summaryrefslogtreecommitdiff
path: root/debian/patches-applied
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2010-08-31 23:34:04 -0700
committerSteve Langasek <vorlon@debian.org>2019-01-08 21:48:26 -0800
commit64c205d41710427ab670f96ebfc90e229da03fdf (patch)
treeebfa78d5cf4f5f4965c9223b7481925e1267f967 /debian/patches-applied
parentd14caa1df90fe232b1ebd690dad62506af61589a (diff)
debian/patches/007_modules_pam_unix: drop compatibility handling of
'max=' no-op; use of this option will now log an error, as warned three years ago.
Diffstat (limited to 'debian/patches-applied')
-rw-r--r--debian/patches-applied/007_modules_pam_unix28
-rw-r--r--debian/patches-applied/055_pam_unix_nullok_secure36
2 files changed, 24 insertions, 40 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix
index ae6370eb..5823c4d3 100644
--- a/debian/patches-applied/007_modules_pam_unix
+++ b/debian/patches-applied/007_modules_pam_unix
@@ -55,36 +55,22 @@ Index: pam.deb/modules/pam_unix/support.c
break;
}
}
-@@ -112,6 +114,9 @@
- } else if (pass_min_len && j == UNIX_MIN_PASS_LEN) {
- *pass_min_len = atoi(*argv + 7);
- }
-+ } else if (pass_min_len && j == UNIX_MIN_PASS_COMPAT) {
-+ *pass_min_len = atoi(*argv + 4);
-+ }
- if (rounds != NULL && j == UNIX_ALGO_ROUNDS)
- *rounds = strtol(*argv + 7, NULL, 10);
- }
Index: pam.deb/modules/pam_unix/support.h
===================================================================
--- pam.deb.orig/modules/pam_unix/support.h
+++ pam.deb/modules/pam_unix/support.h
-@@ -89,9 +89,12 @@
- #define UNIX_ALGO_ROUNDS 25 /* optional number of rounds for new
+@@ -90,8 +90,9 @@
password hash algorithms */
#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
--#define UNIX_MIN_PASS_LEN 27 /* min length for password */
-+#define UNIX_MAX_PASS_LEN 27 /* internal, for compatibility only */
-+#define UNIX_MIN_PASS_LEN 28 /* min length for password */
-+#define UNIX_MIN_PASS_COMPAT 29 /* min length for password */
-+#define UNIX_OBSCURE_CHECKS 30 /* enable obscure checks on passwords */
+ #define UNIX_MIN_PASS_LEN 27 /* min length for password */
++#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */
/* -------------- */
-#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */
-+#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */
++#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */
#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
-@@ -100,34 +103,37 @@
+@@ -100,34 +101,35 @@
/* symbol token name ctrl mask ctrl *
* ----------------------- ------------------- --------------------- -------- */
@@ -143,10 +129,8 @@ Index: pam.deb/modules/pam_unix/support.h
+/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000},
+/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000},
+/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000},
-+/* UNIX_MAX_PASS_LEN */ {"max=", _ALL_ON_, 0},
+/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000},
-+/* UNIX_MIN_PASS_COMPAT */ {"min=", _ALL_ON_, 0x8000000},
-+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x10000000},
++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure
index cc46dcf5..5e694e12 100644
--- a/debian/patches-applied/055_pam_unix_nullok_secure
+++ b/debian/patches-applied/055_pam_unix_nullok_secure
@@ -39,7 +39,7 @@ Index: pam.deb/modules/pam_unix/support.c
}
}
-@@ -455,6 +462,7 @@
+@@ -452,6 +459,7 @@
child = fork();
if (child == 0) {
int i=0;
@@ -47,7 +47,7 @@ Index: pam.deb/modules/pam_unix/support.c
struct rlimit rlim;
static char *envp[] = { NULL };
char *args[] = { NULL, NULL, NULL, NULL };
-@@ -482,7 +490,18 @@
+@@ -479,7 +487,18 @@
/* exec binary helper */
args[0] = strdup(CHKPWD_HELPER);
args[1] = x_strdup(user);
@@ -67,7 +67,7 @@ Index: pam.deb/modules/pam_unix/support.c
args[2]=strdup("nullok");
} else {
args[2]=strdup("nonull");
-@@ -563,6 +582,17 @@
+@@ -560,6 +579,17 @@
if (on(UNIX__NONULL, ctrl))
return 0; /* will fail but don't let on yet */
@@ -85,7 +85,7 @@ Index: pam.deb/modules/pam_unix/support.c
/* UNIX passwords area */
retval = get_pwd_hash(pamh, name, &pwd, &salt);
-@@ -649,7 +679,8 @@
+@@ -646,7 +676,8 @@
}
}
} else {
@@ -99,35 +99,35 @@ Index: pam.deb/modules/pam_unix/support.h
===================================================================
--- pam.deb.orig/modules/pam_unix/support.h
+++ pam.deb/modules/pam_unix/support.h
-@@ -93,8 +93,9 @@
- #define UNIX_MIN_PASS_LEN 28 /* min length for password */
- #define UNIX_MIN_PASS_COMPAT 29 /* min length for password */
- #define UNIX_OBSCURE_CHECKS 30 /* enable obscure checks on passwords */
-+#define UNIX_NULLOK_SECURE 31 /* NULL passwords allowed only on secure ttys */
+@@ -91,8 +91,9 @@
+ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
+ #define UNIX_MIN_PASS_LEN 27 /* min length for password */
+ #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */
++#define UNIX_NULLOK_SECURE 29 /* NULL passwords allowed only on secure ttys */
/* -------------- */
--#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */
-+#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */
+-#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */
++#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */
#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
-@@ -112,7 +113,7 @@
+@@ -110,7 +111,7 @@
/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40},
/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80},
/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100},
-/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200},
-+/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x8000000), 0x200},
++/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200},
/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400},
/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800},
/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000},
-@@ -134,6 +135,7 @@
+@@ -130,6 +131,7 @@
+ /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000},
/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000},
- /* UNIX_MIN_PASS_COMPAT */ {"min=", _ALL_ON_, 0x8000000},
- /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x10000000},
-+/* UNIX__NULLOK */ {"nullok_secure", _ALL_ON_^(0x200), 0x20000000},
+ /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000},
++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000},
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
-@@ -169,6 +171,9 @@
+@@ -165,6 +167,9 @@
,const char *data_name
,const void **pass);