diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:22:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:22:53 +0000 |
commit | f4b22a2f215f6f80558d9e4075c9de306c8b9953 (patch) | |
tree | 05142dd668b11fc304d1c15faa52dee3784f8fa0 /debian/patches-applied/045_pam_dispatch_jump_is_ignore | |
parent | Adding upstream version 1.5.2. (diff) | |
download | pam-f4b22a2f215f6f80558d9e4075c9de306c8b9953.tar.xz pam-f4b22a2f215f6f80558d9e4075c9de306c8b9953.zip |
Adding debian version 1.5.2-6+deb12u1.debian/1.5.2-6+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches-applied/045_pam_dispatch_jump_is_ignore')
-rw-r--r-- | debian/patches-applied/045_pam_dispatch_jump_is_ignore | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/debian/patches-applied/045_pam_dispatch_jump_is_ignore b/debian/patches-applied/045_pam_dispatch_jump_is_ignore new file mode 100644 index 0000000..e19a545 --- /dev/null +++ b/debian/patches-applied/045_pam_dispatch_jump_is_ignore @@ -0,0 +1,34 @@ + +Previously jumps were treated as PAM_IGNORE in the freezing part of +the chain and PAM_OK (aka required) in the frozen part of the chain. +No one on pam-list was able to explain this behavior, so I changed it +to be consistent. + +Index: pam/libpam/pam_dispatch.c +=================================================================== +--- pam.orig/libpam/pam_dispatch.c ++++ pam/libpam/pam_dispatch.c +@@ -260,22 +260,7 @@ + if ( _PAM_ACTION_IS_JUMP(action) ) { + + /* If we are evaluating a cached chain, we treat this +- module as required (aka _PAM_ACTION_OK) as well as +- executing the jump. */ +- +- if (use_cached_chain) { +- if (impression == _PAM_UNDEF +- || (impression == _PAM_POSITIVE +- && status == PAM_SUCCESS) ) { +- if ( retval != PAM_IGNORE || cached_retval == retval ) { +- if ( impression == _PAM_UNDEF && retval == PAM_SUCCESS ) { +- h->grantor = 1; +- } +- impression = _PAM_POSITIVE; +- status = retval; +- } +- } +- } ++ module as ignored as well as executing the jump. */ + + /* this means that we need to skip #action stacked modules */ + while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) { |