summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2008-08-27 01:21:30 -0700
committerSteve Langasek <steve.langasek@ubuntu.com>2019-01-03 17:28:20 -0800
commit2526c272fd267bb71314c4b2bf57227e480c25e6 (patch)
tree53802b33a89e435269cf0e884ef4de1c403164db /debian
parent4f59e939a5734736b8a14fd2e01c1062dff8c9dd (diff)
055_pam_unix_nullok_secure: also don't call the helper at all from
_unix_blankpasswd when we can detect that null passwords are disallowed, to avoid causing spammy logs on successful authentications. Closes: #496620.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog4
-rw-r--r--debian/patches-applied/055_pam_unix_nullok_secure12
2 files changed, 10 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog
index 9ecb6771..0edc3f2d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,10 @@ pam (1.0.1-4) UNRELEASED; urgency=low
[ Steve Langasek ]
* 007_modules_pam_unix: update the manpage at the same time as the xml
source (grr, autogenerated files in source packages). Closes: #495804.
+ * 055_pam_unix_nullok_secure: also don't call the helper at all from
+ _unix_blankpasswd when we can detect that null passwords are disallowed,
+ to avoid causing spammy logs on successful authentications.
+ Closes: #496620.
-- Julien Cristau <jcristau@debian.org> Thu, 21 Aug 2008 00:03:56 +0200
diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure
index 745a8e55..18f9f95b 100644
--- a/debian/patches-applied/055_pam_unix_nullok_secure
+++ b/debian/patches-applied/055_pam_unix_nullok_secure
@@ -67,11 +67,11 @@ Index: pam.deb/modules/pam_unix/support.c
args[2]=strdup("nullok");
} else {
args[2]=strdup("nonull");
-@@ -554,6 +573,17 @@
- if (salt)
- _pam_delete(salt);
+@@ -527,6 +546,17 @@
+ if (on(UNIX__NONULL, ctrl))
+ return 0; /* will fail but don't let on yet */
-+ if ((retval == 1) && on(UNIX_NULLOK_SECURE, ctrl)) {
++ if (on(UNIX_NULLOK_SECURE, ctrl)) {
+ int retval2;
+ const void *uttyname;
+ retval2 = pam_get_item(pamh, PAM_TTY, &uttyname);
@@ -82,9 +82,9 @@ Index: pam.deb/modules/pam_unix/support.c
+ return 0;
+ }
+
- return retval;
- }
+ /* UNIX passwords area */
+ retval = get_pwd_hash(pamh, name, &pwd, &salt);
@@ -613,7 +643,8 @@
}
}