diff options
Diffstat (limited to 'debian/patches-applied/019_pam_listfile_quiet')
-rw-r--r-- | debian/patches-applied/019_pam_listfile_quiet | 235 |
1 files changed, 0 insertions, 235 deletions
diff --git a/debian/patches-applied/019_pam_listfile_quiet b/debian/patches-applied/019_pam_listfile_quiet deleted file mode 100644 index 113c9cfb..00000000 --- a/debian/patches-applied/019_pam_listfile_quiet +++ /dev/null @@ -1,235 +0,0 @@ -Patch for Debian bug #84428 - -Support a 'quiet' option to pam_listfile, to reduce the logging output - -Authors: Ben Collins <bcollins@debian.org>, - Steve Langasek <vorlon@debian.org> - -Upstream status: committed to CVS - -Index: Linux-PAM/modules/pam_listfile/pam_listfile.c -=================================================================== ---- Linux-PAM/modules/pam_listfile/pam_listfile.c.orig -+++ Linux-PAM/modules/pam_listfile/pam_listfile.c -@@ -68,7 +68,7 @@ - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -- int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2; -+ int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0; - const void *void_citemp; - const char *citemp; - char *ifname=NULL; -@@ -155,6 +155,8 @@ - apply_type=APPLY_TYPE_USER; - strncpy(apply_val,myval,sizeof(apply_val)-1); - } -+ } else if (!strcmp(mybuf,"quiet")) { -+ quiet = 1; - } else { - free(ifname); - pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); -@@ -399,8 +401,9 @@ - #endif - (void) pam_get_item(pamh, PAM_SERVICE, &service); - (void) pam_get_user(pamh, &user_name, NULL); -- pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", -- user_name, (const char *)service); -+ if (!quiet) -+ pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", -+ user_name, (const char *)service); - return PAM_AUTH_ERR; - } - } -Index: Linux-PAM/modules/pam_listfile/pam_listfile.8 -=================================================================== ---- Linux-PAM/modules/pam_listfile/pam_listfile.8.orig -+++ Linux-PAM/modules/pam_listfile/pam_listfile.8 -@@ -1,11 +1,11 @@ - .\" Title: pam_listfile - .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> --.\" Date: 06/22/2006 --.\" Manual: Linux\-PAM Manual --.\" Source: Linux\-PAM Manual -+.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/> -+.\" Date: 08/25/2007 -+.\" Manual: Linux-PAM Manual -+.\" Source: Linux-PAM Manual - .\" --.TH "PAM_LISTFILE" "8" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LISTFILE" "8" "08/25/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) -@@ -14,7 +14,7 @@ - pam_listfile \- deny or allow services based on an arbitrary file - .SH "SYNOPSIS" - .HP 16 --\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] -+\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] - .SH "DESCRIPTION" - .PP - pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file. -@@ -64,25 +64,40 @@ - No credentials are awarded by this module. - .SH "OPTIONS" - .PP --.TP 3n -+.PP - \fBitem=[tty|user|rhost|ruser|group|shell]\fR -+.RS 4 - What is listed in the file and should be checked for. --.TP 3n -+.RE -+.PP - \fBsense=[allow|deny]\fR -+.RS 4 - Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested. --.TP 3n -+.RE -+.PP - \fBfile=\fR\fB\fI/path/filename\fR\fR -+.RS 4 - File containing one item per line. The file needs to be a plain file and not world writeable. --.TP 3n -+.RE -+.PP - \fBonerr=[succeed|fail]\fR -+.RS 4 - What to do if something weird happens like being unable to open the file. --.TP 3n -+.RE -+.PP - \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR -+.RS 4 - Restrict the user class for which the restriction apply. Note that with - \fBitem=[user|ruser|group]\fR - this oes not make sense, but for - \fBitem=[tty|rhost|shell]\fR - it have a meaning. -+.RE -+.PP -+\fBquiet\fR -+.RS 4 -+Do not treat service refusals or missing list files as errors that need to be logged. -+.RE - .SH "MODULE SERVICES PROVIDED" - .PP - The services -@@ -94,34 +109,44 @@ - are supported. - .SH "RETURN VALUES" - .PP --.TP 3n -+.PP - PAM_AUTH_ERR -+.RS 4 - Authentication failure. --.TP 3n -+.RE -+.PP - PAM_BUF_ERR -+.RS 4 - Memory buffer error. --.TP 3n -+.RE -+.PP - PAM_IGNORE -+.RS 4 - The rule does not apply to the - \fBapply\fR - option. --.TP 3n -+.RE -+.PP - PAM_SERVICE_ERR -+.RS 4 - Error in service module. --.TP 3n -+.RE -+.PP - PAM_SUCCESS -+.RS 4 - Success. -+.RE - .SH "EXAMPLES" - .PP - Classic 'ftpusers' authentication can be implemented with this entry in - \fI/etc/pam.d/ftpd\fR: - .sp --.RS 3n -+.RS 4 - .nf - # - # deny ftp\-access to users listed in the /etc/ftpusers file - # --auth required pam_listfile.so \\ -+auth required pam_listfile.so \e - onerr=succeed item=user sense=deny file=/etc/ftpusers - - .fi -@@ -137,12 +162,12 @@ - \fI/etc/pam.d/login\fR - entry like this: - .sp --.RS 3n -+.RS 4 - .nf - # - # permit login to users listed in /etc/loginusers - # --auth required pam_listfile.so \\ -+auth required pam_listfile.so \e - onerr=fail item=user sense=allow file=/etc/loginusers - - .fi -Index: Linux-PAM/modules/pam_listfile/pam_listfile.8.xml -=================================================================== ---- Linux-PAM/modules/pam_listfile/pam_listfile.8.xml.orig -+++ Linux-PAM/modules/pam_listfile/pam_listfile.8.xml -@@ -33,6 +33,9 @@ - <arg choice="opt"> - apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>] - </arg> -+ <arg choice="opt"> -+ quiet -+ </arg> - </cmdsynopsis> - </refsynopsisdiv> - -@@ -155,6 +158,18 @@ - </para> - </listitem> - </varlistentry> -+ -+ <varlistentry> -+ <term> -+ <option>quiet</option> -+ </term> -+ <listitem> -+ <para> -+ Do not treat service refusals or missing list files as -+ errors that need to be logged. -+ </para> -+ </listitem> -+ </varlistentry> - </variablelist> - - </para> -Index: Linux-PAM/modules/pam_listfile/README -=================================================================== ---- Linux-PAM/modules/pam_listfile/README.orig -+++ Linux-PAM/modules/pam_listfile/README -@@ -58,6 +58,11 @@ - item=[user|ruser|group] this oes not make sense, but for item=[tty|rhost| - shell] it have a meaning. - -+quiet -+ -+ Do not treat service refusals or missing list files as errors that need to -+ be logged. -+ - EXAMPLES - - Classic 'ftpusers' authentication can be implemented with this entry in /etc/ |