File: 022_pam_unix_group_time_miscfixes

package info (click to toggle)
pam 1.1.8-3.6
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 11,800 kB
  • ctags: 2,930
  • sloc: ansic: 31,350; xml: 21,611; sh: 11,344; makefile: 1,563; perl: 893; yacc: 408; lex: 70; sed: 16
file content (22 lines) | stat: -rw-r--r-- 1,081 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Description: handle the case of flags being empty or only PAM_SILENT, which is
 documented in other PAM implementations as meaning PAM_ESTABLISH_CRED:
 http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm

Index: pam.deb/modules/pam_group/pam_group.c
===================================================================
--- pam.deb.orig/modules/pam_group/pam_group.c
+++ pam.deb/modules/pam_group/pam_group.c
@@ -765,9 +765,12 @@
     unsigned setting;
 
     /* only interested in establishing credentials */
+    /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED.
+       Some people just pass PAM_SILENT, so cope with it, too. */
 
     setting = flags;
-    if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) {
+    if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))
+        && (setting != 0) && (setting != PAM_SILENT)) {
 	D(("ignoring call - not for establishing credentials"));
 	return PAM_SUCCESS;            /* don't fail because of this */
     }