summaryrefslogtreecommitdiff
path: root/debian/patches-applied/054_pam_security_abstract_securetty_handling
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2014-01-14 00:30:36 -0800
committerSteve Langasek <vorlon@debian.org>2019-01-08 22:11:51 -0800
commit1673fdd3756f59f0886cb3d0d594ff71ed3b1f40 (patch)
tree9cc5f635f1c345bd491ffa1aa33c15c32947ae02 /debian/patches-applied/054_pam_security_abstract_securetty_handling
parent18ad8104e674ec8e1fb74d15a248680e51044854 (diff)
Refresh patches
Diffstat (limited to 'debian/patches-applied/054_pam_security_abstract_securetty_handling')
-rw-r--r--debian/patches-applied/054_pam_security_abstract_securetty_handling40
1 files changed, 19 insertions, 21 deletions
diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling
index 4f2c5250..91d6809f 100644
--- a/debian/patches-applied/054_pam_security_abstract_securetty_handling
+++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling
@@ -1,20 +1,19 @@
Description: extract the securetty logic for use with the "nullok_secure" option
introduced in the "055_pam_unix_nullok_secure" patch.
-Index: pam.deb/modules/pam_securetty/pam_securetty.c
+Index: pam.debian/modules/pam_securetty/pam_securetty.c
===================================================================
---- pam.deb.orig/modules/pam_securetty/pam_securetty.c
-+++ pam.deb/modules/pam_securetty/pam_securetty.c
-@@ -1,8 +1,5 @@
+--- pam.debian.orig/modules/pam_securetty/pam_securetty.c
++++ pam.debian/modules/pam_securetty/pam_securetty.c
+@@ -1,7 +1,5 @@
/* pam_securetty module */
-#define SECURETTY_FILE "/etc/securetty"
-#define TTY_PREFIX "/dev/"
--
- /*
- * by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
- * July 25, 1996.
-@@ -37,6 +34,9 @@
+ #define CMDLINE_FILE "/proc/cmdline"
+ #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active"
+
+@@ -40,6 +38,9 @@
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
@@ -22,9 +21,9 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
+ const char *uttyname);
+
#define PAM_DEBUG_ARG 0x0001
+ #define PAM_NOCONSOLE_ARG 0x0002
- static int
-@@ -67,11 +67,7 @@
+@@ -73,11 +74,7 @@
const char *username;
const char *uttyname;
const void *void_uttyname;
@@ -36,7 +35,7 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
/* log a trail for debugging */
if (ctrl & PAM_DEBUG_ARG) {
-@@ -99,51 +95,7 @@
+@@ -105,50 +102,7 @@
return PAM_SERVICE_ERR;
}
@@ -84,15 +83,14 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
- && (!ptname[0] || strcmp(ptname, uttyname)) );
- }
- fclose(ttyfile);
--
+ retval = _pammodutil_tty_secure(pamh, uttyname);
- if (retval) {
- pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
- uttyname);
-Index: pam.deb/modules/pam_securetty/tty_secure.c
+
+ if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) {
+ FILE *cmdlinefile;
+Index: pam.debian/modules/pam_securetty/tty_secure.c
===================================================================
--- /dev/null
-+++ pam.deb/modules/pam_securetty/tty_secure.c
++++ pam.debian/modules/pam_securetty/tty_secure.c
@@ -0,0 +1,90 @@
+/*
+ * A function to determine if a particular line is in /etc/securetty
@@ -184,10 +182,10 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c
+
+ return retval;
+}
-Index: pam.deb/modules/pam_securetty/Makefile.am
+Index: pam.debian/modules/pam_securetty/Makefile.am
===================================================================
---- pam.deb.orig/modules/pam_securetty/Makefile.am
-+++ pam.deb/modules/pam_securetty/Makefile.am
+--- pam.debian.orig/modules/pam_securetty/Makefile.am
++++ pam.debian/modules/pam_securetty/Makefile.am
@@ -24,6 +24,10 @@
securelib_LTLIBRARIES = pam_securetty.la
pam_securetty_la_LIBADD = -L$(top_builddir)/libpam -lpam