aboutsummaryrefslogtreecommitdiff
path: root/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patches-applied/pam_unix_fix_sgid_shadow_auth.patch')
-rw-r--r--patches-applied/pam_unix_fix_sgid_shadow_auth.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/patches-applied/pam_unix_fix_sgid_shadow_auth.patch b/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
new file mode 100644
index 00000000..0ce85eb7
--- /dev/null
+++ b/patches-applied/pam_unix_fix_sgid_shadow_auth.patch
@@ -0,0 +1,25 @@
+Revert upstream change that prevents pam_unix from working with sgid
+shadow applications.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: to be submitted (and debated...)
+
+Index: pam/modules/pam_unix/passverify.c
+===================================================================
+--- pam.orig/modules/pam_unix/passverify.c
++++ pam/modules/pam_unix/passverify.c
+@@ -198,11 +198,11 @@
+ * ...and shadow password file entry for this user,
+ * if shadowing is enabled
+ */
++ *spwdent = pam_modutil_getspnam(pamh, name);
+ #ifndef HELPER_COMPILE
+- if (geteuid() || SELINUX_ENABLED)
++ if (*spwdent == NULL && (geteuid() || SELINUX_ENABLED))
+ return PAM_UNIX_RUN_HELPER;
+ #endif
+- *spwdent = pam_modutil_getspnam(pamh, name);
+ if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL)
+ return PAM_AUTHINFO_UNAVAIL;
+ }
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-14 21:19:15 +0000