diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:01:37 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 12:01:37 +0000 |
commit | dcd7a5748ef6820e3e0d386139d9dd946f0d71fa (patch) | |
tree | 66900ada5e764c3422a91836695cdef113bbb883 /debian/patches-applied/lib_security_multiarch_compat | |
parent | Adding upstream version 1.4.0. (diff) | |
download | pam-dcd7a5748ef6820e3e0d386139d9dd946f0d71fa.tar.xz pam-dcd7a5748ef6820e3e0d386139d9dd946f0d71fa.zip |
Adding debian version 1.4.0-9+deb11u1.debian/1.4.0-9+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches-applied/lib_security_multiarch_compat')
-rw-r--r-- | debian/patches-applied/lib_security_multiarch_compat | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/debian/patches-applied/lib_security_multiarch_compat b/debian/patches-applied/lib_security_multiarch_compat new file mode 100644 index 0000000..e386ff3 --- /dev/null +++ b/debian/patches-applied/lib_security_multiarch_compat @@ -0,0 +1,72 @@ +Unqualified module paths should always be looked up in *both* the default +module dir, *and* the ISA dir. That's what paths are for. + +This lets us have a soft transition to multiarch for modules without having +to rewrite /etc/pam.d/ files or add ugly symlinks. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: not ready to be committed - this needs tweaked, we're +currently abusing the existing variables and inverting their meaning in +order to get everything installed where we want it and get absolute paths +the way we want them. + +Index: pam-1.4.0/libpam/pam_handlers.c +=================================================================== +--- pam-1.4.0.orig/libpam/pam_handlers.c ++++ pam-1.4.0/libpam/pam_handlers.c +@@ -735,7 +735,27 @@ _pam_load_module(pam_handle_t *pamh, con + success = PAM_ABORT; + + D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); +- mod->dl_handle = _pam_dlopen(mod_path); ++ if (mod_path[0] == '/') { ++ mod->dl_handle = _pam_dlopen(mod_path); ++ } else { ++ char *mod_full_path = NULL; ++ if (asprintf(&mod_full_path, "%s%s", ++ DEFAULT_MODULE_PATH, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_path); ++ _pam_drop(mod_full_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ if (!mod->dl_handle) { ++ if (asprintf(&mod_full_path, "%s/%s", ++ _PAM_ISA, mod_path) >= 0) { ++ mod->dl_handle = _pam_dlopen(mod_full_path); ++ _pam_drop(mod_full_path); ++ } else { ++ pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); ++ } ++ } ++ } + D(("_pam_load_module: _pam_dlopen'ed")); + D(("_pam_load_module: dlopen'ed")); + if (mod->dl_handle == NULL) { +@@ -812,7 +832,6 @@ int _pam_add_handler(pam_handle_t *pamh + struct handler **handler_p2; + struct handlers *the_handlers; + const char *sym, *sym2; +- char *mod_full_path; + servicefn func, func2; + int mod_type = PAM_MT_FAULTY_MOD; + +@@ -824,16 +843,7 @@ int _pam_add_handler(pam_handle_t *pamh + + if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && + mod_path != NULL) { +- if (mod_path[0] == '/') { +- mod = _pam_load_module(pamh, mod_path, handler_type); +- } else if (asprintf(&mod_full_path, "%s%s", +- DEFAULT_MODULE_PATH, mod_path) >= 0) { +- mod = _pam_load_module(pamh, mod_full_path, handler_type); +- _pam_drop(mod_full_path); +- } else { +- pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); +- return PAM_ABORT; +- } ++ mod = _pam_load_module(pamh, mod_path, handler_type); + + if (mod == NULL) { + /* if we get here with NULL it means allocation error */ |