From f19948eec9253c72d5694c6f90928b02725d5e03 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Sat, 26 Jul 2008 11:53:02 -0700 Subject: refresh patches for new upstream version --- .../036_pam_wheel_getlogin_considered_harmful | 225 ++++++++++++--------- 1 file changed, 124 insertions(+), 101 deletions(-) (limited to 'debian/patches-applied/036_pam_wheel_getlogin_considered_harmful') diff --git a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful index b95a677b..ec26a87c 100644 --- a/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful +++ b/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful @@ -8,10 +8,10 @@ Authors: Ben Collins Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> -Index: Linux-PAM/modules/pam_wheel/pam_wheel.c +Index: pam.deb/modules/pam_wheel/pam_wheel.c =================================================================== ---- Linux-PAM/modules/pam_wheel/pam_wheel.c.orig -+++ Linux-PAM/modules/pam_wheel/pam_wheel.c +--- pam.deb.orig/modules/pam_wheel/pam_wheel.c ++++ pam.deb/modules/pam_wheel/pam_wheel.c @@ -60,9 +60,8 @@ /* argument parsing */ @@ -68,10 +68,10 @@ Index: Linux-PAM/modules/pam_wheel/pam_wheel.c /* * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu -Index: Linux-PAM/modules/pam_wheel/pam_wheel.8.xml +Index: pam.deb/modules/pam_wheel/pam_wheel.8.xml =================================================================== ---- Linux-PAM/modules/pam_wheel/pam_wheel.8.xml.orig -+++ Linux-PAM/modules/pam_wheel/pam_wheel.8.xml +--- pam.deb.orig/modules/pam_wheel/pam_wheel.8.xml ++++ pam.deb/modules/pam_wheel/pam_wheel.8.xml @@ -33,9 +33,6 @@ trust @@ -101,141 +101,164 @@ Index: Linux-PAM/modules/pam_wheel/pam_wheel.8.xml -Index: Linux-PAM/modules/pam_wheel/pam_wheel.8 +Index: pam.deb/modules/pam_wheel/pam_wheel.8 =================================================================== ---- Linux-PAM/modules/pam_wheel/pam_wheel.8.orig -+++ Linux-PAM/modules/pam_wheel/pam_wheel.8 -@@ -1,11 +1,11 @@ +--- pam.deb.orig/modules/pam_wheel/pam_wheel.8 ++++ pam.deb/modules/pam_wheel/pam_wheel.8 +@@ -1,64 +1,59 @@ .\" Title: pam_wheel .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.70.1 --.\" Date: 06/09/2006 --.\" Manual: Linux\-PAM Manual --.\" Source: Linux\-PAM Manual -+.\" Generator: DocBook XSL Stylesheets v1.72.0 -+.\" Date: 08/19/2007 -+.\" Manual: Linux-PAM Manual -+.\" Source: Linux-PAM Manual +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 01/08/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 07/26/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual .\" --.TH "PAM_WHEEL" "8" "06/09/2006" "Linux\-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WHEEL" "8" "08/19/2007" "Linux\-PAM Manual" "Linux\-PAM Manual" +-.TH "PAM_WHEEL" "8" "01/08/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WHEEL" "8" "07/26/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -14,7 +14,7 @@ - pam_wheel \- Only permit root access to members of group wheel + .ad l + .SH "NAME" +-pam_wheel - Only permit root access to members of group wheel ++pam_wheel \- Only permit root access to members of group wheel .SH "SYNOPSIS" .HP 13 --\fBpam_wheel.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] -+\fBpam_wheel.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] +-\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] ++\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] .SH "DESCRIPTION" .PP The pam_wheel PAM module is used to enforce the so\-called -@@ -24,30 +24,37 @@ - group. If no group with this name exist, the module is using the group with the group\-ID - \fB0\fR. + \fIwheel\fR +-group\. By default it permits root access to the system if the applicant user is a member of the ++group\&. By default it permits root access to the system if the applicant user is a member of the + \fIwheel\fR +-group\. If no group with this name exist, the module is using the group with the group\-ID +-\fB0\fR\. ++group\&. If no group with this name exist, the module is using the group with the group\-ID ++\fB0\fR\&. .SH "OPTIONS" --.TP 3n -+.PP + .PP \fBdebug\fR -+.RS 4 - Print debug information. --.TP 3n -+.RE -+.PP + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP \fBdeny\fR -+.RS 4 + .RS 4 Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the \fBgroup\fR - option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless +-option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless ++option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless \fBtrust\fR - was also specified, in which case we return PAM_SUCCESS). --.TP 3n -+.RE -+.PP +-was also specified, in which case we return PAM_SUCCESS)\. ++was also specified, in which case we return PAM_SUCCESS)\&. + .RE + .PP \fBgroup=\fR\fB\fIname\fR\fR -+.RS 4 + .RS 4 Instead of checking the wheel or GID 0 groups, use the \fB\fIname\fR\fR - group to perform the authentication. --.TP 3n -+.RE -+.PP +-group to perform the authentication\. ++group to perform the authentication\&. + .RE + .PP \fBroot_only\fR -+.RS 4 - The check for wheel membership is done only. --.TP 3n -+.RE -+.PP + .RS 4 +-The check for wheel membership is done only\. ++The check for wheel membership is done only\&. + .RE + .PP \fBtrust\fR -+.RS 4 - The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd). --.TP 3n + .RS 4 +-The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\. +-.RE +-.PP -\fBuse_uid\fR --The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example). -+.RE +-.RS 4 +-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\. ++The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. + .RE .SH "MODULE SERVICES PROVIDED" .PP - The -@@ -56,32 +63,46 @@ +@@ -66,52 +61,52 @@ + \fBauth\fR + and \fBaccount\fR - services are supported. +-services are supported\. ++services are supported\&. .SH "RETURN VALUES" --.TP 3n -+.PP + .PP PAM_AUTH_ERR -+.RS 4 - Authentication failure. --.TP 3n -+.RE -+.PP + .RS 4 +-Authentication failure\. ++Authentication failure\&. + .RE + .PP PAM_BUF_ERR -+.RS 4 - Memory buffer error. --.TP 3n -+.RE -+.PP + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP PAM_IGNORE -+.RS 4 - The return value should be ignored by PAM dispatch. --.TP 3n -+.RE -+.PP + .RS 4 +-The return value should be ignored by PAM dispatch\. ++The return value should be ignored by PAM dispatch\&. + .RE + .PP PAM_PERM_DENY -+.RS 4 - Permission denied. --.TP 3n -+.RE -+.PP + .RS 4 +-Permission denied\. ++Permission denied\&. + .RE + .PP PAM_SERVICE_ERR -+.RS 4 - Cannot determine the user name. --.TP 3n -+.RE -+.PP + .RS 4 +-Cannot determine the user name\. ++Cannot determine the user name\&. + .RE + .PP PAM_SUCCESS -+.RS 4 - Success. --.TP 3n -+.RE -+.PP + .RS 4 +-Success\. ++Success\&. + .RE + .PP PAM_USER_UNKNOWN -+.RS 4 - User not known. -+.RE + .RS 4 +-User not known\. ++User not known\&. + .RE .SH "EXAMPLES" .PP - The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants. +-The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\. ++The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&. .sp --.RS 3n -+.RS 4 + .RS 4 .nf - su auth sufficient pam_rootok.so - su auth required pam_wheel.so -Index: Linux-PAM/modules/pam_wheel/README +-su auth sufficient pam_rootok\.so +-su auth required pam_wheel\.so +-su auth required pam_unix\.so ++su auth sufficient pam_rootok\&.so ++su auth required pam_wheel\&.so ++su auth required pam_unix\&.so + + .fi + .RE +@@ -124,4 +119,4 @@ + \fBpam\fR(8) + .SH "AUTHOR" + .PP +-pam_wheel was written by Cristian Gafton \. ++pam_wheel was written by Cristian Gafton \&. +Index: pam.deb/modules/pam_wheel/README =================================================================== ---- Linux-PAM/modules/pam_wheel/README.orig -+++ Linux-PAM/modules/pam_wheel/README +--- pam.deb.orig/modules/pam_wheel/README ++++ pam.deb/modules/pam_wheel/README @@ -39,12 +39,6 @@ modules the wheel members may be able to su to root without being prompted for a passwd). -- cgit v1.2.3