summaryrefslogtreecommitdiff
path: root/debian/patches-applied/054_pam_security_abstract_securetty_handling
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/054_pam_security_abstract_securetty_handling')
-rw-r--r--debian/patches-applied/054_pam_security_abstract_securetty_handling199
1 files changed, 0 insertions, 199 deletions
diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling
deleted file mode 100644
index 96222710..00000000
--- a/debian/patches-applied/054_pam_security_abstract_securetty_handling
+++ /dev/null
@@ -1,199 +0,0 @@
-Description: extract the securetty logic for use with the "nullok_secure" option
- introduced in the "055_pam_unix_nullok_secure" patch.
-
-Index: pam/modules/pam_securetty/pam_securetty.c
-===================================================================
---- pam.orig/modules/pam_securetty/pam_securetty.c
-+++ pam/modules/pam_securetty/pam_securetty.c
-@@ -1,7 +1,5 @@
- /* pam_securetty module */
-
--#define SECURETTY_FILE "/etc/securetty"
--#define TTY_PREFIX "/dev/"
- #define CMDLINE_FILE "/proc/cmdline"
- #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active"
-
-@@ -40,6 +38,9 @@
- #include <security/pam_modutil.h>
- #include <security/pam_ext.h>
-
-+extern int _pammodutil_tty_secure(const pam_handle_t *pamh,
-+ const char *uttyname);
-+
- #define PAM_DEBUG_ARG 0x0001
- #define PAM_NOCONSOLE_ARG 0x0002
-
-@@ -73,11 +74,7 @@
- const char *username;
- const char *uttyname;
- const void *void_uttyname;
-- char ttyfileline[256];
-- char ptname[256];
-- struct stat ttyfileinfo;
- struct passwd *user_pwd;
-- FILE *ttyfile;
-
- /* log a trail for debugging */
- if (ctrl & PAM_DEBUG_ARG) {
-@@ -105,50 +102,7 @@
- return PAM_SERVICE_ERR;
- }
-
-- /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
-- if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) {
-- uttyname += sizeof(TTY_PREFIX)-1;
-- }
--
-- if (stat(SECURETTY_FILE, &ttyfileinfo)) {
-- pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE);
-- return PAM_SUCCESS; /* for compatibility with old securetty handling,
-- this needs to succeed. But we still log the
-- error. */
-- }
--
-- if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
-- /* If the file is world writable or is not a
-- normal file, return error */
-- pam_syslog(pamh, LOG_ERR,
-- "%s is either world writable or not a normal file",
-- SECURETTY_FILE);
-- return PAM_AUTH_ERR;
-- }
--
-- ttyfile = fopen(SECURETTY_FILE,"r");
-- if (ttyfile == NULL) { /* Check that we opened it successfully */
-- pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE);
-- return PAM_SERVICE_ERR;
-- }
--
-- if (isdigit(uttyname[0])) {
-- snprintf(ptname, sizeof(ptname), "pts/%s", uttyname);
-- } else {
-- ptname[0] = '\0';
-- }
--
-- retval = 1;
--
-- while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL)
-- && retval) {
-- if (ttyfileline[strlen(ttyfileline) - 1] == '\n')
-- ttyfileline[strlen(ttyfileline) - 1] = '\0';
--
-- retval = ( strcmp(ttyfileline, uttyname)
-- && (!ptname[0] || strcmp(ptname, uttyname)) );
-- }
-- fclose(ttyfile);
-+ retval = _pammodutil_tty_secure(pamh, uttyname);
-
- if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) {
- FILE *cmdlinefile;
-Index: pam/modules/pam_securetty/tty_secure.c
-===================================================================
---- /dev/null
-+++ pam/modules/pam_securetty/tty_secure.c
-@@ -0,0 +1,90 @@
-+/*
-+ * A function to determine if a particular line is in /etc/securetty
-+ */
-+
-+
-+#define SECURETTY_FILE "/etc/securetty"
-+#define TTY_PREFIX "/dev/"
-+
-+/* This function taken out of pam_securetty by Sam Hartman
-+ * <hartmans@debian.org>*/
-+/*
-+ * by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
-+ * July 25, 1996.
-+ * Slight modifications AGM. 1996/12/3
-+ */
-+
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <security/pam_modules.h>
-+#include <stdarg.h>
-+#include <syslog.h>
-+#include <sys/syslog.h>
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <ctype.h>
-+#include <security/pam_modutil.h>
-+#include <security/pam_ext.h>
-+
-+extern int _pammodutil_tty_secure(const pam_handle_t *pamh,
-+ const char *uttyname);
-+
-+int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname)
-+{
-+ int retval = PAM_AUTH_ERR;
-+ char ttyfileline[256];
-+ char ptname[256];
-+ struct stat ttyfileinfo;
-+ FILE *ttyfile;
-+ /* The PAM_TTY item may be prefixed with "/dev/" - skip that */
-+ if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0)
-+ uttyname += sizeof(TTY_PREFIX)-1;
-+
-+ if (stat(SECURETTY_FILE, &ttyfileinfo)) {
-+ pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m",
-+ SECURETTY_FILE);
-+ return PAM_SUCCESS; /* for compatibility with old securetty handling,
-+ this needs to succeed. But we still log the
-+ error. */
-+ }
-+
-+ if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) {
-+ /* If the file is world writable or is not a
-+ normal file, return error */
-+ pam_syslog(pamh, LOG_ERR,
-+ "%s is either world writable or not a normal file",
-+ SECURETTY_FILE);
-+ return PAM_AUTH_ERR;
-+ }
-+
-+ ttyfile = fopen(SECURETTY_FILE,"r");
-+ if(ttyfile == NULL) { /* Check that we opened it successfully */
-+ pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE);
-+ return PAM_SERVICE_ERR;
-+ }
-+
-+ if (isdigit(uttyname[0])) {
-+ snprintf(ptname, sizeof(ptname), "pts/%s", uttyname);
-+ } else {
-+ ptname[0] = '\0';
-+ }
-+
-+ retval = 1;
-+
-+ while ((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL)
-+ && retval) {
-+ if(ttyfileline[strlen(ttyfileline) - 1] == '\n')
-+ ttyfileline[strlen(ttyfileline) - 1] = '\0';
-+ retval = ( strcmp(ttyfileline,uttyname)
-+ && (!ptname[0] || strcmp(ptname, uttyname)) );
-+ }
-+ fclose(ttyfile);
-+
-+ if(retval) {
-+ retval = PAM_AUTH_ERR;
-+ }
-+
-+ return retval;
-+}
-Index: pam/modules/pam_securetty/Makefile.am
-===================================================================
---- pam.orig/modules/pam_securetty/Makefile.am
-+++ pam/modules/pam_securetty/Makefile.am
-@@ -24,6 +24,10 @@
- securelib_LTLIBRARIES = pam_securetty.la
- pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la
-
-+pam_securetty_la_SOURCES = \
-+ pam_securetty.c \
-+ tty_secure.c
-+
- if ENABLE_REGENERATE_MAN
- noinst_DATA = README
- README: pam_securetty.8.xml