diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:22:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:22:53 +0000 |
commit | f4b22a2f215f6f80558d9e4075c9de306c8b9953 (patch) | |
tree | 05142dd668b11fc304d1c15faa52dee3784f8fa0 /debian/patches-applied/022_pam_unix_group_time_miscfixes | |
parent | Adding upstream version 1.5.2. (diff) | |
download | pam-f4b22a2f215f6f80558d9e4075c9de306c8b9953.tar.xz pam-f4b22a2f215f6f80558d9e4075c9de306c8b9953.zip |
Adding debian version 1.5.2-6+deb12u1.debian/1.5.2-6+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches-applied/022_pam_unix_group_time_miscfixes')
-rw-r--r-- | debian/patches-applied/022_pam_unix_group_time_miscfixes | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/debian/patches-applied/022_pam_unix_group_time_miscfixes b/debian/patches-applied/022_pam_unix_group_time_miscfixes new file mode 100644 index 0000000..8239fd9 --- /dev/null +++ b/debian/patches-applied/022_pam_unix_group_time_miscfixes @@ -0,0 +1,22 @@ +Description: handle the case of flags being empty or only PAM_SILENT, which is + documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: + http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm + +Index: pam/modules/pam_group/pam_group.c +=================================================================== +--- pam.orig/modules/pam_group/pam_group.c ++++ pam/modules/pam_group/pam_group.c +@@ -754,9 +754,12 @@ + unsigned setting; + + /* only interested in establishing credentials */ ++ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED. ++ Some people just pass PAM_SILENT, so cope with it, too. */ + + setting = flags; +- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { ++ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED)) ++ && (setting != 0) && (setting != PAM_SILENT)) { + D(("ignoring call - not for establishing credentials")); + return PAM_SUCCESS; /* don't fail because of this */ + } |