%s')\n", getpid(), e->cmd)) @@ -159,6 +172,15 @@ } } + retcode = pam_start("cron", usernm, &conv, &pamh); + PAM_FAIL_CHECK; + retcode = pam_acct_mgmt(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_open_session(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); + PAM_FAIL_CHECK; + /* fork again, this time so we can exec the user's command. */ switch (vfork()) { @@ -483,7 +505,11 @@ if (WIFSIGNALED(waiter) && WCOREDUMP(waiter)) Debug(DPROC, (", dumped core")) Debug(DPROC, ("\n")) + } + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); + retcode = pam_close_session(pamh, PAM_SILENT); + pam_end(pamh, retcode); }