diff options
Diffstat (limited to 'debian/patches-applied/019_pam_listfile_quiet')
| -rw-r--r-- | debian/patches-applied/019_pam_listfile_quiet | 235 |
1 files changed, 235 insertions, 0 deletions
diff --git a/debian/patches-applied/019_pam_listfile_quiet b/debian/patches-applied/019_pam_listfile_quiet new file mode 100644 index 00000000..113c9cfb --- /dev/null +++ b/debian/patches-applied/019_pam_listfile_quiet @@ -0,0 +1,235 @@ +Patch for Debian bug #84428 + +Support a 'quiet' option to pam_listfile, to reduce the logging output + +Authors: Ben Collins <bcollins@debian.org>, + Steve Langasek <vorlon@debian.org> + +Upstream status: committed to CVS + +Index: Linux-PAM/modules/pam_listfile/pam_listfile.c +=================================================================== +--- Linux-PAM/modules/pam_listfile/pam_listfile.c.orig ++++ Linux-PAM/modules/pam_listfile/pam_listfile.c +@@ -68,7 +68,7 @@ + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +- int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2; ++ int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0; + const void *void_citemp; + const char *citemp; + char *ifname=NULL; +@@ -155,6 +155,8 @@ + apply_type=APPLY_TYPE_USER; + strncpy(apply_val,myval,sizeof(apply_val)-1); + } ++ } else if (!strcmp(mybuf,"quiet")) { ++ quiet = 1; + } else { + free(ifname); + pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); +@@ -399,8 +401,9 @@ + #endif + (void) pam_get_item(pamh, PAM_SERVICE, &service); + (void) pam_get_user(pamh, &user_name, NULL); +- pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", +- user_name, (const char *)service); ++ if (!quiet) ++ pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", ++ user_name, (const char *)service); + return PAM_AUTH_ERR; + } + } +Index: Linux-PAM/modules/pam_listfile/pam_listfile.8 +=================================================================== +--- Linux-PAM/modules/pam_listfile/pam_listfile.8.orig ++++ Linux-PAM/modules/pam_listfile/pam_listfile.8 +@@ -1,11 +1,11 @@ + .\" Title: pam_listfile + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/> +-.\" Date: 06/22/2006 +-.\" Manual: Linux\-PAM Manual +-.\" Source: Linux\-PAM Manual ++.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/> ++.\" Date: 08/25/2007 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM Manual + .\" +-.TH "PAM_LISTFILE" "8" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LISTFILE" "8" "08/25/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -14,7 +14,7 @@ + pam_listfile \- deny or allow services based on an arbitrary file + .SH "SYNOPSIS" + .HP 16 +-\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] ++\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] + .SH "DESCRIPTION" + .PP + pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file. +@@ -64,25 +64,40 @@ + No credentials are awarded by this module. + .SH "OPTIONS" + .PP +-.TP 3n ++.PP + \fBitem=[tty|user|rhost|ruser|group|shell]\fR ++.RS 4 + What is listed in the file and should be checked for. +-.TP 3n ++.RE ++.PP + \fBsense=[allow|deny]\fR ++.RS 4 + Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested. +-.TP 3n ++.RE ++.PP + \fBfile=\fR\fB\fI/path/filename\fR\fR ++.RS 4 + File containing one item per line. The file needs to be a plain file and not world writeable. +-.TP 3n ++.RE ++.PP + \fBonerr=[succeed|fail]\fR ++.RS 4 + What to do if something weird happens like being unable to open the file. +-.TP 3n ++.RE ++.PP + \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR ++.RS 4 + Restrict the user class for which the restriction apply. Note that with + \fBitem=[user|ruser|group]\fR + this oes not make sense, but for + \fBitem=[tty|rhost|shell]\fR + it have a meaning. ++.RE ++.PP ++\fBquiet\fR ++.RS 4 ++Do not treat service refusals or missing list files as errors that need to be logged. ++.RE + .SH "MODULE SERVICES PROVIDED" + .PP + The services +@@ -94,34 +109,44 @@ + are supported. + .SH "RETURN VALUES" + .PP +-.TP 3n ++.PP + PAM_AUTH_ERR ++.RS 4 + Authentication failure. +-.TP 3n ++.RE ++.PP + PAM_BUF_ERR ++.RS 4 + Memory buffer error. +-.TP 3n ++.RE ++.PP + PAM_IGNORE ++.RS 4 + The rule does not apply to the + \fBapply\fR + option. +-.TP 3n ++.RE ++.PP + PAM_SERVICE_ERR ++.RS 4 + Error in service module. +-.TP 3n ++.RE ++.PP + PAM_SUCCESS ++.RS 4 + Success. ++.RE + .SH "EXAMPLES" + .PP + Classic 'ftpusers' authentication can be implemented with this entry in + \fI/etc/pam.d/ftpd\fR: + .sp +-.RS 3n ++.RS 4 + .nf + # + # deny ftp\-access to users listed in the /etc/ftpusers file + # +-auth required pam_listfile.so \\ ++auth required pam_listfile.so \e + onerr=succeed item=user sense=deny file=/etc/ftpusers + + .fi +@@ -137,12 +162,12 @@ + \fI/etc/pam.d/login\fR + entry like this: + .sp +-.RS 3n ++.RS 4 + .nf + # + # permit login to users listed in /etc/loginusers + # +-auth required pam_listfile.so \\ ++auth required pam_listfile.so \e + onerr=fail item=user sense=allow file=/etc/loginusers + + .fi +Index: Linux-PAM/modules/pam_listfile/pam_listfile.8.xml +=================================================================== +--- Linux-PAM/modules/pam_listfile/pam_listfile.8.xml.orig ++++ Linux-PAM/modules/pam_listfile/pam_listfile.8.xml +@@ -33,6 +33,9 @@ + <arg choice="opt"> + apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>] + </arg> ++ <arg choice="opt"> ++ quiet ++ </arg> + </cmdsynopsis> + </refsynopsisdiv> + +@@ -155,6 +158,18 @@ + </para> + </listitem> + </varlistentry> ++ ++ <varlistentry> ++ <term> ++ <option>quiet</option> ++ </term> ++ <listitem> ++ <para> ++ Do not treat service refusals or missing list files as ++ errors that need to be logged. ++ </para> ++ </listitem> ++ </varlistentry> + </variablelist> + + </para> +Index: Linux-PAM/modules/pam_listfile/README +=================================================================== +--- Linux-PAM/modules/pam_listfile/README.orig ++++ Linux-PAM/modules/pam_listfile/README +@@ -58,6 +58,11 @@ + item=[user|ruser|group] this oes not make sense, but for item=[tty|rhost| + shell] it have a meaning. + ++quiet ++ ++ Do not treat service refusals or missing list files as errors that need to ++ be logged. ++ + EXAMPLES + + Classic 'ftpusers' authentication can be implemented with this entry in /etc/ |