summaryrefslogtreecommitdiff
path: root/debian/patches-applied/pam_securetty_tty_check_before_user_check
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/pam_securetty_tty_check_before_user_check')
-rw-r--r--debian/patches-applied/pam_securetty_tty_check_before_user_check40
1 files changed, 40 insertions, 0 deletions
diff --git a/debian/patches-applied/pam_securetty_tty_check_before_user_check b/debian/patches-applied/pam_securetty_tty_check_before_user_check
new file mode 100644
index 00000000..5f976ab5
--- /dev/null
+++ b/debian/patches-applied/pam_securetty_tty_check_before_user_check
@@ -0,0 +1,40 @@
+Patch for Debian bug #537848
+
+pam_securetty should not return PAM_USER_UNKNOWN when the tty is secure.
+regardless of what was entered as a username.
+
+Authors: Nicolas Fran├žois <nicolas.francois@centraliens.net>
+
+Upstream status: committed to CVS
+
+Index: sid/modules/pam_securetty/pam_securetty.c
+===================================================================
+--- sid.orig/modules/pam_securetty/pam_securetty.c 2009-07-23 17:39:36.904158303 +0200
++++ sid/modules/pam_securetty/pam_securetty.c 2009-07-23 17:48:55.596157670 +0200
+@@ -82,13 +82,11 @@
+ }
+
+ user_pwd = pam_modutil_getpwnam(pamh, username);
+- if (user_pwd == NULL) {
+- return PAM_USER_UNKNOWN;
+- } else if (user_pwd->pw_uid != 0) { /* If the user is not root,
+- securetty's does not apply
+- to them */
++ if (user_pwd != NULL && user_pwd->pw_uid != 0) {
++ /* If the user is not root, securetty's does not apply to them */
+ return PAM_SUCCESS;
+ }
++ /* The user is now either root or an invalid / mistyped username */
+
+ retval = pam_get_item(pamh, PAM_TTY, &void_uttyname);
+ uttyname = void_uttyname;
+@@ -102,6 +100,9 @@
+ pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",
+ username, uttyname);
+ } else if (retval != PAM_SUCCESS) {
++ if (user_pwd == NULL) {
++ retval = PAM_USER_UNKNOWN;
++ }
+ pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
+ uttyname);
+ }