diff options
Diffstat (limited to 'debian/patches-applied/007_modules_pam_unix')
| -rw-r--r-- | debian/patches-applied/007_modules_pam_unix | 323 |
1 files changed, 25 insertions, 298 deletions
diff --git a/debian/patches-applied/007_modules_pam_unix b/debian/patches-applied/007_modules_pam_unix index 1388556e..95d2e354 100644 --- a/debian/patches-applied/007_modules_pam_unix +++ b/debian/patches-applied/007_modules_pam_unix @@ -1,10 +1,10 @@ -Index: pam-debian/modules/pam_unix/pam_unix_passwd.c +Index: pam.debian/modules/pam_unix/pam_unix_passwd.c =================================================================== ---- pam-debian.orig/modules/pam_unix/pam_unix_passwd.c 2011-10-10 16:22:05.790699739 -0700 -+++ pam-debian/modules/pam_unix/pam_unix_passwd.c 2011-10-10 16:24:49.656776455 -0700 -@@ -87,6 +87,9 @@ - unsigned long versnum, unsigned int proto); - #endif /* GNU libc 2.1 */ +--- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c ++++ pam.debian/modules/pam_unix/pam_unix_passwd.c +@@ -97,6 +97,9 @@ + # endif /* GNU libc 2.1 */ + #endif +extern const char *obscure_msg(const char *, const char *, const struct passwd *, + unsigned int); @@ -12,7 +12,7 @@ Index: pam-debian/modules/pam_unix/pam_unix_passwd.c /* How it works: Gets in username (has to be done) from the calling program -@@ -501,6 +504,11 @@ +@@ -513,6 +516,11 @@ return retval; } } @@ -24,7 +24,7 @@ Index: pam-debian/modules/pam_unix/pam_unix_passwd.c } if (remark) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); -@@ -517,7 +525,7 @@ +@@ -529,7 +537,7 @@ int retval; int remember = -1; int rounds = -1; @@ -33,10 +33,10 @@ Index: pam-debian/modules/pam_unix/pam_unix_passwd.c /* <DO NOT free() THESE> */ const char *user; -Index: pam-debian/modules/pam_unix/support.h +Index: pam.debian/modules/pam_unix/support.h =================================================================== ---- pam-debian.orig/modules/pam_unix/support.h 2011-10-10 16:22:05.742699130 -0700 -+++ pam-debian/modules/pam_unix/support.h 2011-10-10 16:24:49.656776455 -0700 +--- pam.debian.orig/modules/pam_unix/support.h ++++ pam.debian/modules/pam_unix/support.h @@ -90,8 +90,9 @@ password hash algorithms */ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ @@ -112,10 +112,10 @@ Index: pam-debian/modules/pam_unix/support.h }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -Index: pam-debian/modules/pam_unix/pam_unix.8.xml +Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== ---- pam-debian.orig/modules/pam_unix/pam_unix.8.xml 2011-10-10 16:22:05.822700144 -0700 -+++ pam-debian/modules/pam_unix/pam_unix.8.xml 2011-10-10 16:24:49.656776455 -0700 +--- pam.debian.orig/modules/pam_unix/pam_unix.8.xml ++++ pam.debian/modules/pam_unix/pam_unix.8.xml @@ -333,8 +333,81 @@ <listitem> <para> @@ -200,10 +200,10 @@ Index: pam-debian/modules/pam_unix/pam_unix.8.xml </para> </listitem> </varlistentry> -Index: pam-debian/modules/pam_unix/obscure.c +Index: pam.debian/modules/pam_unix/obscure.c =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ pam-debian/modules/pam_unix/obscure.c 2011-10-10 16:24:49.656776455 -0700 +--- /dev/null ++++ pam.debian/modules/pam_unix/obscure.c @@ -0,0 +1,198 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh @@ -403,11 +403,11 @@ Index: pam-debian/modules/pam_unix/obscure.c + + return msg; +} -Index: pam-debian/modules/pam_unix/Makefile.am +Index: pam.debian/modules/pam_unix/Makefile.am =================================================================== ---- pam-debian.orig/modules/pam_unix/Makefile.am 2011-10-10 16:22:05.754699282 -0700 -+++ pam-debian/modules/pam_unix/Makefile.am 2011-10-10 16:24:49.656776455 -0700 -@@ -41,7 +41,7 @@ +--- pam.debian.orig/modules/pam_unix/Makefile.am ++++ pam.debian/modules/pam_unix/Makefile.am +@@ -42,7 +42,7 @@ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ @@ -416,247 +416,11 @@ Index: pam-debian/modules/pam_unix/Makefile.am bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c bigcrypt_CFLAGS = $(AM_CFLAGS) -Index: pam-debian/modules/pam_unix/pam_unix.8 +Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== ---- pam-debian.orig/modules/pam_unix/pam_unix.8 2011-10-10 16:22:05.802699891 -0700 -+++ pam-debian/modules/pam_unix/pam_unix.8 2011-10-10 16:24:49.656776455 -0700 -@@ -1,161 +1,22 @@ -+'\" t - .\" Title: pam_unix - .\" Author: [see the "AUTHOR" section] --.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/> --.\" Date: 10/27/2010 -+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -+.\" Date: 05/31/2011 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_UNIX" "8" "10/27/2010" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UNIX" "8" "05/31/2011" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- --.\" * (re)Define some macros -+.\" * Define some portability stuff - .\" ----------------------------------------------------------------- - .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.\" toupper - uppercase a string (locale-aware) -+.\" http://bugs.debian.org/507673 -+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html - .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.de toupper --.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ --\\$* --.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz --.. --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.\" SH-xref - format a cross-reference to an SH section --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.de SH-xref --.ie n \{\ --.\} --.toupper \\$* --.el \{\ --\\$* --.\} --.. --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.\" SH - level-one heading that works better for non-TTY output --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.de1 SH --.\" put an extra blank line of space above the head in non-TTY output --.if t \{\ --.sp 1 --.\} --.sp \\n[PD]u --.nr an-level 1 --.set-an-margin --.nr an-prevailing-indent \\n[IN] --.fi --.in \\n[an-margin]u --.ti 0 --.HTML-TAG ".NH \\n[an-level]" --.it 1 an-trap --.nr an-no-space-flag 1 --.nr an-break-flag 1 --\." make the size of the head bigger --.ps +3 --.ft B --.ne (2v + 1u) --.ie n \{\ --.\" if n (TTY output), use uppercase --.toupper \\$* --.\} --.el \{\ --.nr an-break-flag 0 --.\" if not n (not TTY), use normal case (not uppercase) --\\$1 --.in \\n[an-margin]u --.ti 0 --.\" if not n (not TTY), put a border/line under subheading --.sp -.6 --\l'\n(.lu' --.\} --.. --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.\" SS - level-two heading that works better for non-TTY output --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.de1 SS --.sp \\n[PD]u --.nr an-level 1 --.set-an-margin --.nr an-prevailing-indent \\n[IN] --.fi --.in \\n[IN]u --.ti \\n[SN]u --.it 1 an-trap --.nr an-no-space-flag 1 --.nr an-break-flag 1 --.ps \\n[PS-SS]u --\." make the size of the head bigger --.ps +2 --.ft B --.ne (2v + 1u) --.if \\n[.$] \&\\$* --.. --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.\" BB/BE - put background/screen (filled box) around block of text --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.de BB --.if t \{\ --.sp -.5 --.br --.in +2n --.ll -2n --.gcolor red --.di BX --.\} --.. --.de EB --.if t \{\ --.if "\\$2"adjust-for-leading-newline" \{\ --.sp -1 --.\} --.br --.di --.in --.ll --.gcolor --.nr BW \\n(.lu-\\n(.i --.nr BH \\n(dn+.5v --.ne \\n(BHu+.5v --.ie "\\$2"adjust-for-leading-newline" \{\ --\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] --.\} --.el \{\ --\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] --.\} --.in 0 --.sp -.5v --.nf --.BX --.in --.sp .5v --.fi --.\} --.. --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.\" BM/EM - put colored marker in margin next to block of text --.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --.de BM --.if t \{\ --.br --.ll -2n --.gcolor red --.di BX --.\} --.. --.de EM --.if t \{\ --.br --.di --.ll --.gcolor --.nr BH \\n(dn --.ne \\n(BHu --\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] --.in 0 --.nf --.BX --.in --.fi --.\} --.. -+.ie \n(.g .ds Aq \(aq -+.el .ds Aq ' - .\" ----------------------------------------------------------------- - .\" * set default formatting - .\" ----------------------------------------------------------------- -@@ -166,38 +27,36 @@ - .\" ----------------------------------------------------------------- - .\" * MAIN CONTENT STARTS HERE * - .\" ----------------------------------------------------------------- --.SH "Name" -+.SH "NAME" - pam_unix \- Module for traditional password authentication --.SH "Synopsis" --.fam C -+.SH "SYNOPSIS" - .HP \w'\fBpam_unix\&.so\fR\ 'u - \fBpam_unix\&.so\fR [\&.\&.\&.] --.fam - .SH "DESCRIPTION" - .PP --This is the standard Unix authentication module\&. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&. -+This is the standard Unix authentication module\&. It uses standard calls from the system\*(Aqs libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&. - .PP --The account component performs the task of establishing the status of the user\'s account and password based on the following -+The account component performs the task of establishing the status of the user\*(Aqs account and password based on the following - \fIshadow\fR - elements: expire, last_change, max_change, min_change, warn_change\&. In the case of the latter, it may offer advice to the user on changing their password or, through the - \fBPAM_AUTHTOKEN_REQD\fR - return, delay giving service to the user until they have established a new password\&. The entries listed above are documented in the - \fBshadow\fR(5) --manual page\&. Should the user\'s record not contain one or more of these entries, the corresponding -+manual page\&. Should the user\*(Aqs record not contain one or more of these entries, the corresponding - \fIshadow\fR - check is not performed\&. - .PP - The authentication component performs the task of checking the users credentials (password)\&. The default action of this module is to not permit the user access to a service if their official password is blank\&. - .PP - A helper binary, --\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like -+\fBunix_chkpwd\fR(8), is provided to check the user\*(Aqs password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like - \fBxlock\fR(1) --to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was -+to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\*(Aqt know was - \fBfork()\fRd\&. The - \fBnoreap\fR - module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. - .PP --The password component of this module performs the task of updating the user\'s password\&. -+The password component of this module performs the task of updating the user\*(Aqs password\&. - .PP - The session component of this module logs when a user logins or leave the system\&. - .PP -@@ -225,7 +84,7 @@ - .PP - \fBtry_first_pass\fR - .RS 4 --Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\&. -+Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&. - .RE - .PP - \fBuse_first_pass\fR -@@ -264,7 +123,7 @@ - The last - \fIn\fR - passwords for each user are saved in --\FC/etc/security/opasswd\F[] -+/etc/security/opasswd - in order to force password change history and keep the user from alternating between the same password too frequently\&. - .RE - .PP -@@ -319,7 +178,38 @@ +--- pam.debian.orig/modules/pam_unix/pam_unix.8 ++++ pam.debian/modules/pam_unix/pam_unix.8 +@@ -178,7 +178,38 @@ .RS 4 Set a minimum password length of \fIn\fR @@ -696,40 +460,3 @@ Index: pam-debian/modules/pam_unix/pam_unix.8 .RE .PP Invalid arguments are logged with -@@ -340,21 +230,13 @@ - .SH "EXAMPLES" - .PP - An example usage for --\FC/etc/pam\&.d/login\F[] -+/etc/pam\&.d/login - would be: - .sp - .if n \{\ - .RS 4 - .\} --.fam C --.ps -1 - .nf --.if t \{\ --.sp -1 --.\} --.BB lightgray adjust-for-leading-newline --.sp -1 -- - # Authenticate the user - auth required pam_unix\&.so - # Ensure users account and password are still active -@@ -365,13 +247,7 @@ - password required pam_unix\&.so use_authtok nullok md5 - session required pam_unix\&.so - --.EB lightgray adjust-for-leading-newline --.if t \{\ --.sp 1 --.\} - .fi --.fam --.ps +1 - .if n \{\ - .RE - .\} |