diff options
| author | Steve Langasek <vorlon@debian.org> | 2010-08-31 23:34:04 -0700 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 21:48:26 -0800 |
| commit | 64c205d41710427ab670f96ebfc90e229da03fdf (patch) | |
| tree | ebfa78d5cf4f5f4965c9223b7481925e1267f967 | |
| parent | d14caa1df90fe232b1ebd690dad62506af61589a (diff) | |
| download | pam-64c205d41710427ab670f96ebfc90e229da03fdf.tar.gz pam-64c205d41710427ab670f96ebfc90e229da03fdf.tar.bz2 pam-64c205d41710427ab670f96ebfc90e229da03fdf.zip | |
debian/patches/007_modules_pam_unix: drop compatibility handling of
'max=' no-op; use of this option will now log an error, as warned three
years ago.
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | debian/patches-applied/007_modules_pam_unix | 28 | ||||
| -rw-r--r-- | debian/patches-applied/055_pam_unix_nullok_secure | 36 |
3 files changed, 27 insertions, 42 deletions
diff --git a/debian/changelog b/debian/changelog index 69c19a42..29f9c79a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,8 +2,6 @@ pam (1.1.1-5) UNRELEASED; urgency=low * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit interface. Closes: #579402. - * debian/patches-applied/007_modules_pam_unix: fix up patch for new - upstream version which now implements minlen=, not min=. * Drop patches conditional_module,_conditional_man and mkhomedir_linking.patch, which are included upstream. * debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use @@ -15,6 +13,9 @@ pam (1.1.1-5) UNRELEASED; urgency=low compatibility with upstream. * debian/NEWS: document the disappearance of 'min=n', in case users have encoded this option elsewhere outside of /etc/pam.d/common-password. + * debian/patches/007_modules_pam_unix: drop compatibility handling of + 'max=' no-op; use of this option will now log an error, as warned three + years ago. -- Steve Langasek <vorlon@debian.org> Sun, 29 Aug 2010 00:56:28 -0700 diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix index ae6370eb..5823c4d3 100644 --- a/debian/patches-applied/007_modules_pam_unix +++ b/debian/patches-applied/007_modules_pam_unix @@ -55,36 +55,22 @@ Index: pam.deb/modules/pam_unix/support.c break; } } -@@ -112,6 +114,9 @@ - } else if (pass_min_len && j == UNIX_MIN_PASS_LEN) { - *pass_min_len = atoi(*argv + 7); - } -+ } else if (pass_min_len && j == UNIX_MIN_PASS_COMPAT) { -+ *pass_min_len = atoi(*argv + 4); -+ } - if (rounds != NULL && j == UNIX_ALGO_ROUNDS) - *rounds = strtol(*argv + 7, NULL, 10); - } Index: pam.deb/modules/pam_unix/support.h =================================================================== --- pam.deb.orig/modules/pam_unix/support.h +++ pam.deb/modules/pam_unix/support.h -@@ -89,9 +89,12 @@ - #define UNIX_ALGO_ROUNDS 25 /* optional number of rounds for new +@@ -90,8 +90,9 @@ password hash algorithms */ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ --#define UNIX_MIN_PASS_LEN 27 /* min length for password */ -+#define UNIX_MAX_PASS_LEN 27 /* internal, for compatibility only */ -+#define UNIX_MIN_PASS_LEN 28 /* min length for password */ -+#define UNIX_MIN_PASS_COMPAT 29 /* min length for password */ -+#define UNIX_OBSCURE_CHECKS 30 /* enable obscure checks on passwords */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ ++#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ /* -------------- */ -#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -100,34 +103,37 @@ +@@ -100,34 +101,35 @@ /* symbol token name ctrl mask ctrl * * ----------------------- ------------------- --------------------- -------- */ @@ -143,10 +129,8 @@ Index: pam.deb/modules/pam_unix/support.h +/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000}, +/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000}, -+/* UNIX_MAX_PASS_LEN */ {"max=", _ALL_ON_, 0}, +/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000}, -+/* UNIX_MIN_PASS_COMPAT */ {"min=", _ALL_ON_, 0x8000000}, -+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x10000000}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) diff --git a/debian/patches-applied/055_pam_unix_nullok_secure b/debian/patches-applied/055_pam_unix_nullok_secure index cc46dcf5..5e694e12 100644 --- a/debian/patches-applied/055_pam_unix_nullok_secure +++ b/debian/patches-applied/055_pam_unix_nullok_secure @@ -39,7 +39,7 @@ Index: pam.deb/modules/pam_unix/support.c } } -@@ -455,6 +462,7 @@ +@@ -452,6 +459,7 @@ child = fork(); if (child == 0) { int i=0; @@ -47,7 +47,7 @@ Index: pam.deb/modules/pam_unix/support.c struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; -@@ -482,7 +490,18 @@ +@@ -479,7 +487,18 @@ /* exec binary helper */ args[0] = strdup(CHKPWD_HELPER); args[1] = x_strdup(user); @@ -67,7 +67,7 @@ Index: pam.deb/modules/pam_unix/support.c args[2]=strdup("nullok"); } else { args[2]=strdup("nonull"); -@@ -563,6 +582,17 @@ +@@ -560,6 +579,17 @@ if (on(UNIX__NONULL, ctrl)) return 0; /* will fail but don't let on yet */ @@ -85,7 +85,7 @@ Index: pam.deb/modules/pam_unix/support.c /* UNIX passwords area */ retval = get_pwd_hash(pamh, name, &pwd, &salt); -@@ -649,7 +679,8 @@ +@@ -646,7 +676,8 @@ } } } else { @@ -99,35 +99,35 @@ Index: pam.deb/modules/pam_unix/support.h =================================================================== --- pam.deb.orig/modules/pam_unix/support.h +++ pam.deb/modules/pam_unix/support.h -@@ -93,8 +93,9 @@ - #define UNIX_MIN_PASS_LEN 28 /* min length for password */ - #define UNIX_MIN_PASS_COMPAT 29 /* min length for password */ - #define UNIX_OBSCURE_CHECKS 30 /* enable obscure checks on passwords */ -+#define UNIX_NULLOK_SECURE 31 /* NULL passwords allowed only on secure ttys */ +@@ -91,8 +91,9 @@ + #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ + #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ ++#define UNIX_NULLOK_SECURE 29 /* NULL passwords allowed only on secure ttys */ /* -------------- */ --#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */ +-#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -112,7 +113,7 @@ +@@ -110,7 +111,7 @@ /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40}, /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80}, /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200}, -+/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x8000000), 0x200}, ++/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200}, /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400}, /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800}, /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000}, -@@ -134,6 +135,7 @@ +@@ -130,6 +131,7 @@ + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000}, /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000}, - /* UNIX_MIN_PASS_COMPAT */ {"min=", _ALL_ON_, 0x8000000}, - /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x10000000}, -+/* UNIX__NULLOK */ {"nullok_secure", _ALL_ON_^(0x200), 0x20000000}, + /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000}, ++/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -@@ -169,6 +171,9 @@ +@@ -165,6 +167,9 @@ ,const char *data_name ,const void **pass); |