fix-up commit for grafting svn history onto git history

1 files changed, 235 insertions, 0 deletions

diff --git a/debian/patches-applied/019_pam_listfile_quiet b/debian/patches-applied/019_pam_listfile_quiet
new file mode 100644
index 00000000..113c9cfb
--- /dev/null
+++ b/debian/patches-applied/019_pam_listfile_quiet
@@ -0,0 +1,235 @@
+Patch for Debian bug #84428
+
+Support a 'quiet' option to pam_listfile, to reduce the logging output
+
+Authors: Ben Collins <bcollins@debian.org>,
+         Steve Langasek <vorlon@debian.org>
+
+Upstream status: committed to CVS
+
+Index: Linux-PAM/modules/pam_listfile/pam_listfile.c
+===================================================================
+--- Linux-PAM/modules/pam_listfile/pam_listfile.c.orig
++++ Linux-PAM/modules/pam_listfile/pam_listfile.c
+@@ -68,7 +68,7 @@
+ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
+ 		     int argc, const char **argv)
+ {
+-    int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2;
++    int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0;
+     const void *void_citemp;
+     const char *citemp;
+     char *ifname=NULL;
+@@ -155,6 +155,8 @@
+ 		    apply_type=APPLY_TYPE_USER;
+ 		    strncpy(apply_val,myval,sizeof(apply_val)-1);
+ 		}
++	    } else if (!strcmp(mybuf,"quiet")) {
++		quiet = 1;
+ 	    } else {
+ 		free(ifname);
+ 		pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf);
+@@ -399,8 +401,9 @@
+ #endif
+ 	(void) pam_get_item(pamh, PAM_SERVICE, &service);
+ 	(void) pam_get_user(pamh, &user_name, NULL);
+-	pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s",
+-		    user_name, (const char *)service);
++	if (!quiet)
++	    pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s",
++	                user_name, (const char *)service);
+ 	return PAM_AUTH_ERR;
+     }
+ }
+Index: Linux-PAM/modules/pam_listfile/pam_listfile.8
+===================================================================
+--- Linux-PAM/modules/pam_listfile/pam_listfile.8.orig
++++ Linux-PAM/modules/pam_listfile/pam_listfile.8
+@@ -1,11 +1,11 @@
+ .\"     Title: pam_listfile
+ .\"    Author: 
+-.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+-.\"      Date: 06/22/2006
+-.\"    Manual: Linux\-PAM Manual
+-.\"    Source: Linux\-PAM Manual
++.\" Generator: DocBook XSL Stylesheets v1.72.0 <http://docbook.sf.net/>
++.\"      Date: 08/25/2007
++.\"    Manual: Linux-PAM Manual
++.\"    Source: Linux-PAM Manual
+ .\"
+-.TH "PAM_LISTFILE" "8" "06/22/2006" "Linux\-PAM Manual" "Linux\-PAM Manual"
++.TH "PAM_LISTFILE" "8" "08/25/2007" "Linux\-PAM Manual" "Linux\-PAM Manual"
+ .\" disable hyphenation
+ .nh
+ .\" disable justification (adjust text to left margin only)
+@@ -14,7 +14,7 @@
+ pam_listfile \- deny or allow services based on an arbitrary file
+ .SH "SYNOPSIS"
+ .HP 16
+-\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]]
++\fBpam_listfile.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet]
+ .SH "DESCRIPTION"
+ .PP
+ pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file.
+@@ -64,25 +64,40 @@
+ No credentials are awarded by this module.
+ .SH "OPTIONS"
+ .PP
+-.TP 3n
++.PP
+ \fBitem=[tty|user|rhost|ruser|group|shell]\fR
++.RS 4
+ What is listed in the file and should be checked for.
+-.TP 3n
++.RE
++.PP
+ \fBsense=[allow|deny]\fR
++.RS 4
+ Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested.
+-.TP 3n
++.RE
++.PP
+ \fBfile=\fR\fB\fI/path/filename\fR\fR
++.RS 4
+ File containing one item per line. The file needs to be a plain file and not world writeable.
+-.TP 3n
++.RE
++.PP
+ \fBonerr=[succeed|fail]\fR
++.RS 4
+ What to do if something weird happens like being unable to open the file.
+-.TP 3n
++.RE
++.PP
+ \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR
++.RS 4
+ Restrict the user class for which the restriction apply. Note that with
+ \fBitem=[user|ruser|group]\fR
+ this oes not make sense, but for
+ \fBitem=[tty|rhost|shell]\fR
+ it have a meaning.
++.RE
++.PP
++\fBquiet\fR
++.RS 4
++Do not treat service refusals or missing list files as errors that need to be logged.
++.RE
+ .SH "MODULE SERVICES PROVIDED"
+ .PP
+ The services
+@@ -94,34 +109,44 @@
+ are supported.
+ .SH "RETURN VALUES"
+ .PP
+-.TP 3n
++.PP
+ PAM_AUTH_ERR
++.RS 4
+ Authentication failure.
+-.TP 3n
++.RE
++.PP
+ PAM_BUF_ERR
++.RS 4
+ Memory buffer error.
+-.TP 3n
++.RE
++.PP
+ PAM_IGNORE
++.RS 4
+ The rule does not apply to the
+ \fBapply\fR
+ option.
+-.TP 3n
++.RE
++.PP
+ PAM_SERVICE_ERR
++.RS 4
+ Error in service module.
+-.TP 3n
++.RE
++.PP
+ PAM_SUCCESS
++.RS 4
+ Success.
++.RE
+ .SH "EXAMPLES"
+ .PP
+ Classic 'ftpusers' authentication can be implemented with this entry in
+ \fI/etc/pam.d/ftpd\fR:
+ .sp
+-.RS 3n
++.RS 4
+ .nf
+ #
+ # deny ftp\-access to users listed in the /etc/ftpusers file
+ #
+-auth    required       pam_listfile.so \\
++auth    required       pam_listfile.so \e
+         onerr=succeed item=user sense=deny file=/etc/ftpusers
+       
+ .fi
+@@ -137,12 +162,12 @@
+ \fI/etc/pam.d/login\fR
+ entry like this:
+ .sp
+-.RS 3n
++.RS 4
+ .nf
+ #
+ # permit login to users listed in /etc/loginusers
+ #
+-auth    required       pam_listfile.so \\
++auth    required       pam_listfile.so \e
+         onerr=fail item=user sense=allow file=/etc/loginusers
+       
+ .fi
+Index: Linux-PAM/modules/pam_listfile/pam_listfile.8.xml
+===================================================================
+--- Linux-PAM/modules/pam_listfile/pam_listfile.8.xml.orig
++++ Linux-PAM/modules/pam_listfile/pam_listfile.8.xml
+@@ -33,6 +33,9 @@
+       <arg choice="opt">
+         apply=[<replaceable>user</replaceable>|<replaceable>@group</replaceable>]
+       </arg>
++      <arg choice="opt">
++        quiet
++      </arg>
+     </cmdsynopsis>
+   </refsynopsisdiv>
+ 
+@@ -155,6 +158,18 @@
+             </para>
+           </listitem>
+         </varlistentry>
++
++        <varlistentry>
++          <term>
++            <option>quiet</option>
++          </term>
++          <listitem>
++            <para>
++              Do not treat service refusals or missing list files as
++              errors that need to be logged.
++            </para>
++          </listitem>
++        </varlistentry>
+       </variablelist>
+ 
+     </para>
+Index: Linux-PAM/modules/pam_listfile/README
+===================================================================
+--- Linux-PAM/modules/pam_listfile/README.orig
++++ Linux-PAM/modules/pam_listfile/README
+@@ -58,6 +58,11 @@
+     item=[user|ruser|group] this oes not make sense, but for item=[tty|rhost|
+     shell] it have a meaning.
+ 
++quiet
++
++    Do not treat service refusals or missing list files as errors that need to
++    be logged.
++
+ EXAMPLES
+ 
+ Classic 'ftpusers' authentication can be implemented with this entry in /etc/