summaryrefslogtreecommitdiff
path: root/debian/patches-applied/007_modules_pam_unix
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/007_modules_pam_unix')
-rw-r--r--debian/patches-applied/007_modules_pam_unix323
1 files changed, 25 insertions, 298 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix
index 1388556e..95d2e354 100644
--- a/debian/patches-applied/007_modules_pam_unix
+++ b/debian/patches-applied/007_modules_pam_unix
@@ -1,10 +1,10 @@
-Index: pam-debian/modules/pam_unix/pam_unix_passwd.c
+Index: pam.debian/modules/pam_unix/pam_unix_passwd.c
===================================================================
---- pam-debian.orig/modules/pam_unix/pam_unix_passwd.c 2011-10-10 16:22:05.790699739 -0700
-+++ pam-debian/modules/pam_unix/pam_unix_passwd.c 2011-10-10 16:24:49.656776455 -0700
-@@ -87,6 +87,9 @@
- unsigned long versnum, unsigned int proto);
- #endif /* GNU libc 2.1 */
+--- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c
++++ pam.debian/modules/pam_unix/pam_unix_passwd.c
+@@ -97,6 +97,9 @@
+ # endif /* GNU libc 2.1 */
+ #endif
+extern const char *obscure_msg(const char *, const char *, const struct passwd *,
+ unsigned int);
@@ -12,7 +12,7 @@ Index: pam-debian/modules/pam_unix/pam_unix_passwd.c
/*
How it works:
Gets in username (has to be done) from the calling program
-@@ -501,6 +504,11 @@
+@@ -513,6 +516,11 @@
return retval;
}
}
@@ -24,7 +24,7 @@ Index: pam-debian/modules/pam_unix/pam_unix_passwd.c
}
if (remark) {
_make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
-@@ -517,7 +525,7 @@
+@@ -529,7 +537,7 @@
int retval;
int remember = -1;
int rounds = -1;
@@ -33,10 +33,10 @@ Index: pam-debian/modules/pam_unix/pam_unix_passwd.c
/* <DO NOT free() THESE> */
const char *user;
-Index: pam-debian/modules/pam_unix/support.h
+Index: pam.debian/modules/pam_unix/support.h
===================================================================
---- pam-debian.orig/modules/pam_unix/support.h 2011-10-10 16:22:05.742699130 -0700
-+++ pam-debian/modules/pam_unix/support.h 2011-10-10 16:24:49.656776455 -0700
+--- pam.debian.orig/modules/pam_unix/support.h
++++ pam.debian/modules/pam_unix/support.h
@@ -90,8 +90,9 @@
password hash algorithms */
#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */
@@ -112,10 +112,10 @@ Index: pam-debian/modules/pam_unix/support.h
};
#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
-Index: pam-debian/modules/pam_unix/pam_unix.8.xml
+Index: pam.debian/modules/pam_unix/pam_unix.8.xml
===================================================================
---- pam-debian.orig/modules/pam_unix/pam_unix.8.xml 2011-10-10 16:22:05.822700144 -0700
-+++ pam-debian/modules/pam_unix/pam_unix.8.xml 2011-10-10 16:24:49.656776455 -0700
+--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml
++++ pam.debian/modules/pam_unix/pam_unix.8.xml
@@ -333,8 +333,81 @@
<listitem>
<para>
@@ -200,10 +200,10 @@ Index: pam-debian/modules/pam_unix/pam_unix.8.xml
</para>
</listitem>
</varlistentry>
-Index: pam-debian/modules/pam_unix/obscure.c
+Index: pam.debian/modules/pam_unix/obscure.c
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ pam-debian/modules/pam_unix/obscure.c 2011-10-10 16:24:49.656776455 -0700
+--- /dev/null
++++ pam.debian/modules/pam_unix/obscure.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 1989 - 1994, Julianne Frances Haugh
@@ -403,11 +403,11 @@ Index: pam-debian/modules/pam_unix/obscure.c
+
+ return msg;
+}
-Index: pam-debian/modules/pam_unix/Makefile.am
+Index: pam.debian/modules/pam_unix/Makefile.am
===================================================================
---- pam-debian.orig/modules/pam_unix/Makefile.am 2011-10-10 16:22:05.754699282 -0700
-+++ pam-debian/modules/pam_unix/Makefile.am 2011-10-10 16:24:49.656776455 -0700
-@@ -41,7 +41,7 @@
+--- pam.debian.orig/modules/pam_unix/Makefile.am
++++ pam.debian/modules/pam_unix/Makefile.am
+@@ -42,7 +42,7 @@
pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \
pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \
@@ -416,247 +416,11 @@ Index: pam-debian/modules/pam_unix/Makefile.am
bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c
bigcrypt_CFLAGS = $(AM_CFLAGS)
-Index: pam-debian/modules/pam_unix/pam_unix.8
+Index: pam.debian/modules/pam_unix/pam_unix.8
===================================================================
---- pam-debian.orig/modules/pam_unix/pam_unix.8 2011-10-10 16:22:05.802699891 -0700
-+++ pam-debian/modules/pam_unix/pam_unix.8 2011-10-10 16:24:49.656776455 -0700
-@@ -1,161 +1,22 @@
-+'\" t
- .\" Title: pam_unix
- .\" Author: [see the "AUTHOR" section]
--.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
--.\" Date: 10/27/2010
-+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-+.\" Date: 05/31/2011
- .\" Manual: Linux-PAM Manual
- .\" Source: Linux-PAM Manual
- .\" Language: English
- .\"
--.TH "PAM_UNIX" "8" "10/27/2010" "Linux-PAM Manual" "Linux\-PAM Manual"
-+.TH "PAM_UNIX" "8" "05/31/2011" "Linux-PAM Manual" "Linux\-PAM Manual"
- .\" -----------------------------------------------------------------
--.\" * (re)Define some macros
-+.\" * Define some portability stuff
- .\" -----------------------------------------------------------------
- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.\" toupper - uppercase a string (locale-aware)
-+.\" http://bugs.debian.org/507673
-+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.de toupper
--.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
--\\$*
--.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
--..
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.\" SH-xref - format a cross-reference to an SH section
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.de SH-xref
--.ie n \{\
--.\}
--.toupper \\$*
--.el \{\
--\\$*
--.\}
--..
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.\" SH - level-one heading that works better for non-TTY output
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.de1 SH
--.\" put an extra blank line of space above the head in non-TTY output
--.if t \{\
--.sp 1
--.\}
--.sp \\n[PD]u
--.nr an-level 1
--.set-an-margin
--.nr an-prevailing-indent \\n[IN]
--.fi
--.in \\n[an-margin]u
--.ti 0
--.HTML-TAG ".NH \\n[an-level]"
--.it 1 an-trap
--.nr an-no-space-flag 1
--.nr an-break-flag 1
--\." make the size of the head bigger
--.ps +3
--.ft B
--.ne (2v + 1u)
--.ie n \{\
--.\" if n (TTY output), use uppercase
--.toupper \\$*
--.\}
--.el \{\
--.nr an-break-flag 0
--.\" if not n (not TTY), use normal case (not uppercase)
--\\$1
--.in \\n[an-margin]u
--.ti 0
--.\" if not n (not TTY), put a border/line under subheading
--.sp -.6
--\l'\n(.lu'
--.\}
--..
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.\" SS - level-two heading that works better for non-TTY output
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.de1 SS
--.sp \\n[PD]u
--.nr an-level 1
--.set-an-margin
--.nr an-prevailing-indent \\n[IN]
--.fi
--.in \\n[IN]u
--.ti \\n[SN]u
--.it 1 an-trap
--.nr an-no-space-flag 1
--.nr an-break-flag 1
--.ps \\n[PS-SS]u
--\." make the size of the head bigger
--.ps +2
--.ft B
--.ne (2v + 1u)
--.if \\n[.$] \&\\$*
--..
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.\" BB/BE - put background/screen (filled box) around block of text
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.de BB
--.if t \{\
--.sp -.5
--.br
--.in +2n
--.ll -2n
--.gcolor red
--.di BX
--.\}
--..
--.de EB
--.if t \{\
--.if "\\$2"adjust-for-leading-newline" \{\
--.sp -1
--.\}
--.br
--.di
--.in
--.ll
--.gcolor
--.nr BW \\n(.lu-\\n(.i
--.nr BH \\n(dn+.5v
--.ne \\n(BHu+.5v
--.ie "\\$2"adjust-for-leading-newline" \{\
--\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
--.\}
--.el \{\
--\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
--.\}
--.in 0
--.sp -.5v
--.nf
--.BX
--.in
--.sp .5v
--.fi
--.\}
--..
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.\" BM/EM - put colored marker in margin next to block of text
--.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--.de BM
--.if t \{\
--.br
--.ll -2n
--.gcolor red
--.di BX
--.\}
--..
--.de EM
--.if t \{\
--.br
--.di
--.ll
--.gcolor
--.nr BH \\n(dn
--.ne \\n(BHu
--\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
--.in 0
--.nf
--.BX
--.in
--.fi
--.\}
--..
-+.ie \n(.g .ds Aq \(aq
-+.el .ds Aq '
- .\" -----------------------------------------------------------------
- .\" * set default formatting
- .\" -----------------------------------------------------------------
-@@ -166,38 +27,36 @@
- .\" -----------------------------------------------------------------
- .\" * MAIN CONTENT STARTS HERE *
- .\" -----------------------------------------------------------------
--.SH "Name"
-+.SH "NAME"
- pam_unix \- Module for traditional password authentication
--.SH "Synopsis"
--.fam C
-+.SH "SYNOPSIS"
- .HP \w'\fBpam_unix\&.so\fR\ 'u
- \fBpam_unix\&.so\fR [\&.\&.\&.]
--.fam
- .SH "DESCRIPTION"
- .PP
--This is the standard Unix authentication module\&. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&.
-+This is the standard Unix authentication module\&. It uses standard calls from the system\*(Aqs libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&.
- .PP
--The account component performs the task of establishing the status of the user\'s account and password based on the following
-+The account component performs the task of establishing the status of the user\*(Aqs account and password based on the following
- \fIshadow\fR
- elements: expire, last_change, max_change, min_change, warn_change\&. In the case of the latter, it may offer advice to the user on changing their password or, through the
- \fBPAM_AUTHTOKEN_REQD\fR
- return, delay giving service to the user until they have established a new password\&. The entries listed above are documented in the
- \fBshadow\fR(5)
--manual page\&. Should the user\'s record not contain one or more of these entries, the corresponding
-+manual page\&. Should the user\*(Aqs record not contain one or more of these entries, the corresponding
- \fIshadow\fR
- check is not performed\&.
- .PP
- The authentication component performs the task of checking the users credentials (password)\&. The default action of this module is to not permit the user access to a service if their official password is blank\&.
- .PP
- A helper binary,
--\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like
-+\fBunix_chkpwd\fR(8), is provided to check the user\*(Aqs password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like
- \fBxlock\fR(1)
--to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was
-+to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\*(Aqt know was
- \fBfork()\fRd\&. The
- \fBnoreap\fR
- module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&.
- .PP
--The password component of this module performs the task of updating the user\'s password\&.
-+The password component of this module performs the task of updating the user\*(Aqs password\&.
- .PP
- The session component of this module logs when a user logins or leave the system\&.
- .PP
-@@ -225,7 +84,7 @@
- .PP
- \fBtry_first_pass\fR
- .RS 4
--Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\&.
-+Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&.
- .RE
- .PP
- \fBuse_first_pass\fR
-@@ -264,7 +123,7 @@
- The last
- \fIn\fR
- passwords for each user are saved in
--\FC/etc/security/opasswd\F[]
-+/etc/security/opasswd
- in order to force password change history and keep the user from alternating between the same password too frequently\&.
- .RE
- .PP
-@@ -319,7 +178,38 @@
+--- pam.debian.orig/modules/pam_unix/pam_unix.8
++++ pam.debian/modules/pam_unix/pam_unix.8
+@@ -178,7 +178,38 @@
.RS 4
Set a minimum password length of
\fIn\fR
@@ -696,40 +460,3 @@ Index: pam-debian/modules/pam_unix/pam_unix.8
.RE
.PP
Invalid arguments are logged with
-@@ -340,21 +230,13 @@
- .SH "EXAMPLES"
- .PP
- An example usage for
--\FC/etc/pam\&.d/login\F[]
-+/etc/pam\&.d/login
- would be:
- .sp
- .if n \{\
- .RS 4
- .\}
--.fam C
--.ps -1
- .nf
--.if t \{\
--.sp -1
--.\}
--.BB lightgray adjust-for-leading-newline
--.sp -1
--
- # Authenticate the user
- auth required pam_unix\&.so
- # Ensure users account and password are still active
-@@ -365,13 +247,7 @@
- password required pam_unix\&.so use_authtok nullok md5
- session required pam_unix\&.so
-
--.EB lightgray adjust-for-leading-newline
--.if t \{\
--.sp 1
--.\}
- .fi
--.fam
--.ps +1
- .if n \{\
- .RE
- .\}