File: pam_unix_fix_sgid_shadow_auth.patch

package info (click to toggle)
pam 1.1.8-3.6
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 11,800 kB
  • ctags: 2,930
  • sloc: ansic: 31,350; xml: 21,611; sh: 11,344; makefile: 1,563; perl: 893; yacc: 408; lex: 70; sed: 16
file content (25 lines) | stat: -rw-r--r-- 956 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Revert upstream change that prevents pam_unix from working with sgid
shadow applications.

Authors: Steve Langasek <vorlon@debian.org>

Upstream status: to be submitted (and debated...)

Index: debian-pkg-pam/modules/pam_unix/passverify.c
===================================================================
--- debian-pkg-pam.orig/modules/pam_unix/passverify.c	2009-04-17 12:46:39.000000000 -0700
+++ debian-pkg-pam/modules/pam_unix/passverify.c	2009-04-17 12:46:40.000000000 -0700
@@ -203,11 +203,11 @@
 			 * ...and shadow password file entry for this user,
 			 * if shadowing is enabled
 			 */
+			*spwdent = pam_modutil_getspnam(pamh, name);
 #ifndef HELPER_COMPILE
-			if (geteuid() || SELINUX_ENABLED)
+			if (*spwdent == NULL && (geteuid() || SELINUX_ENABLED))
 				return PAM_UNIX_RUN_HELPER;
 #endif
-			*spwdent = pam_modutil_getspnam(pamh, name);
 			if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
 				return PAM_AUTHINFO_UNAVAIL;
 		}