diff options
Diffstat (limited to 'debian/patches-applied/054_pam_security_abstract_securetty_handling')
-rw-r--r-- | debian/patches-applied/054_pam_security_abstract_securetty_handling | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling index 4f2c5250..91d6809f 100644 --- a/debian/patches-applied/054_pam_security_abstract_securetty_handling +++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling @@ -1,20 +1,19 @@ Description: extract the securetty logic for use with the "nullok_secure" option introduced in the "055_pam_unix_nullok_secure" patch. -Index: pam.deb/modules/pam_securetty/pam_securetty.c +Index: pam.debian/modules/pam_securetty/pam_securetty.c =================================================================== ---- pam.deb.orig/modules/pam_securetty/pam_securetty.c -+++ pam.deb/modules/pam_securetty/pam_securetty.c -@@ -1,8 +1,5 @@ +--- pam.debian.orig/modules/pam_securetty/pam_securetty.c ++++ pam.debian/modules/pam_securetty/pam_securetty.c +@@ -1,7 +1,5 @@ /* pam_securetty module */ -#define SECURETTY_FILE "/etc/securetty" -#define TTY_PREFIX "/dev/" -- - /* - * by Elliot Lee <sopwith@redhat.com>, Red Hat Software. - * July 25, 1996. -@@ -37,6 +34,9 @@ + #define CMDLINE_FILE "/proc/cmdline" + #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active" + +@@ -40,6 +38,9 @@ #include <security/pam_modutil.h> #include <security/pam_ext.h> @@ -22,9 +21,9 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c + const char *uttyname); + #define PAM_DEBUG_ARG 0x0001 + #define PAM_NOCONSOLE_ARG 0x0002 - static int -@@ -67,11 +67,7 @@ +@@ -73,11 +74,7 @@ const char *username; const char *uttyname; const void *void_uttyname; @@ -36,7 +35,7 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c /* log a trail for debugging */ if (ctrl & PAM_DEBUG_ARG) { -@@ -99,51 +95,7 @@ +@@ -105,50 +102,7 @@ return PAM_SERVICE_ERR; } @@ -84,15 +83,14 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c - && (!ptname[0] || strcmp(ptname, uttyname)) ); - } - fclose(ttyfile); -- + retval = _pammodutil_tty_secure(pamh, uttyname); - if (retval) { - pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", - uttyname); -Index: pam.deb/modules/pam_securetty/tty_secure.c + + if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { + FILE *cmdlinefile; +Index: pam.debian/modules/pam_securetty/tty_secure.c =================================================================== --- /dev/null -+++ pam.deb/modules/pam_securetty/tty_secure.c ++++ pam.debian/modules/pam_securetty/tty_secure.c @@ -0,0 +1,90 @@ +/* + * A function to determine if a particular line is in /etc/securetty @@ -184,10 +182,10 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c + + return retval; +} -Index: pam.deb/modules/pam_securetty/Makefile.am +Index: pam.debian/modules/pam_securetty/Makefile.am =================================================================== ---- pam.deb.orig/modules/pam_securetty/Makefile.am -+++ pam.deb/modules/pam_securetty/Makefile.am +--- pam.debian.orig/modules/pam_securetty/Makefile.am ++++ pam.debian/modules/pam_securetty/Makefile.am @@ -24,6 +24,10 @@ securelib_LTLIBRARIES = pam_securetty.la pam_securetty_la_LIBADD = -L$(top_builddir)/libpam -lpam |