diff options
author | Niels Thykier <niels@thykier.net> | 2018-08-11 15:31:24 +0000 |
---|---|---|
committer | Niels Thykier <niels@thykier.net> | 2018-08-11 15:31:24 +0000 |
commit | 8d540fb940a9b4213f19c523c490642356d03edb (patch) | |
tree | e0565860842e57ceb47ab30e36c0b4325f1ff346 /debian/patches-applied/008_modules_pam_limits_chroot | |
parent | 60fe4501b4194949d3117a937abdfa90d3f138e9 (diff) |
pam (1.1.8-3.8) unstable; urgency=medium
* Non-maintainer upload.
* Set Rules-Requires-Root to binary-targets as pam relies on
chgrp in debian/rules.
* Update pam-auth-update to detect write errors and properly
fail when that happens. (Closes: #880501)
* Remove Roger Leigh from uploaders as he has restired from
Debian. (Closes: #869348)
* Reduce priority of libpam0g to optional.
* Rebuild with a recent version of dpkg-source, which ensures
that the Build-Depends are correct in the .dsc file.
(Closes: #890602)
* Apply patch from Felix Lechner to make pam-auth-update ignore
editor backup files. (Closes: #519361)
* Apply update to Brazilian Portuguese translations of the
debconf templates. Thanks to Adriano Rafael Gomes.
(Closes: #799417)
[dgit import package pam 1.1.8-3.8]
Diffstat (limited to 'debian/patches-applied/008_modules_pam_limits_chroot')
-rw-r--r-- | debian/patches-applied/008_modules_pam_limits_chroot | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot new file mode 100644 index 00000000..fd4fc3a8 --- /dev/null +++ b/debian/patches-applied/008_modules_pam_limits_chroot @@ -0,0 +1,132 @@ +Index: pam.debian/modules/pam_limits/pam_limits.c +=================================================================== +--- pam.debian.orig/modules/pam_limits/pam_limits.c ++++ pam.debian/modules/pam_limits/pam_limits.c +@@ -87,6 +87,7 @@ + int flag_numsyslogins; /* whether to limit logins only for a + specific user or to count all logins */ + int priority; /* the priority to run user process with */ ++ char chroot_dir[8092]; /* directory to chroot into */ + struct user_limits_struct limits[RLIM_NLIMITS]; + const char *conf_file; + int utmp_after_pam_call; +@@ -97,6 +98,7 @@ + #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 + + #define LIMIT_PRI RLIM_NLIMITS+3 ++#define LIMIT_CHROOT RLIM_NLIMITS+4 + + #define LIMIT_SOFT 1 + #define LIMIT_HARD 2 +@@ -472,6 +474,8 @@ + pl->login_limit = -2; + pl->login_limit_def = LIMITS_DEF_NONE; + ++ pl->chroot_dir[0] = '\0'; ++ + return retval; + } + +@@ -542,6 +546,8 @@ + pl->flag_numsyslogins = 1; + } else if (strcmp(lim_item, "priority") == 0) { + limit_item = LIMIT_PRI; ++ } else if (strcmp(lim_item, "chroot") == 0) { ++ limit_item = LIMIT_CHROOT; + } else { + pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); + return; +@@ -579,9 +585,9 @@ + pam_syslog(pamh, LOG_DEBUG, + "wrong limit value '%s' for limit type '%s'", + lim_value, lim_type); +- return; ++ return; + } +- } else { ++ } else if (limit_item != LIMIT_CHROOT) { + #ifdef __USE_FILE_OFFSET64 + rlimit_value = strtoull (lim_value, &endptr, 10); + #else +@@ -642,7 +648,11 @@ + #endif + } + +- if ( (limit_item != LIMIT_LOGIN) ++ if (limit_item == LIMIT_CHROOT) { ++ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)-1); ++ pl->chroot_dir[sizeof(pl->chroot_dir)-1]='\0'; ++ } ++ else if ( (limit_item != LIMIT_LOGIN) + && (limit_item != LIMIT_NUMSYSLOGINS) + && (limit_item != LIMIT_PRI) ) { + if (limit_type & LIMIT_SOFT) { +@@ -986,6 +996,15 @@ + retval |= LOGIN_ERR; + } + ++ if (!retval && pl->chroot_dir[0]) { ++ i = chdir(pl->chroot_dir); ++ if (i == 0) ++ i = chroot(pl->chroot_dir); ++ if (i == 0) ++ i = chdir("/"); ++ if (i != 0) ++ retval = LIMIT_ERR; ++ } + return retval; + } + +Index: pam.debian/modules/pam_limits/limits.conf.5.xml +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5.xml ++++ pam.debian/modules/pam_limits/limits.conf.5.xml +@@ -255,6 +255,12 @@ + (Linux 2.6.12 and higher)</para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term><option>chroot</option></term> ++ <listitem> ++ <para>the directory to chroot the user to</para> ++ </listitem> ++ </varlistentry> + </variablelist> + </listitem> + </varlistentry> +Index: pam.debian/modules/pam_limits/limits.conf.5 +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf.5 ++++ pam.debian/modules/pam_limits/limits.conf.5 +@@ -260,6 +260,11 @@ + .RS 4 + maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) + .RE ++.PP ++\fBchroot\fR ++.RS 4 ++the directory to chroot the user to ++.RE + .RE + .PP + All items support the values +Index: pam.debian/modules/pam_limits/limits.conf +=================================================================== +--- pam.debian.orig/modules/pam_limits/limits.conf ++++ pam.debian/modules/pam_limits/limits.conf +@@ -35,6 +35,7 @@ + # - msgqueue - max memory used by POSIX message queues (bytes) + # - nice - max nice priority allowed to raise to values: [-20, 19] + # - rtprio - max realtime priority ++# - chroot - change root to directory (Debian-specific) + # + #<domain> <type> <item> <value> + # +@@ -45,6 +46,7 @@ + #@faculty soft nproc 20 + #@faculty hard nproc 50 + #ftp hard nproc 0 ++#ftp - chroot /ftp + #@student - maxlogins 4 + + # End of file |