From dcd7a5748ef6820e3e0d386139d9dd946f0d71fa Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sat, 27 Apr 2024 14:01:37 +0200
Subject: Adding debian version 1.4.0-9+deb11u1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../026_pam_unix_passwd_unknown_user               | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 debian/patches-applied/026_pam_unix_passwd_unknown_user

(limited to 'debian/patches-applied/026_pam_unix_passwd_unknown_user')

diff --git a/debian/patches-applied/026_pam_unix_passwd_unknown_user b/debian/patches-applied/026_pam_unix_passwd_unknown_user
new file mode 100644
index 0000000..99ac3f6
--- /dev/null
+++ b/debian/patches-applied/026_pam_unix_passwd_unknown_user
@@ -0,0 +1,33 @@
+Description: distinguish between password manipulation failure and missing user.
+Author: Martin Schwenke <martin@meltin.net>
+
+Index: pam/modules/pam_unix/passverify.c
+===================================================================
+--- pam.orig/modules/pam_unix/passverify.c
++++ pam/modules/pam_unix/passverify.c
+@@ -749,7 +749,7 @@
+     struct passwd *tmpent = NULL;
+     struct stat st;
+     FILE *pwfile, *opwfile;
+-    int err = 1;
++    int err = 1, found = 0;
+     int oldmask;
+ #ifdef WITH_SELINUX
+     security_context_t prev_context=NULL;
+@@ -820,6 +820,7 @@
+ 
+ 	    tmpent->pw_passwd = assigned_passwd.charp;
+ 	    err = 0;
++	    found = 1;
+ 	}
+ 	if (putpwent(tmpent, pwfile)) {
+ 	    D(("error writing entry to password file: %m"));
+@@ -862,7 +863,7 @@
+ 	return PAM_SUCCESS;
+     } else {
+ 	unlink(PW_TMPFILE);
+-	return PAM_AUTHTOK_ERR;
++	return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN;
+     }
+ }
+ 
-- 
cgit v1.2.3