summaryrefslogtreecommitdiffstats
path: root/debian/patches-applied/lib_security_multiarch_compat
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:01:37 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:01:37 +0000
commitdcd7a5748ef6820e3e0d386139d9dd946f0d71fa (patch)
tree66900ada5e764c3422a91836695cdef113bbb883 /debian/patches-applied/lib_security_multiarch_compat
parentAdding upstream version 1.4.0. (diff)
downloadpam-dcd7a5748ef6820e3e0d386139d9dd946f0d71fa.tar.xz
pam-dcd7a5748ef6820e3e0d386139d9dd946f0d71fa.zip
Adding debian version 1.4.0-9+deb11u1.debian/1.4.0-9+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches-applied/lib_security_multiarch_compat')
-rw-r--r--debian/patches-applied/lib_security_multiarch_compat72
1 files changed, 72 insertions, 0 deletions
diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat
new file mode 100644
index 0000000..e386ff3
--- /dev/null
+++ b/debian/patches-applied/lib_security_multiarch_compat
@@ -0,0 +1,72 @@
+Unqualified module paths should always be looked up in *both* the default
+module dir, *and* the ISA dir. That's what paths are for.
+
+This lets us have a soft transition to multiarch for modules without having
+to rewrite /etc/pam.d/ files or add ugly symlinks.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: not ready to be committed - this needs tweaked, we're
+currently abusing the existing variables and inverting their meaning in
+order to get everything installed where we want it and get absolute paths
+the way we want them.
+
+Index: pam-1.4.0/libpam/pam_handlers.c
+===================================================================
+--- pam-1.4.0.orig/libpam/pam_handlers.c
++++ pam-1.4.0/libpam/pam_handlers.c
+@@ -735,7 +735,27 @@ _pam_load_module(pam_handle_t *pamh, con
+ success = PAM_ABORT;
+
+ D(("_pam_load_module: _pam_dlopen(%s)", mod_path));
+- mod->dl_handle = _pam_dlopen(mod_path);
++ if (mod_path[0] == '/') {
++ mod->dl_handle = _pam_dlopen(mod_path);
++ } else {
++ char *mod_full_path = NULL;
++ if (asprintf(&mod_full_path, "%s%s",
++ DEFAULT_MODULE_PATH, mod_path) >= 0) {
++ mod->dl_handle = _pam_dlopen(mod_full_path);
++ _pam_drop(mod_full_path);
++ } else {
++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
++ }
++ if (!mod->dl_handle) {
++ if (asprintf(&mod_full_path, "%s/%s",
++ _PAM_ISA, mod_path) >= 0) {
++ mod->dl_handle = _pam_dlopen(mod_full_path);
++ _pam_drop(mod_full_path);
++ } else {
++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
++ }
++ }
++ }
+ D(("_pam_load_module: _pam_dlopen'ed"));
+ D(("_pam_load_module: dlopen'ed"));
+ if (mod->dl_handle == NULL) {
+@@ -812,7 +832,6 @@ int _pam_add_handler(pam_handle_t *pamh
+ struct handler **handler_p2;
+ struct handlers *the_handlers;
+ const char *sym, *sym2;
+- char *mod_full_path;
+ servicefn func, func2;
+ int mod_type = PAM_MT_FAULTY_MOD;
+
+@@ -824,16 +843,7 @@ int _pam_add_handler(pam_handle_t *pamh
+
+ if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) &&
+ mod_path != NULL) {
+- if (mod_path[0] == '/') {
+- mod = _pam_load_module(pamh, mod_path, handler_type);
+- } else if (asprintf(&mod_full_path, "%s%s",
+- DEFAULT_MODULE_PATH, mod_path) >= 0) {
+- mod = _pam_load_module(pamh, mod_full_path, handler_type);
+- _pam_drop(mod_full_path);
+- } else {
+- pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path");
+- return PAM_ABORT;
+- }
++ mod = _pam_load_module(pamh, mod_path, handler_type);
+
+ if (mod == NULL) {
+ /* if we get here with NULL it means allocation error */