summaryrefslogtreecommitdiff
path: root/debian/patches-applied/007_modules_pam_unix
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2019-01-22 15:21:19 -0800
committerSteve Langasek <vorlon@debian.org>2019-01-24 11:54:00 -0800
commit5bbcd8f9bad73877325151b2024c6cdd858174b5 (patch)
tree424e9a64f3aaf5588154b86636cfa5cf6f79edad /debian/patches-applied/007_modules_pam_unix
parent5cd7bb4511a7c2b355a615f19a9eca193320aa3e (diff)
Refresh patches
Diffstat (limited to 'debian/patches-applied/007_modules_pam_unix')
-rw-r--r--debian/patches-applied/007_modules_pam_unix115
1 files changed, 50 insertions, 65 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix
index d88bb979..ae00a79d 100644
--- a/debian/patches-applied/007_modules_pam_unix
+++ b/debian/patches-applied/007_modules_pam_unix
@@ -1,8 +1,8 @@
-Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
+Index: pam/modules/pam_unix/pam_unix_passwd.c
===================================================================
---- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c
-+++ pam.debian/modules/pam_unix/pam_unix_passwd.c
-@@ -102,6 +102,9 @@
+--- pam.orig/modules/pam_unix/pam_unix_passwd.c
++++ pam/modules/pam_unix/pam_unix_passwd.c
+@@ -98,6 +98,9 @@
# endif /* GNU libc 2.1 */
#endif
@@ -12,7 +12,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
/*
How it works:
Gets in username (has to be done) from the calling program
-@@ -521,6 +524,11 @@
+@@ -593,6 +596,11 @@
return retval;
}
}
@@ -24,7 +24,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
}
if (remark) {
_make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
-@@ -536,7 +544,7 @@
+@@ -608,7 +616,7 @@
int retval;
int remember = -1;
int rounds = -1;
@@ -33,22 +33,22 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
/* <DO NOT free() THESE> */
const char *user;
-Index: pam.debian/modules/pam_unix/support.h
+Index: pam/modules/pam_unix/support.h
===================================================================
---- pam.debian.orig/modules/pam_unix/support.h
-+++ pam.debian/modules/pam_unix/support.h
-@@ -97,8 +97,9 @@
- password hash algorithms */
- #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
- #define UNIX_MIN_PASS_LEN 27 /* min length for password */
-+#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */
+--- pam.orig/modules/pam_unix/support.h
++++ pam/modules/pam_unix/support.h
+@@ -98,8 +98,9 @@
+ #define UNIX_QUIET 28 /* Don't print informational messages */
+ #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */
+ #define UNIX_DES 30 /* DES, default */
++#define UNIX_OBSCURE_CHECKS 31 /* enable obscure checks on passwords */
/* -------------- */
--#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */
-+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */
+-#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */
++#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */
#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
-@@ -107,34 +108,35 @@
+@@ -108,37 +109,38 @@
/* symbol token name ctrl mask ctrl *
* ----------------------- ------------------- --------------------- -------- */
@@ -58,7 +58,7 @@ Index: pam.debian/modules/pam_unix/support.h
-/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0},
-/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0},
-/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0},
--/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0},
+-/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0},
-/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0},
-/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0},
-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0},
@@ -80,13 +80,16 @@ Index: pam.debian/modules/pam_unix/support.h
-/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0},
-/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1},
-/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0},
+-/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0},
+-/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0},
+-/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1},
+/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0},
+/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0},
+/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0},
+/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0},
+/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0},
+/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0},
-+/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0},
++/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0},
+/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0},
+/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0},
+/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0},
@@ -108,15 +111,18 @@ Index: pam.debian/modules/pam_unix/support.h
+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0},
+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1},
+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0},
-+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0},
++/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0},
++/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0},
++/* UNIX_DES */ {"des", _ALL_ON_^(0x2C22000), 0, 1},
++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x20000000, 0},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
-Index: pam.debian/modules/pam_unix/pam_unix.8.xml
+Index: pam/modules/pam_unix/pam_unix.8.xml
===================================================================
---- pam.debian.orig/modules/pam_unix/pam_unix.8.xml
-+++ pam.debian/modules/pam_unix/pam_unix.8.xml
-@@ -337,8 +337,81 @@
+--- pam.orig/modules/pam_unix/pam_unix.8.xml
++++ pam/modules/pam_unix/pam_unix.8.xml
+@@ -361,8 +361,81 @@
<listitem>
<para>
Set a minimum password length of <replaceable>n</replaceable>
@@ -200,10 +206,10 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml
</para>
</listitem>
</varlistentry>
-Index: pam.debian/modules/pam_unix/obscure.c
+Index: pam/modules/pam_unix/obscure.c
===================================================================
--- /dev/null
-+++ pam.debian/modules/pam_unix/obscure.c
++++ pam/modules/pam_unix/obscure.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 1989 - 1994, Julianne Frances Haugh
@@ -403,24 +409,24 @@ Index: pam.debian/modules/pam_unix/obscure.c
+
+ return msg;
+}
-Index: pam.debian/modules/pam_unix/Makefile.am
+Index: pam/modules/pam_unix/Makefile.am
===================================================================
---- pam.debian.orig/modules/pam_unix/Makefile.am
-+++ pam.debian/modules/pam_unix/Makefile.am
-@@ -43,7 +43,7 @@
+--- pam.orig/modules/pam_unix/Makefile.am
++++ pam/modules/pam_unix/Makefile.am
+@@ -42,7 +42,7 @@
pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c
+ passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c
- if STATIC_MODULES
- pam_unix_la_SOURCES += pam_unix_static.c
- endif
-Index: pam.debian/modules/pam_unix/pam_unix.8
+
+ bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
+ bigcrypt_CFLAGS = $(AM_CFLAGS)
+Index: pam/modules/pam_unix/pam_unix.8
===================================================================
---- pam.debian.orig/modules/pam_unix/pam_unix.8
-+++ pam.debian/modules/pam_unix/pam_unix.8
-@@ -183,7 +183,38 @@
+--- pam.orig/modules/pam_unix/pam_unix.8
++++ pam/modules/pam_unix/pam_unix.8
+@@ -193,7 +193,38 @@
.RS 4
Set a minimum password length of
\fIn\fR
@@ -459,33 +465,12 @@ Index: pam.debian/modules/pam_unix/pam_unix.8
+.sp
.RE
.PP
- Invalid arguments are logged with
-diff --git a/modules/pam_unix/README b/modules/pam_unix/README
-index 26c06e23..a1289409 100644
---- a/modules/pam_unix/README
-+++ b/modules/pam_unix/README
-@@ -12,9 +12,9 @@ shadow file as well if shadow is enabled.
- The account component performs the task of establishing the status of the
- user's account and password based on the following shadow elements: expire,
- last_change, max_change, min_change, warn_change. In the case of the latter, it
--may offer advice to the user on changing their password or, through the
-+may offer advice to the user on changing their password or, through the
- PAM_AUTHTOKEN_REQD return, delay giving service to the user until they have
--established a new password. The entries listed above are documented in the
-+established a new password. The entries listed above are documented in the
- shadow(5) manual page. Should the user's record not contain one or more of
- these entries, the corresponding shadow check is not performed.
-
-@@ -100,7 +100,7 @@ remember=n
-
- The last n passwords for each user are saved in /etc/security/opasswd in
- order to force password change history and keep the user from alternating
-- between the same password too frequently. Instead of this option the
-+ between the same password too frequently. Instead of this option the
- pam_pwhistory module should be used.
-
- shadow
-@@ -146,8 +146,40 @@ broken_shadow
+ \fBno_pass_expiry\fR
+Index: pam/modules/pam_unix/README
+===================================================================
+--- pam.orig/modules/pam_unix/README
++++ pam/modules/pam_unix/README
+@@ -155,8 +155,40 @@
minlen=n
@@ -526,5 +511,5 @@ index 26c06e23..a1289409 100644
+ Is the new password a rotated version of the old password? (E.g.,
+ "billy" and "illyb")
- Invalid arguments are logged with syslog(3).
+ no_pass_expiry