diff options
Diffstat (limited to 'patches-applied/009_pam_unix_likeauth')
| -rw-r--r-- | patches-applied/009_pam_unix_likeauth | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/patches-applied/009_pam_unix_likeauth b/patches-applied/009_pam_unix_likeauth new file mode 100644 index 00000000..37a9b696 --- /dev/null +++ b/patches-applied/009_pam_unix_likeauth @@ -0,0 +1,131 @@ +Index: Linux-PAM/modules/pam_unix/pam_unix_auth.c +=================================================================== +RCS file: /afs/sipb/project/debian/cvs/pam/Linux-PAM/modules/pam_unix/pam_unix_auth.c,v +retrieving revision 1.1.1.1 +diff -u -r1.1.1.1 pam_unix_auth.c +--- Linux-PAM/modules/pam_unix/pam_unix_auth.c 29 Apr 2001 04:17:37 -0000 1.1.1.1 ++++ Linux-PAM/modules/pam_unix/pam_unix_auth.c 19 May 2002 00:42:59 -0000 +@@ -81,17 +81,26 @@ + #define _UNIX_AUTHTOK "-UN*X-PASS" + + #define AUTH_RETURN \ +-{ \ ++do { \ + if (on(UNIX_LIKE_AUTH, ctrl) && ret_data) { \ + D(("recording return code for next time [%d]", \ + retval)); \ ++ *ret_data = retval; \ + pam_set_data(pamh, "unix_setcred_return", \ +- (void *) retval, NULL); \ ++ (void *) ret_data, setcred_free); \ + } \ + D(("done. [%s]", pam_strerror(pamh, retval))); \ + return retval; \ ++} while (0) ++ ++ ++static void setcred_free (pam_handle_t * pamh, void *ptr, int err) ++{ ++ if (ptr) ++ free (ptr); + } + ++ + PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags + ,int argc, const char **argv) + { +@@ -105,7 +114,8 @@ + + /* Get a few bytes so we can pass our return value to + pam_sm_setcred(). */ +- ret_data = malloc(sizeof(int)); ++ if (on(UNIX_LIKE_AUTH, ctrl)) ++ ret_data = malloc(sizeof(int)); + + /* get the user'name' */ + +@@ -120,7 +130,7 @@ + if (name == NULL || !isalnum(*name)) { + _log_err(LOG_ERR, pamh, "bad username [%s]", name); + retval = PAM_USER_UNKNOWN; +- AUTH_RETURN ++ AUTH_RETURN; + } + if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl)) + D(("username [%s] obtained", name)); +@@ -133,7 +143,7 @@ + */ + retval = PAM_INCOMPLETE; + } +- AUTH_RETURN ++ AUTH_RETURN; + } + + /* if this user does not have a password... */ +@@ -142,7 +152,7 @@ + D(("user '%s' has blank passwd", name)); + name = NULL; + retval = PAM_SUCCESS; +- AUTH_RETURN ++ AUTH_RETURN; + } + /* get this user's authentication token */ + +@@ -161,7 +171,7 @@ + retval = PAM_INCOMPLETE; + } + name = NULL; +- AUTH_RETURN ++ AUTH_RETURN; + } + D(("user=%s, password=[%s]", name, p)); + +@@ -169,7 +179,7 @@ + retval = _unix_verify_password(pamh, name, p, ctrl); + name = p = NULL; + +- AUTH_RETURN ++ AUTH_RETURN; + } + + +@@ -185,29 +195,23 @@ + PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags + ,int argc, const char **argv) + { +- unsigned int ctrl; + int retval; ++ int *pretval = NULL; + + D(("called.")); + +- /* FIXME: it shouldn't be necessary to parse the arguments again. The +- only argument we need is UNIX_LIKE_AUTH: if it was set, +- pam_get_data will succeed. If it wasn't, it will fail, and we +- return PAM_SUCCESS. -SRL */ +- ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); + retval = PAM_SUCCESS; + +- if (on(UNIX_LIKE_AUTH, ctrl)) { +- int *pretval = NULL; +- +- D(("recovering return code from auth call")); +- pam_get_data(pamh, "unix_setcred_return", (const void **) pretval); +- if(pretval) { +- retval = *pretval; +- free(pretval); +- D(("recovered data indicates that old retval was %d", retval)); +- } ++ D(("recovering return code from auth call")); ++ /* We will only find something here if UNIX_LIKE_AUTH is set -- ++ don't worry about an explicit check of argv. */ ++ pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval); ++ if(pretval) { ++ retval = *pretval; ++ pam_set_data(pamh, "unix_setcred_return", NULL, NULL); ++ D(("recovered data indicates that old retval was %d", retval)); + } ++ + return retval; + } + |