2bf63505eb
Move to the latest release of linux-pam. This allows us to remove a number of patches and consolidate the existing ones : - 0001-configure.patch - 0007-rhosts.patch these two patches deal with the ruserok function, which is not usable with uclibc. Consolidated into 0002-Conditionally-compile-per-ruserok-availability.patch. - 0003-group.patch - 0005-succeed.patch - 0006-time.patch these three patches deal with the innetgr function, which is not usable with uclibc. Consolidated into 0003-Conditionally-compile-per-innetgr-availability.patch. - 0004-mkdir.patch Fixed in upstream, no longer required. - 0002-doc-makefile-am.patch renamed to 0001-doc-makefile-am.patch. - 0008-fix-CVE-2014-2583.patch - 0009-fix-CVE-2013-7041.patch These patches are already included in the new release and so can be safely deleted. Signed-off-by: Brendan Heading <brendanheading@gmail.com> Tested-by: Carlos Santos <casantos@datacom.ind.br> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
85 lines
2.7 KiB
Diff
85 lines
2.7 KiB
Diff
innetgr is not available/functional in uclibc, provide conditions for
|
|
compilation.
|
|
|
|
Patch originally by Dmitry Golubovsky <golubovsky@gmail.com> - porting
|
|
to linux-pam 1.2.1.
|
|
|
|
Signed-off-by: Brendan Heading <brendanheading@gmail.com>
|
|
|
|
Upstream-status: pending
|
|
|
|
---
|
|
modules/pam_group/pam_group.c | 8 +++++++-
|
|
modules/pam_succeed_if/pam_succeed_if.c | 4 ++++
|
|
modules/pam_time/pam_time.c | 8 +++++++-
|
|
3 files changed, 18 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
|
|
index be5f20f..0982de8 100644
|
|
--- a/modules/pam_group/pam_group.c
|
|
+++ b/modules/pam_group/pam_group.c
|
|
@@ -655,8 +655,14 @@ static int check_account(pam_handle_t *pamh, const char *service,
|
|
continue;
|
|
}
|
|
/* If buffer starts with @, we are using netgroups */
|
|
- if (buffer[0] == '@')
|
|
+ if (buffer[0] == '@') {
|
|
+#ifdef HAVE_INNETGR
|
|
good &= innetgr (&buffer[1], NULL, user, NULL);
|
|
+#else
|
|
+ good = 0;
|
|
+ pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
|
|
+#endif /* HAVE_INNETGR */
|
|
+ }
|
|
/* otherwise, if the buffer starts with %, it's a UNIX group */
|
|
else if (buffer[0] == '%')
|
|
good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
|
|
diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c
|
|
index aa828fc..c09d669 100644
|
|
--- a/modules/pam_succeed_if/pam_succeed_if.c
|
|
+++ b/modules/pam_succeed_if/pam_succeed_if.c
|
|
@@ -233,16 +233,20 @@ evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group)
|
|
static int
|
|
evaluate_innetgr(const char *host, const char *user, const char *group)
|
|
{
|
|
+#ifdef HAVE_INNETGR
|
|
if (innetgr(group, host, user, NULL) == 1)
|
|
return PAM_SUCCESS;
|
|
+#endif /* HAVE_INNETGR */
|
|
return PAM_AUTH_ERR;
|
|
}
|
|
/* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
|
|
static int
|
|
evaluate_notinnetgr(const char *host, const char *user, const char *group)
|
|
{
|
|
+#ifdef HAVE_INNETGR
|
|
if (innetgr(group, host, user, NULL) == 0)
|
|
return PAM_SUCCESS;
|
|
+#endif /* HAVE_INNETGR */
|
|
return PAM_AUTH_ERR;
|
|
}
|
|
|
|
diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c
|
|
index c94737c..4898fd2 100644
|
|
--- a/modules/pam_time/pam_time.c
|
|
+++ b/modules/pam_time/pam_time.c
|
|
@@ -554,8 +554,14 @@ check_account(pam_handle_t *pamh, const char *service,
|
|
continue;
|
|
}
|
|
/* If buffer starts with @, we are using netgroups */
|
|
- if (buffer[0] == '@')
|
|
+ if (buffer[0] == '@') {
|
|
+#ifdef HAVE_INNETGR
|
|
good &= innetgr (&buffer[1], NULL, user, NULL);
|
|
+#else
|
|
+ good = 0;
|
|
+ pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
|
|
+#endif /* HAVE_INNETGR */
|
|
+ }
|
|
else
|
|
good &= logic_field(pamh, user, buffer, count, is_same);
|
|
D(("with user: %s", good ? "passes":"fails" ));
|
|
--
|
|
2.4.3
|
|
|