summaryrefslogtreecommitdiff
path: root/debian/patches-applied
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2008-07-26 11:53:02 -0700
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:01:53 -0800
commitf19948eec9253c72d5694c6f90928b02725d5e03 (patch)
treea8102612e4c2a38392f33892b55cbffa91c4dcce /debian/patches-applied
parente2e53fa1edb7971d3a3a4cdcb31bbe46a823cf62 (diff)
refresh patches for new upstream version
Diffstat (limited to 'debian/patches-applied')
-rw-r--r--debian/patches-applied/031_pam_include54
-rw-r--r--debian/patches-applied/036_pam_wheel_getlogin_considered_harmful225
2 files changed, 158 insertions, 121 deletions
diff --git a/debian/patches-applied/031_pam_include b/debian/patches-applied/031_pam_include
index e28415c4..8e7ea587 100644
--- a/debian/patches-applied/031_pam_include
+++ b/debian/patches-applied/031_pam_include
@@ -4,11 +4,11 @@ Authors: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Upstream status: not yet submitted
-Index: pam/Linux-PAM/libpam/pam_handlers.c
+Index: pam.deb/libpam/pam_handlers.c
===================================================================
---- pam.orig/Linux-PAM/libpam/pam_handlers.c
-+++ pam/Linux-PAM/libpam/pam_handlers.c
-@@ -114,6 +114,10 @@
+--- pam.deb.orig/libpam/pam_handlers.c
++++ pam.deb/libpam/pam_handlers.c
+@@ -117,6 +117,10 @@
module_type = PAM_T_ACCT;
} else if (!strcasecmp("password", tok)) {
module_type = PAM_T_PASS;
@@ -19,35 +19,49 @@ Index: pam/Linux-PAM/libpam/pam_handlers.c
} else {
/* Illegal module type */
D(("_pam_init_handlers: bad module type: %s", tok));
-@@ -178,14 +182,33 @@
+@@ -186,8 +190,10 @@
_pam_set_default_control(actions, _PAM_ACTION_BAD);
}
+parsing_done:
tok = _pam_StrTok(NULL, " \n\t", &nexttok);
if (pam_include) {
-- if (_pam_load_conf_file(pamh, tok, this_service, module_type
+ struct stat include_dir;
+ if (substack) {
+ res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other,
+ stack_level, module_type, actions, tok,
+@@ -198,13 +204,35 @@
+ return PAM_ABORT;
+ }
+ }
+- if (_pam_load_conf_file(pamh, tok, this_service, module_type,
+- stack_level + substack
+ if (tok[0] == '/') {
-+ if (_pam_load_conf_file(pamh, tok, this_service, module_type
- #ifdef PAM_READ_BOTH_CONFS
-- , !other
-+ , !other
- #endif /* PAM_READ_BOTH_CONFS */
- ) == PAM_SUCCESS)
-- continue;
++ if (_pam_load_conf_file(pamh, tok, this_service,
++ module_type, stack_level + substack
++#ifdef PAM_READ_BOTH_CONFS
++ , !other
++#endif /* PAM_READ_BOTH_CONFS */
++ ) == PAM_SUCCESS)
+ continue;
-+ } else if (!stat(PAM_CONFIG_D, &include_dir) && S_ISDIR(include_dir.st_mode)) {
++ }
++ else if (!stat(PAM_CONFIG_D, include_dir)
++ && S_ISDIR(include_dir.st_mode))
++ {
+ char *include_file;
+ if (asprintf (&include_file, PAM_CONFIG_DF, tok) < 0) {
+ pam_syslog(pamh, LOG_CRIT, "asprintf failed");
+ return PAM_ABORT;
+ }
-+ if (_pam_load_conf_file(pamh, include_file, this_service, module_type
-+#ifdef PAM_READ_BOTH_CONFS
-+ , !other
-+#endif /* PAM_READ_BOTH_CONFS */
-+ ) == PAM_SUCCESS) {
++ if (_pam_load_conf_file(pamh, include_file, this_service,
++ module_type, stack_level + substack
+ #ifdef PAM_READ_BOTH_CONFS
+ , !other
+ #endif /* PAM_READ_BOTH_CONFS */
+- ) == PAM_SUCCESS)
+- continue;
++ ) == PAM_SUCCESS)
++ {
+ free(include_file);
+ continue;
+ }
@@ -55,4 +69,4 @@ Index: pam/Linux-PAM/libpam/pam_handlers.c
+ }
_pam_set_default_control(actions, _PAM_ACTION_BAD);
mod_path = NULL;
- must_fail = 1;
+ handler_type = PAM_HT_MUST_FAIL;
diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
index b95a677b..ec26a87c 100644
--- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
+++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful
@@ -8,10 +8,10 @@ Authors: Ben Collins <bcollins@debian.org>
Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net>
-Index: Linux-PAM/modules/pam_wheel/pam_wheel.c
+Index: pam.deb/modules/pam_wheel/pam_wheel.c
===================================================================
---- Linux-PAM/modules/pam_wheel/pam_wheel.c.orig
-+++ Linux-PAM/modules/pam_wheel/pam_wheel.c
+--- pam.deb.orig/modules/pam_wheel/pam_wheel.c
++++ pam.deb/modules/pam_wheel/pam_wheel.c
@@ -60,9 +60,8 @@
/* argument parsing */
@@ -68,10 +68,10 @@ Index: Linux-PAM/modules/pam_wheel/pam_wheel.c
/*
* At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu
-Index: Linux-PAM/modules/pam_wheel/pam_wheel.8.xml
+Index: pam.deb/modules/pam_wheel/pam_wheel.8.xml
===================================================================
---- Linux-PAM/modules/pam_wheel/pam_wheel.8.xml.orig
-+++ Linux-PAM/modules/pam_wheel/pam_wheel.8.xml
+--- pam.deb.orig/modules/pam_wheel/pam_wheel.8.xml
++++ pam.deb/modules/pam_wheel/pam_wheel.8.xml
@@ -33,9 +33,6 @@
<arg choice="opt">
trust
@@ -101,141 +101,164 @@ Index: Linux-PAM/modules/pam_wheel/pam_wheel.8.xml
</variablelist>
</refsect1>
-Index: Linux-PAM/modules/pam_wheel/pam_wheel.8
+Index: pam.deb/modules/pam_wheel/pam_wheel.8
===================================================================
---- Linux-PAM/modules/pam_wheel/pam_wheel.8.orig
-+++ Linux-PAM/modules/pam_wheel/pam_wheel.8
-@@ -1,11 +1,11 @@
+--- pam.deb.orig/modules/pam_wheel/pam_wheel.8
++++ pam.deb/modules/pam_wheel/pam_wheel.8
+@@ -1,64 +1,59 @@
.\" Title: pam_wheel
.\" Author:
--.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
--.\" Date: 06/09/2006
--.\" Manual: Linux\-PAM Manual
--.\" Source: Linux\-PAM Manual
-+.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/>
-+.\" Date: 08/19/2007
-+.\" Manual: Linux-PAM Manual
-+.\" Source: Linux-PAM Manual
+-.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
+-.\" Date: 01/08/2008
++.\" Generator: DocBook XSL Stylesheets v1.73.2 <http://docbook.sf.net/>
++.\" Date: 07/26/2008
+ .\" Manual: Linux-PAM Manual
+ .\" Source: Linux-PAM Manual
.\"
--.TH "PAM_WHEEL" "8" "06/09/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_WHEEL" "8" "08/19/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
+-.TH "PAM_WHEEL" "8" "01/08/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_WHEEL" "8" "07/26/2008" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
-@@ -14,7 +14,7 @@
- pam_wheel \- Only permit root access to members of group wheel
+ .ad l
+ .SH "NAME"
+-pam_wheel - Only permit root access to members of group wheel
++pam_wheel \- Only permit root access to members of group wheel
.SH "SYNOPSIS"
.HP 13
--\fBpam_wheel.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
-+\fBpam_wheel.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust]
+-\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid]
++\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust]
.SH "DESCRIPTION"
.PP
The pam_wheel PAM module is used to enforce the so\-called
-@@ -24,30 +24,37 @@
- group. If no group with this name exist, the module is using the group with the group\-ID
- \fB0\fR.
+ \fIwheel\fR
+-group\. By default it permits root access to the system if the applicant user is a member of the
++group\&. By default it permits root access to the system if the applicant user is a member of the
+ \fIwheel\fR
+-group\. If no group with this name exist, the module is using the group with the group\-ID
+-\fB0\fR\.
++group\&. If no group with this name exist, the module is using the group with the group\-ID
++\fB0\fR\&.
.SH "OPTIONS"
--.TP 3n
-+.PP
+ .PP
\fBdebug\fR
-+.RS 4
- Print debug information.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-Print debug information\.
++Print debug information\&.
+ .RE
+ .PP
\fBdeny\fR
-+.RS 4
+ .RS 4
Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the
\fBgroup\fR
- option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless
+-option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless
++option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless
\fBtrust\fR
- was also specified, in which case we return PAM_SUCCESS).
--.TP 3n
-+.RE
-+.PP
+-was also specified, in which case we return PAM_SUCCESS)\.
++was also specified, in which case we return PAM_SUCCESS)\&.
+ .RE
+ .PP
\fBgroup=\fR\fB\fIname\fR\fR
-+.RS 4
+ .RS 4
Instead of checking the wheel or GID 0 groups, use the
\fB\fIname\fR\fR
- group to perform the authentication.
--.TP 3n
-+.RE
-+.PP
+-group to perform the authentication\.
++group to perform the authentication\&.
+ .RE
+ .PP
\fBroot_only\fR
-+.RS 4
- The check for wheel membership is done only.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-The check for wheel membership is done only\.
++The check for wheel membership is done only\&.
+ .RE
+ .PP
\fBtrust\fR
-+.RS 4
- The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
--.TP 3n
+ .RS 4
+-The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\.
+-.RE
+-.PP
-\fBuse_uid\fR
--The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example).
-+.RE
+-.RS 4
+-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\.
++The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&.
+ .RE
.SH "MODULE SERVICES PROVIDED"
.PP
- The
-@@ -56,32 +63,46 @@
+@@ -66,52 +61,52 @@
+ \fBauth\fR
+ and
\fBaccount\fR
- services are supported.
+-services are supported\.
++services are supported\&.
.SH "RETURN VALUES"
--.TP 3n
-+.PP
+ .PP
PAM_AUTH_ERR
-+.RS 4
- Authentication failure.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-Authentication failure\.
++Authentication failure\&.
+ .RE
+ .PP
PAM_BUF_ERR
-+.RS 4
- Memory buffer error.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-Memory buffer error\.
++Memory buffer error\&.
+ .RE
+ .PP
PAM_IGNORE
-+.RS 4
- The return value should be ignored by PAM dispatch.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-The return value should be ignored by PAM dispatch\.
++The return value should be ignored by PAM dispatch\&.
+ .RE
+ .PP
PAM_PERM_DENY
-+.RS 4
- Permission denied.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-Permission denied\.
++Permission denied\&.
+ .RE
+ .PP
PAM_SERVICE_ERR
-+.RS 4
- Cannot determine the user name.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-Cannot determine the user name\.
++Cannot determine the user name\&.
+ .RE
+ .PP
PAM_SUCCESS
-+.RS 4
- Success.
--.TP 3n
-+.RE
-+.PP
+ .RS 4
+-Success\.
++Success\&.
+ .RE
+ .PP
PAM_USER_UNKNOWN
-+.RS 4
- User not known.
-+.RE
+ .RS 4
+-User not known\.
++User not known\&.
+ .RE
.SH "EXAMPLES"
.PP
- The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants.
+-The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\.
++The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&.
.sp
--.RS 3n
-+.RS 4
+ .RS 4
.nf
- su auth sufficient pam_rootok.so
- su auth required pam_wheel.so
-Index: Linux-PAM/modules/pam_wheel/README
+-su auth sufficient pam_rootok\.so
+-su auth required pam_wheel\.so
+-su auth required pam_unix\.so
++su auth sufficient pam_rootok\&.so
++su auth required pam_wheel\&.so
++su auth required pam_unix\&.so
+
+ .fi
+ .RE
+@@ -124,4 +119,4 @@
+ \fBpam\fR(8)
+ .SH "AUTHOR"
+ .PP
+-pam_wheel was written by Cristian Gafton <gafton@redhat\.com>\.
++pam_wheel was written by Cristian Gafton <gafton@redhat\&.com>\&.
+Index: pam.deb/modules/pam_wheel/README
===================================================================
---- Linux-PAM/modules/pam_wheel/README.orig
-+++ Linux-PAM/modules/pam_wheel/README
+--- pam.deb.orig/modules/pam_wheel/README
++++ pam.deb/modules/pam_wheel/README
@@ -39,12 +39,6 @@
modules the wheel members may be able to su to root without being prompted
for a passwd).