summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2008-07-26 10:51:19 -0700
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:01:53 -0800
commite922ee5fc29778a7a3921f2512fb6bf706280839 (patch)
tree5872b78df11913ee2c00712ca766f494f3b14924
parent63bb791f89e05b1c80a4175ccd819914f32f7c04 (diff)
New patch do_not_check_nis_accidentally: respect the 'nis' option
(set or unset) when looking up the user's password entry for password changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the patch. Closes: #469635.
-rw-r--r--debian/changelog4
-rw-r--r--debian/patches-applied/do_not_check_nis_accidentally22
-rw-r--r--debian/patches-applied/series1
3 files changed, 27 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 7b2f17ea..f646a932 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -49,6 +49,10 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low
* 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for
the NSS source of our user; this was preventing password changes for NIS
users, which otherwise should have worked. Closes: #203222.
+ * New patch do_not_check_nis_accidentally: respect the 'nis' option
+ (set or unset) when looking up the user's password entry for password
+ changes. Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the
+ patch. Closes: #469635.
-- Steve Langasek <vorlon@debian.org> Tue, 22 Jul 2008 10:55:45 -0700
diff --git a/debian/patches-applied/do_not_check_nis_accidentally b/debian/patches-applied/do_not_check_nis_accidentally
new file mode 100644
index 00000000..70e3df2d
--- /dev/null
+++ b/debian/patches-applied/do_not_check_nis_accidentally
@@ -0,0 +1,22 @@
+Patch for Debian bug #469635
+
+Always call _unix_getpwnam() consistent with the value of the 'nis'
+option, so that we only grab from the backends we're expecting.
+
+Authors: Quentin Godfroy <godfroy@clipper.ens.fr>
+
+Upstream status: should be submitted
+
+Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
++++ pam.deb/modules/pam_unix/pam_unix_passwd.c
+@@ -562,7 +562,7 @@
+ return PAM_USER_UNKNOWN;
+ } else {
+ struct passwd *pwd;
+- _unix_getpwnam(pamh, user, 1, 1, &pwd);
++ _unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd);
+ if (pwd == NULL) {
+ pam_syslog(pamh, LOG_DEBUG,
+ "user \"%s\" has corrupted passwd entry",
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 87d53fcf..131a9f8b 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -3,6 +3,7 @@
021_nis_cleanup
022_pam_unix_group_time_miscfixes
026_pam_unix_passwd_unknown_user
+do_not_check_nis_accidentally
027_pam_limits_better_init_allow_explicit_root
031_pam_include -p2
032_pam_limits_EPERM_NOT_FATAL