diff options
Diffstat (limited to 'debian/patches-applied/dont_freeze_password_chain')
-rw-r--r-- | debian/patches-applied/dont_freeze_password_chain | 118 |
1 files changed, 0 insertions, 118 deletions
diff --git a/debian/patches-applied/dont_freeze_password_chain b/debian/patches-applied/dont_freeze_password_chain deleted file mode 100644 index 2f1cf43e..00000000 --- a/debian/patches-applied/dont_freeze_password_chain +++ /dev/null @@ -1,118 +0,0 @@ -Don't freeze the chain for chauthtok. - -bugzilla.novell.com#470337, LP: #303515. - -Author: Thorsten Kukuk <kukuk@thkukuk.de> - -Upstream status: cherry-picked from upstream. - -=== modified file 'doc/man/pam_sm_chauthtok.3.xml' -Index: doc/man/pam_sm_chauthtok.3.xml -=================================================================== ---- doc/man/pam_sm_chauthtok.3.xml.orig 2009-04-17 12:44:11.000000000 -0700 -+++ doc/man/pam_sm_chauthtok.3.xml 2009-04-17 12:47:40.000000000 -0700 -@@ -40,7 +40,7 @@ - </citerefentry> interface. - </para> - <para> -- This function is used to (re-)set the authentication token of the user. -+ This function is used to (re-)set the authentication token of the user. - </para> - <para> - Valid flags, which may be logically OR'd with -@@ -60,10 +60,10 @@ - <listitem> - <para> - This argument indicates to the module that the users -- authentication token (password) should only be changed if -- it has expired. This flag is optional and -- <emphasis>must</emphasis> be combined with one of the -- following two flags. Note, however, the following two options -+ authentication token (password) should only be changed if -+ it has expired. This flag is optional and -+ <emphasis>must</emphasis> be combined with one of the -+ following two flags. Note, however, the following two options - are <emphasis>mutually exclusive</emphasis>. - </para> - </listitem> -@@ -72,15 +72,20 @@ - <term>PAM_PRELIM_CHECK</term> - <listitem> - <para> -- This indicates that the modules are being probed as to -- their ready status for altering the user's authentication -- token. If the module requires access to another system over -- some network it should attempt to verify it can connect to -- this system on receiving this flag. If a module cannot establish -- it is ready to update the user's authentication token it should -+ This indicates that the modules are being probed as to -+ their ready status for altering the user's authentication -+ token. If the module requires access to another system over -+ some network it should attempt to verify it can connect to -+ this system on receiving this flag. If a module cannot establish -+ it is ready to update the user's authentication token it should - return <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, this - information will be passed back to the application. - </para> -+ <para> -+ If the control value <emphasis>sufficient</emphasis> is used in -+ the password stack, the <emphasis>PAM_PRELIM_CHECK</emphasis> section -+ of the modules following that control value is not always executed. -+ </para> - </listitem> - </varlistentry> - <varlistentry> -@@ -89,18 +94,18 @@ - <para> - This informs the module that this is the call it should change - the authorization tokens. If the flag is logically OR'd with -- <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the -+ <emphasis remap='B'>PAM_CHANGE_EXPIRED_AUTHTOK</emphasis>, the - token is only changed if it has actually expired. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> -- The PAM library calls this function twice in succession. The first -- time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, -- if the module does not return -+ The PAM library calls this function twice in succession. The first -+ time with <emphasis remap='B'>PAM_PRELIM_CHECK</emphasis> and then, -+ if the module does not return - <emphasis remap='B'>PAM_TRY_AGAIN</emphasis>, subsequently with -- <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on -+ <emphasis remap='B'>PAM_UPDATE_AUTHTOK</emphasis>. It is only on - the second call that the authorization token is (possibly) changed. - </para> - </refsect1> -Index: libpam/pam_dispatch.c -=================================================================== ---- libpam/pam_dispatch.c.orig 2009-04-17 12:47:17.000000000 -0700 -+++ libpam/pam_dispatch.c 2009-04-17 12:47:40.000000000 -0700 -@@ -128,11 +128,10 @@ - } - - /* -- * use_cached_chain is how we ensure that the setcred/close_session -- * and chauthtok(2) modules are called in the same order as they did -- * when they were invoked as auth/open_session/chauthtok(1). This -- * feature was added in 0.75 to make the behavior of pam_setcred -- * sane. It was debugged by release 0.76. -+ * use_cached_chain is how we ensure that the setcred and -+ * close_session modules are called in the same order as they did -+ * when they were invoked as auth/open_session. This feature was -+ * added in 0.75 to make the behavior of pam_setcred sane. - */ - if (use_cached_chain != _PAM_PLEASE_FREEZE) { - -@@ -342,9 +341,6 @@ - break; - case PAM_CHAUTHTOK: - h = pamh->handlers.conf.chauthtok; -- if (flags & PAM_UPDATE_AUTHTOK) { -- use_cached_chain = _PAM_MUST_BE_FROZEN; -- } - break; - default: - pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); |