blob: e96dd680f564d5e199903d32a919df971dc9cb5f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
* Add support for credential reinitialization in pam_group, closes: #108697
* By default do complete matches not substring matches for pam_time.
You can include explicit wildcard for substring, closes: #66152
Index: Linux-PAM/modules/pam_time/pam_time.c
===================================================================
--- Linux-PAM/modules/pam_time/pam_time.c.orig
+++ Linux-PAM/modules/pam_time/pam_time.c
@@ -324,7 +324,11 @@
return FALSE;
}
}
- return ( !len );
+ /* By this point we know that we didn't treat a * in b as a wildcard.
+ the only way we got done with the loop is if we consumed every
+ character in b. Thus the strings are equal if their
+ lengths are the same otherwise not equal. */
+ return (strlen (a) == strlen (b));
}
typedef struct {
Index: Linux-PAM/modules/pam_group/pam_group.c
===================================================================
--- Linux-PAM/modules/pam_group/pam_group.c.orig
+++ Linux-PAM/modules/pam_group/pam_group.c
@@ -758,9 +758,12 @@
unsigned setting;
/* only interested in establishing credentials */
+ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED.
+ Some people just pass PAM_SILENT, so cope with it, too. */
setting = flags;
- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) {
+ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))
+ && (setting != 0) && (setting != PAM_SILENT)) {
D(("ignoring call - not for establishing credentials"));
return PAM_SUCCESS; /* don't fail because of this */
}
|
