28 lines
1.2 KiB
Text
28 lines
1.2 KiB
Text
From: Sam Hartman <hartmans@debian.org>
|
|
Date: Mon, 11 Sep 2023 14:00:42 -0600
|
|
Subject: handle the case of flags being empty or only PAM_SILENT, which is
|
|
|
|
documented in other PAM implementations as meaning PAM_ESTABLISH_CRED:
|
|
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm
|
|
---
|
|
modules/pam_group/pam_group.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
|
|
index 21c04d7..7d89dd0 100644
|
|
--- a/modules/pam_group/pam_group.c
|
|
+++ b/modules/pam_group/pam_group.c
|
|
@@ -772,9 +772,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
|
|
unsigned setting;
|
|
|
|
/* only interested in establishing credentials */
|
|
+ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED.
|
|
+ Some people just pass PAM_SILENT, so cope with it, too. */
|
|
|
|
setting = flags;
|
|
- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) {
|
|
+ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))
|
|
+ && (setting != 0) && (setting != PAM_SILENT)) {
|
|
D(("ignoring call - not for establishing credentials"));
|
|
return PAM_SUCCESS; /* don't fail because of this */
|
|
}
|