From 5a550d7dd3da165bb6879fbbc10d18c6aa483659 Mon Sep 17 00:00:00 2001
From: Steve Langasek <vorlon@debian.org>
Date: Fri, 8 Aug 2008 10:37:15 -0700
Subject: debian/patches/054_pam_security_abstract_securetty_handling: move the
 warning log about an insecure tty back to pam_securetty proper; we don't want
 to generate log messages every time pam_unix is called as non-root.  Closes:
 #493283.  As a side-effect, pam_unix no longer logs any warnings about NULL
 password + insecure tty, but I don't think this is critical.

---
 .../patches-applied/054_pam_security_abstract_securetty_handling | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'debian/patches-applied/054_pam_security_abstract_securetty_handling')

diff --git a/debian/patches-applied/054_pam_security_abstract_securetty_handling b/debian/patches-applied/054_pam_security_abstract_securetty_handling
index cd98a914..76318c43 100644
--- a/debian/patches-applied/054_pam_security_abstract_securetty_handling
+++ b/debian/patches-applied/054_pam_security_abstract_securetty_handling
@@ -33,7 +33,7 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
  
      /* log a trail for debugging */
      if (ctrl & PAM_DEBUG_ARG) {
-@@ -101,63 +97,10 @@
+@@ -101,63 +97,13 @@
  	return PAM_SERVICE_ERR;
      }
  
@@ -98,6 +98,9 @@ Index: pam.deb/modules/pam_securetty/pam_securetty.c
 +    if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) {
 +	pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'",
 +	           username, uttyname);
++    } else if (retval != PAM_SUCCESS) {
++	pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
++	           uttyname);
      }
  
      return retval;
@@ -105,7 +108,7 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c
 ===================================================================
 --- /dev/null
 +++ pam.deb/modules/pam_securetty/tty_secure.c
-@@ -0,0 +1,92 @@
+@@ -0,0 +1,90 @@
 +/*
 + * A function to determine if a particular line is in /etc/securetty
 + */
@@ -191,8 +194,6 @@ Index: pam.deb/modules/pam_securetty/tty_secure.c
 +    fclose(ttyfile);
 +
 +    if(retval) {
-+	pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !",
-+		   uttyname);
 +	retval = PAM_AUTH_ERR;
 +    }
 +
-- 
cgit v1.2.3