diff options
Diffstat (limited to 'debian/patches-applied')
-rw-r--r-- | debian/patches-applied/lib_security_multiarch_compat | 71 | ||||
-rw-r--r-- | debian/patches-applied/series | 1 |
2 files changed, 72 insertions, 0 deletions
diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat new file mode 100644 index 00000000..9d6d40a9 --- /dev/null +++ b/debian/patches-applied/lib_security_multiarch_compat @@ -0,0 +1,71 @@ +Unqualified module paths should always be looked up in *both* the default +module dir, *and* the ISA dir. That's what paths are for. + +This lets us have a soft transition to multiarch for modules without having +to rewrite /etc/pam.d/ files or add ugly symlinks. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: not ready to be committed - this needs tweaked, we're +currently abusing the existing variables and inverting their meaning in +order to get everything installed where we want it and get absolute paths +the way we want them. + +Index: multiarch/libpam/pam_handlers.c +=================================================================== +--- multiarch.orig/libpam/pam_handlers.c ++++ multiarch/libpam/pam_handlers.c +@@ -705,7 +705,26 @@ + } + #else + D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); +- mod->dl_handle = _pam_dlopen(mod_path); ++ if (mod_path[0] == '/') { ++ mod->dl_handle = _pam_dlopen(mod_path); ++ } else { ++ if (asprintf(&mod_full_isa_path, "%s%s", ++ DEFAULT_MODULE_PATH, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_isa_path); ++ _pam_drop(mod_full_isa_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ if (!mod->dl_handle) { ++ if (asprintf(&mod_full_isa_path, "%s/%s", ++ _PAM_ISA, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_isa_path); ++ _pam_drop(mod_full_isa_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ } ++ } + D(("_pam_load_module: _pam_dlopen'ed")); + D(("_pam_load_module: dlopen'ed")); + if (mod->dl_handle == NULL) { +@@ -775,7 +794,6 @@ + struct handler **handler_p2; + struct handlers *the_handlers; + const char *sym, *sym2; +- char *mod_full_path; + servicefn func, func2; + int mod_type = PAM_MT_FAULTY_MOD; + +@@ -787,16 +805,7 @@ + + if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && + mod_path != NULL) { +- if (mod_path[0] == '/') { +- mod = _pam_load_module(pamh, mod_path, handler_type); +- } else if (asprintf(&mod_full_path, "%s%s", +- DEFAULT_MODULE_PATH, mod_path) >= 0) { +- mod = _pam_load_module(pamh, mod_full_path, handler_type); +- _pam_drop(mod_full_path); +- } else { +- pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); +- return PAM_ABORT; +- } ++ mod = _pam_load_module(pamh, mod_path, handler_type); + + if (mod == NULL) { + /* if we get here with NULL it means allocation error */ diff --git a/debian/patches-applied/series b/debian/patches-applied/series index e7f8120c..e18f65d1 100644 --- a/debian/patches-applied/series +++ b/debian/patches-applied/series @@ -21,3 +21,4 @@ autoconf.patch update-motd fix-man-crud namespace_with_awk_not_gawk +lib_security_multiarch_compat |