From e922ee5fc29778a7a3921f2512fb6bf706280839 Mon Sep 17 00:00:00 2001
From: Steve Langasek <vorlon@debian.org>
Date: Sat, 26 Jul 2008 10:51:19 -0700
Subject: New patch do_not_check_nis_accidentally: respect the 'nis' option
 (set or unset) when looking up the user's password entry for password
 changes.  Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the patch. 
 Closes: #469635.

---
 debian/changelog                                   |  4 ++++
 .../patches-applied/do_not_check_nis_accidentally  | 22 ++++++++++++++++++++++
 debian/patches-applied/series                      |  1 +
 3 files changed, 27 insertions(+)
 create mode 100644 debian/patches-applied/do_not_check_nis_accidentally

diff --git a/debian/changelog b/debian/changelog
index 7b2f17ea..f646a932 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -49,6 +49,10 @@ pam (0.99.10.0-1) UNRELEASED; urgency=low
   * 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for
     the NSS source of our user; this was preventing password changes for NIS
     users, which otherwise should have worked.  Closes: #203222.
+  * New patch do_not_check_nis_accidentally: respect the 'nis' option
+    (set or unset) when looking up the user's password entry for password
+    changes.  Thanks to Quentin Godfroy <godfroy@clipper.ens.fr> for the
+    patch.  Closes: #469635.
 
  -- Steve Langasek <vorlon@debian.org>  Tue, 22 Jul 2008 10:55:45 -0700
 
diff --git a/debian/patches-applied/do_not_check_nis_accidentally b/debian/patches-applied/do_not_check_nis_accidentally
new file mode 100644
index 00000000..70e3df2d
--- /dev/null
+++ b/debian/patches-applied/do_not_check_nis_accidentally
@@ -0,0 +1,22 @@
+Patch for Debian bug #469635
+
+Always call _unix_getpwnam() consistent with the value of the 'nis'
+option, so that we only grab from the backends we're expecting.
+
+Authors: Quentin Godfroy <godfroy@clipper.ens.fr>
+
+Upstream status: should be submitted
+
+Index: pam.deb/modules/pam_unix/pam_unix_passwd.c
+===================================================================
+--- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c
++++ pam.deb/modules/pam_unix/pam_unix_passwd.c
+@@ -562,7 +562,7 @@
+ 		return PAM_USER_UNKNOWN;
+ 	} else {
+ 		struct passwd *pwd;
+-		_unix_getpwnam(pamh, user, 1, 1, &pwd);
++		_unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd);
+ 		if (pwd == NULL) {
+ 			pam_syslog(pamh, LOG_DEBUG,
+ 				"user \"%s\" has corrupted passwd entry",
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 87d53fcf..131a9f8b 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -3,6 +3,7 @@
 021_nis_cleanup
 022_pam_unix_group_time_miscfixes
 026_pam_unix_passwd_unknown_user
+do_not_check_nis_accidentally
 027_pam_limits_better_init_allow_explicit_root
 031_pam_include -p2
 032_pam_limits_EPERM_NOT_FATAL
-- 
cgit v1.2.3