diff options
| author | Steve Langasek <vorlon@debian.org> | 2019-01-22 15:21:19 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-24 11:54:00 -0800 |
| commit | 5bbcd8f9bad73877325151b2024c6cdd858174b5 (patch) | |
| tree | 424e9a64f3aaf5588154b86636cfa5cf6f79edad /debian/patches-applied/007_modules_pam_unix | |
| parent | 5cd7bb4511a7c2b355a615f19a9eca193320aa3e (diff) | |
| download | pam-5bbcd8f9bad73877325151b2024c6cdd858174b5.tar.gz pam-5bbcd8f9bad73877325151b2024c6cdd858174b5.tar.bz2 pam-5bbcd8f9bad73877325151b2024c6cdd858174b5.zip | |
Refresh patches
Diffstat (limited to 'debian/patches-applied/007_modules_pam_unix')
| -rw-r--r-- | debian/patches-applied/007_modules_pam_unix | 115 |
1 files changed, 50 insertions, 65 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix index d88bb979..ae00a79d 100644 --- a/debian/patches-applied/007_modules_pam_unix +++ b/debian/patches-applied/007_modules_pam_unix @@ -1,8 +1,8 @@ -Index: pam.debian/modules/pam_unix/pam_unix_passwd.c +Index: pam/modules/pam_unix/pam_unix_passwd.c =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c -+++ pam.debian/modules/pam_unix/pam_unix_passwd.c -@@ -102,6 +102,9 @@ +--- pam.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam/modules/pam_unix/pam_unix_passwd.c +@@ -98,6 +98,9 @@ # endif /* GNU libc 2.1 */ #endif @@ -12,7 +12,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c /* How it works: Gets in username (has to be done) from the calling program -@@ -521,6 +524,11 @@ +@@ -593,6 +596,11 @@ return retval; } } @@ -24,7 +24,7 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c } if (remark) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); -@@ -536,7 +544,7 @@ +@@ -608,7 +616,7 @@ int retval; int remember = -1; int rounds = -1; @@ -33,22 +33,22 @@ Index: pam.debian/modules/pam_unix/pam_unix_passwd.c /* <DO NOT free() THESE> */ const char *user; -Index: pam.debian/modules/pam_unix/support.h +Index: pam/modules/pam_unix/support.h =================================================================== ---- pam.debian.orig/modules/pam_unix/support.h -+++ pam.debian/modules/pam_unix/support.h -@@ -97,8 +97,9 @@ - password hash algorithms */ - #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ - #define UNIX_MIN_PASS_LEN 27 /* min length for password */ -+#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ +--- pam.orig/modules/pam_unix/support.h ++++ pam/modules/pam_unix/support.h +@@ -98,8 +98,9 @@ + #define UNIX_QUIET 28 /* Don't print informational messages */ + #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */ + #define UNIX_DES 30 /* DES, default */ ++#define UNIX_OBSCURE_CHECKS 31 /* enable obscure checks on passwords */ /* -------------- */ --#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ +-#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) -@@ -107,34 +108,35 @@ +@@ -108,37 +109,38 @@ /* symbol token name ctrl mask ctrl * * ----------------------- ------------------- --------------------- -------- */ @@ -58,7 +58,7 @@ Index: pam.debian/modules/pam_unix/support.h -/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, -/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, -/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, --/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0}, +-/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0}, -/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, -/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, @@ -80,13 +80,16 @@ Index: pam.debian/modules/pam_unix/support.h -/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, -/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, -/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, +-/* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, +-/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0}, +-/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, +/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, +/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, +/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, +/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, +/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0}, +/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0}, -+/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, ++/* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0x40, 0}, +/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, +/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, +/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, @@ -108,15 +111,18 @@ Index: pam.debian/modules/pam_unix/support.h +/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, +/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, -+/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_QUIET */ {"quiet", _ALL_ON_, 0x8000000, 0}, ++/* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 0x10000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0x2C22000), 0, 1}, ++/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x20000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -Index: pam.debian/modules/pam_unix/pam_unix.8.xml +Index: pam/modules/pam_unix/pam_unix.8.xml =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8.xml -+++ pam.debian/modules/pam_unix/pam_unix.8.xml -@@ -337,8 +337,81 @@ +--- pam.orig/modules/pam_unix/pam_unix.8.xml ++++ pam/modules/pam_unix/pam_unix.8.xml +@@ -361,8 +361,81 @@ <listitem> <para> Set a minimum password length of <replaceable>n</replaceable> @@ -200,10 +206,10 @@ Index: pam.debian/modules/pam_unix/pam_unix.8.xml </para> </listitem> </varlistentry> -Index: pam.debian/modules/pam_unix/obscure.c +Index: pam/modules/pam_unix/obscure.c =================================================================== --- /dev/null -+++ pam.debian/modules/pam_unix/obscure.c ++++ pam/modules/pam_unix/obscure.c @@ -0,0 +1,198 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh @@ -403,24 +409,24 @@ Index: pam.debian/modules/pam_unix/obscure.c + + return msg; +} -Index: pam.debian/modules/pam_unix/Makefile.am +Index: pam/modules/pam_unix/Makefile.am =================================================================== ---- pam.debian.orig/modules/pam_unix/Makefile.am -+++ pam.debian/modules/pam_unix/Makefile.am -@@ -43,7 +43,7 @@ +--- pam.orig/modules/pam_unix/Makefile.am ++++ pam/modules/pam_unix/Makefile.am +@@ -42,7 +42,7 @@ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ - passverify.c yppasswd_xdr.c md5_good.c md5_broken.c + passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c - if STATIC_MODULES - pam_unix_la_SOURCES += pam_unix_static.c - endif -Index: pam.debian/modules/pam_unix/pam_unix.8 + + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) +Index: pam/modules/pam_unix/pam_unix.8 =================================================================== ---- pam.debian.orig/modules/pam_unix/pam_unix.8 -+++ pam.debian/modules/pam_unix/pam_unix.8 -@@ -183,7 +183,38 @@ +--- pam.orig/modules/pam_unix/pam_unix.8 ++++ pam/modules/pam_unix/pam_unix.8 +@@ -193,7 +193,38 @@ .RS 4 Set a minimum password length of \fIn\fR @@ -459,33 +465,12 @@ Index: pam.debian/modules/pam_unix/pam_unix.8 +.sp .RE .PP - Invalid arguments are logged with -diff --git a/modules/pam_unix/README b/modules/pam_unix/README -index 26c06e23..a1289409 100644 ---- a/modules/pam_unix/README -+++ b/modules/pam_unix/README -@@ -12,9 +12,9 @@ shadow file as well if shadow is enabled. - The account component performs the task of establishing the status of the - user's account and password based on the following shadow elements: expire, - last_change, max_change, min_change, warn_change. In the case of the latter, it --may offer advice to the user on changing their password or, through the -+may offer advice to the user on changing their password or, through the - PAM_AUTHTOKEN_REQD return, delay giving service to the user until they have --established a new password. The entries listed above are documented in the -+established a new password. The entries listed above are documented in the - shadow(5) manual page. Should the user's record not contain one or more of - these entries, the corresponding shadow check is not performed. - -@@ -100,7 +100,7 @@ remember=n - - The last n passwords for each user are saved in /etc/security/opasswd in - order to force password change history and keep the user from alternating -- between the same password too frequently. Instead of this option the -+ between the same password too frequently. Instead of this option the - pam_pwhistory module should be used. - - shadow -@@ -146,8 +146,40 @@ broken_shadow + \fBno_pass_expiry\fR +Index: pam/modules/pam_unix/README +=================================================================== +--- pam.orig/modules/pam_unix/README ++++ pam/modules/pam_unix/README +@@ -155,8 +155,40 @@ minlen=n @@ -526,5 +511,5 @@ index 26c06e23..a1289409 100644 + Is the new password a rotated version of the old password? (E.g., + "billy" and "illyb") - Invalid arguments are logged with syslog(3). + no_pass_expiry |