diff options
Diffstat (limited to 'debian/patches-applied/055_pam_unix_nullok_secure')
| -rw-r--r-- | debian/patches-applied/055_pam_unix_nullok_secure | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure index f0b0a3d2..8c1b84c7 100644 --- a/debian/patches-applied/055_pam_unix_nullok_secure +++ b/debian/patches-applied/055_pam_unix_nullok_secure @@ -11,12 +11,11 @@ Index: pam.debian/modules/pam_unix/support.c =================================================================== --- pam.debian.orig/modules/pam_unix/support.c +++ pam.debian/modules/pam_unix/support.c -@@ -84,14 +84,22 @@ +@@ -189,13 +189,22 @@ /* now parse the arguments to this module */ for (; argc-- > 0; ++argv) { -- int j; -+ int j, sl; ++ int sl; D(("pam_unix arg: %s", *argv)); @@ -38,7 +37,7 @@ Index: pam.debian/modules/pam_unix/support.c } } -@@ -461,6 +469,7 @@ +@@ -565,6 +574,7 @@ child = fork(); if (child == 0) { int i=0; @@ -46,7 +45,7 @@ Index: pam.debian/modules/pam_unix/support.c struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; -@@ -488,7 +497,18 @@ +@@ -595,7 +605,18 @@ /* exec binary helper */ args[0] = strdup(CHKPWD_HELPER); args[1] = x_strdup(user); @@ -66,7 +65,7 @@ Index: pam.debian/modules/pam_unix/support.c args[2]=strdup("nullok"); } else { args[2]=strdup("nonull"); -@@ -567,6 +587,17 @@ +@@ -675,6 +696,17 @@ if (on(UNIX__NONULL, ctrl)) return 0; /* will fail but don't let on yet */ @@ -84,7 +83,7 @@ Index: pam.debian/modules/pam_unix/support.c /* UNIX passwords area */ retval = get_pwd_hash(pamh, name, &pwd, &salt); -@@ -653,7 +684,8 @@ +@@ -761,7 +793,8 @@ } } } else { @@ -98,7 +97,7 @@ Index: pam.debian/modules/pam_unix/support.h =================================================================== --- pam.debian.orig/modules/pam_unix/support.h +++ pam.debian/modules/pam_unix/support.h -@@ -91,8 +91,9 @@ +@@ -98,8 +98,9 @@ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ @@ -109,24 +108,24 @@ Index: pam.debian/modules/pam_unix/support.h #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -110,7 +111,7 @@ - /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40}, - /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80}, - /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100}, --/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200}, - /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400}, - /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800}, - /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000}, -@@ -130,6 +131,7 @@ - /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000}, - /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000}, - /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000}, -+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000}, +@@ -117,7 +118,7 @@ + /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, + /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, + /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, +-/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200, 0}, + /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, + /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, + /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, +@@ -137,6 +138,7 @@ + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, + /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, + /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -@@ -165,6 +167,9 @@ +@@ -172,6 +174,9 @@ ,const char *data_name ,const void **pass); @@ -143,7 +142,7 @@ Index: pam.debian/modules/pam_unix/Makefile.am @@ -30,7 +30,8 @@ pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif - pam_unix_la_LIBADD = -L$(top_builddir)/libpam -lpam \ + pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ - @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) + @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \ + ../pam_securetty/tty_secure.lo @@ -154,7 +153,7 @@ Index: pam.debian/modules/pam_unix/README =================================================================== --- pam.debian.orig/modules/pam_unix/README +++ pam.debian/modules/pam_unix/README -@@ -57,7 +57,16 @@ +@@ -58,7 +58,16 @@ The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides @@ -176,7 +175,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8 +++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -79,7 +79,14 @@ +@@ -82,7 +82,14 @@ .RS 4 The default action of this module is to not permit the user access to a service if their official password is blank\&. The \fBnullok\fR @@ -196,7 +195,7 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8.xml +++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -135,7 +135,24 @@ +@@ -137,7 +137,24 @@ <para> The default action of this module is to not permit the user access to a service if their official password is blank. |