2 files changed, 23 insertions, 0 deletions

diff --git a/debian/patches-applied/do_not_check_nis_accidentally b/debian/patches-applied/do_not_check_nis_accidentally
new file mode 100644
index 00000000..70e3df2d
--- /dev/null
+++ b/debian/patches-applied/do_not_check_nis_accidentally
@@ -0,0 +1,22 @@
+Patch for Debian bug #469635
+
+Always call _unix_getpwnam() consistent with the value of the 'nis'
+option, so that we only grab from the backends we're expecting.
+
+Authors: Quentin Godfroy <godfroy@clipper.ens.fr>
+
+Upstream status: should be submitted
+
+Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
++++ pam.deb/modules/pam_unix/pam_unix_passwd.c
+@@ -562,7 +562,7 @@
+ 		return PAM_USER_UNKNOWN;
+ 	} else {
+ 		struct passwd *pwd;
+-		_unix_getpwnam(pamh, user, 1, 1, &pwd);
++		_unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd);
+ 		if (pwd == NULL) {
+ 			pam_syslog(pamh, LOG_DEBUG,
+ 				"user \"%s\" has corrupted passwd entry",
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 87d53fcf..131a9f8b 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -3,6 +3,7 @@
 021_nis_cleanup
 022_pam_unix_group_time_miscfixes
 026_pam_unix_passwd_unknown_user
+do_not_check_nis_accidentally
 027_pam_limits_better_init_allow_explicit_root
 031_pam_include -p2
 032_pam_limits_EPERM_NOT_FATAL