blob: 1c8c3b67c80e3efce3fe015770adf5d90d8385de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
From: Sam Hartman <hartmans@debian.org>
Date: Mon, 11 Sep 2023 14:00:42 -0600
Subject: handle the case of flags being empty or only PAM_SILENT, which is
documented in other PAM implementations as meaning PAM_ESTABLISH_CRED:
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm
---
modules/pam_group/pam_group.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 6877849..7d11f59 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -773,9 +773,12 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
unsigned setting;
/* only interested in establishing credentials */
+ /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED.
+ Some people just pass PAM_SILENT, so cope with it, too. */
setting = flags;
- if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) {
+ if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))
+ && (setting != 0) && (setting != PAM_SILENT)) {
D(("ignoring call - not for establishing credentials"));
return PAM_SUCCESS; /* don't fail because of this */
}
|
