summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/pam/libpam
diff options
context:
space:
mode:
authorMaxin B. John <maxin.john@intel.com>2016-05-25 17:07:39 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-30 15:58:12 +0100
commit87f0a826255e8e43a327e7b085fd5bc14b4f324c (patch)
treed39dbdf25d5e0b0690b3a39aecd5505d88b52bea /meta/recipes-extended/pam/libpam
parent52d130d9e9735af569f018fc9161a54ed198d2d4 (diff)
downloadpoky-87f0a826255e8e43a327e7b085fd5bc14b4f324c.tar.gz
libpam: update to 1.3.0
1.2.1 -> 1.3.0 Remove upstreamed patch: a) pam-no-innetgr.patch Refreshed the following patches for 1.3.0: a) crypt_configure.patch b) pam-unix-nullok-secure.patch (From OE-Core rev: ac512ff9fbe41428e3d71d3e943aaa871d8b155a) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/pam/libpam')
-rw-r--r--meta/recipes-extended/pam/libpam/crypt_configure.patch37
-rw-r--r--meta/recipes-extended/pam/libpam/pam-no-innetgr.patch97
-rw-r--r--meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch119
3 files changed, 60 insertions, 193 deletions
diff --git a/meta/recipes-extended/pam/libpam/crypt_configure.patch b/meta/recipes-extended/pam/libpam/crypt_configure.patch
index bec82a5f10..917a8af64d 100644
--- a/meta/recipes-extended/pam/libpam/crypt_configure.patch
+++ b/meta/recipes-extended/pam/libpam/crypt_configure.patch
@@ -1,31 +1,40 @@
1From b86575ab4a0df07da160283459da270e1c0372a0 Mon Sep 17 00:00:00 2001
2From: "Maxin B. John" <maxin.john@intel.com>
3Date: Tue, 24 May 2016 14:11:09 +0300
4Subject: [PATCH] crypt_configure
5
1This patch fixes a case where it find crypt defined in libc (musl) but 6This patch fixes a case where it find crypt defined in libc (musl) but
2not in specified libraries then it ends up assigning 7not in specified libraries then it ends up assigning
3
4LIBCRYPT="-l" which then goes into makefile cause all sort of problems 8LIBCRYPT="-l" which then goes into makefile cause all sort of problems
5e.g. 9e.g.
6 10
7ld: cannot find -l-m32 11ld: cannot find -l-m32
8| collect2: error: ld returned 1 exit status 12| collect2: error: ld returned 1 exit status
9 13The reason is that -l appears on commandline with
10The reason is that -l appears on commandline with out any library and 14out any library and compiler treats the next argument as library name
11compiler treats the next argument as library name whatever it is. 15whatever it is.
12
13 16
14Upstream-Status: Pending 17Upstream-Status: Pending
18
15Signed-off-by: Khem Raj <raj.khem@gmail.com> 19Signed-off-by: Khem Raj <raj.khem@gmail.com>
20Signed-off-by: Maxin B. John <maxin.john@intel.com>
21---
22 configure.ac | 2 +-
23 1 file changed, 1 insertion(+), 1 deletion(-)
16 24
17Index: Linux-PAM-1.1.6/configure.in 25diff --git a/configure.ac b/configure.ac
18=================================================================== 26index df39d07..e68d856 100644
19--- Linux-PAM-1.1.6.org/configure.ac 27--- a/configure.ac
20+++ Linux-PAM-1.1.6/configure.ac 28+++ b/configure.ac
21@@ -400,7 +400,9 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" = 29@@ -401,7 +401,7 @@ AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
22 [crypt_libs="crypt"]) 30 [crypt_libs="crypt"])
23 31
24 BACKUP_LIBS=$LIBS 32 BACKUP_LIBS=$LIBS
25-AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="") 33-AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="${ac_lib:+-l$ac_lib}", LIBCRYPT="")
26+AC_SEARCH_LIBS([crypt],[$crypt_libs], 34+AC_SEARCH_LIBS([crypt],[$crypt_libs], [test "$ac_cv_search_crypt" = "none required" || LIBCRYPT="$ac_cv_search_crypt"])
27+ [test "$ac_cv_search_crypt" = "none required" ||
28+ LIBCRYPT="$ac_cv_search_crypt"])
29 AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) 35 AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
30 LIBS=$BACKUP_LIBS 36 LIBS=$BACKUP_LIBS
31 AC_SUBST(LIBCRYPT) 37 AC_SUBST(LIBCRYPT)
38--
392.4.0
40
diff --git a/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch b/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch
deleted file mode 100644
index 5e551ac48f..0000000000
--- a/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch
+++ /dev/null
@@ -1,97 +0,0 @@
1innetgr may not be there so make sure that when innetgr is not present
2then we inform about it and not use it.
3
4-Khem
5
6Upstream-Status: Pending
7
8Signed-off-by: Scott Garman <scott.a.garman@intel.com>
9
10Index: Linux-PAM-1.1.3/modules/pam_group/pam_group.c
11===================================================================
12--- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c
13+++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c
14@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p
15 }
16 /* If buffer starts with @, we are using netgroups */
17 if (buffer[0] == '@')
18- good &= innetgr (&buffer[1], NULL, user, NULL);
19+#ifdef HAVE_INNETGR
20+ good &= innetgr (&buffer[1], NULL, user, NULL);
21+#else
22+ pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
23+#endif
24 /* otherwise, if the buffer starts with %, it's a UNIX group */
25 else if (buffer[0] == '%')
26 good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
27Index: Linux-PAM-1.1.3/modules/pam_time/pam_time.c
28===================================================================
29--- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c
30+++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c
31@@ -555,9 +555,13 @@ check_account(pam_handle_t *pamh, const
32 }
33 /* If buffer starts with @, we are using netgroups */
34 if (buffer[0] == '@')
35- good &= innetgr (&buffer[1], NULL, user, NULL);
36+#ifdef HAVE_INNETGR
37+ good &= innetgr (&buffer[1], NULL, user, NULL);
38+#else
39+ pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
40+#endif
41 else
42- good &= logic_field(pamh, user, buffer, count, is_same);
43+ good &= logic_field(pamh, user, buffer, count, is_same);
44 D(("with user: %s", good ? "passes":"fails" ));
45
46 /* here we get the time field */
47Index: Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
48===================================================================
49--- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c
50+++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
51@@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh,
52 }
53 /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
54 static int
55-evaluate_innetgr(const char *host, const char *user, const char *group)
56+evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
57 {
58+#ifdef HAVE_INNETGR
59 if (innetgr(group, host, user, NULL) == 1)
60 return PAM_SUCCESS;
61+#else
62+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
63+#endif
64+
65 return PAM_AUTH_ERR;
66 }
67 /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
68 static int
69-evaluate_notinnetgr(const char *host, const char *user, const char *group)
70+evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
71 {
72+#ifdef HAVE_INNETGR
73 if (innetgr(group, host, user, NULL) == 0)
74 return PAM_SUCCESS;
75+#else
76+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
77+#endif
78 return PAM_AUTH_ERR;
79 }
80
81@@ -361,14 +370,14 @@ evaluate(pam_handle_t *pamh, int debug,
82 const void *rhost;
83 if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
84 rhost = NULL;
85- return evaluate_innetgr(rhost, user, right);
86+ return evaluate_innetgr(pamh, rhost, user, right);
87 }
88 /* (Rhost, user) is not in this group. */
89 if (strcasecmp(qual, "notinnetgr") == 0) {
90 const void *rhost;
91 if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
92 rhost = NULL;
93- return evaluate_notinnetgr(rhost, user, right);
94+ return evaluate_notinnetgr(pamh, rhost, user, right);
95 }
96 /* Fail closed. */
97 return PAM_SERVICE_ERR;
diff --git a/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch b/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch
index 3241e82959..d2cc66882e 100644
--- a/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch
+++ b/meta/recipes-extended/pam/libpam/pam-unix-nullok-secure.patch
@@ -1,9 +1,11 @@
1From 9bdc197474795f2d000c2bc04f58f7cef8898f21 Mon Sep 17 00:00:00 2001 1From b6545b83f94c5fb7aec1478b8d458a1393f479c8 Mon Sep 17 00:00:00 2001
2From: Amarnath Valluri <amarnath.valluri@intel.com> 2From: "Maxin B. John" <maxin.john@intel.com>
3Date: Wed, 15 Jul 2015 13:07:20 +0300 3Date: Wed, 25 May 2016 14:12:25 +0300
4Subject: [PATCH] Debian patch to add a new 'nullok_secure' option to pam_unix, 4Subject: [PATCH] pam_unix: support 'nullok_secure' option
5 which accepts users with null passwords only when the applicant is connected 5
6 from a tty listed in /etc/securetty. 6Debian patch to add a new 'nullok_secure' option to pam_unix,
7which accepts users with null passwords only when the applicant is
8connected from a tty listed in /etc/securetty.
7 9
8Authors: Sam Hartman <hartmans@debian.org>, 10Authors: Sam Hartman <hartmans@debian.org>,
9 Steve Langasek <vorlon@debian.org> 11 Steve Langasek <vorlon@debian.org>
@@ -11,78 +13,31 @@ Authors: Sam Hartman <hartmans@debian.org>,
11Upstream-Status: Pending 13Upstream-Status: Pending
12 14
13Signed-off-by: Ming Liu <ming.liu@windriver.com> 15Signed-off-by: Ming Liu <ming.liu@windriver.com>
14
15v2:
16 - Forward ported from v1.1.6 to v1.2.1
17
18Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> 16Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
17Signed-off-by: Maxin B. John <maxin.john@intel.com>
19--- 18---
20 modules/pam_unix/Makefile.am | 3 ++- 19 modules/pam_unix/Makefile.am | 3 ++-
21 modules/pam_unix/README | 11 ++++++++++-
22 modules/pam_unix/pam_unix.8 | 9 ++++++++-
23 modules/pam_unix/pam_unix.8.xml | 19 ++++++++++++++++++- 20 modules/pam_unix/pam_unix.8.xml | 19 ++++++++++++++++++-
24 modules/pam_unix/support.c | 40 +++++++++++++++++++++++++++++++++++----- 21 modules/pam_unix/support.c | 40 +++++++++++++++++++++++++++++++++++-----
25 modules/pam_unix/support.h | 8 ++++++-- 22 modules/pam_unix/support.h | 8 ++++++--
26 6 files changed, 79 insertions(+), 11 deletions(-) 23 4 files changed, 61 insertions(+), 9 deletions(-)
27 24
28diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am 25diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am
29index 56ed591..9a372ac 100644 26index 56df178..2bba460 100644
30--- a/modules/pam_unix/Makefile.am 27--- a/modules/pam_unix/Makefile.am
31+++ b/modules/pam_unix/Makefile.am 28+++ b/modules/pam_unix/Makefile.am
32@@ -30,7 +30,8 @@ if HAVE_VERSIONING 29@@ -30,7 +30,8 @@ if HAVE_VERSIONING
33 pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map 30 pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
34 endif 31 endif
35 pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ 32 pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \
36- @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) 33- @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@
37+ @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \ 34+ @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ \
38+ ../pam_securetty/tty_secure.lo 35+ ../pam_securetty/tty_secure.lo
39 36
40 securelib_LTLIBRARIES = pam_unix.la 37 securelib_LTLIBRARIES = pam_unix.la
41 38
42diff --git a/modules/pam_unix/README b/modules/pam_unix/README
43index 3935dba..7880d91 100644
44--- a/modules/pam_unix/README
45+++ b/modules/pam_unix/README
46@@ -67,7 +67,16 @@ nullok
47
48 The default action of this module is to not permit the user access to a
49 service if their official password is blank. The nullok argument overrides
50- this default.
51+ this default and allows any user with a blank password to access the
52+ service.
53+
54+nullok_secure
55+
56+ The default action of this module is to not permit the user access to a
57+ service if their official password is blank. The nullok_secure argument
58+ overrides this default and allows any user with a blank password to access
59+ the service as long as the value of PAM_TTY is set to one of the values
60+ found in /etc/securetty.
61
62 try_first_pass
63
64diff --git a/modules/pam_unix/pam_unix.8 b/modules/pam_unix/pam_unix.8
65index 339178b..a4bd906 100644
66--- a/modules/pam_unix/pam_unix.8
67+++ b/modules/pam_unix/pam_unix.8
68@@ -92,7 +92,14 @@ Turns off informational messages namely messages about session open and close vi
69 .RS 4
70 The default action of this module is to not permit the user access to a service if their official password is blank\&. The
71 \fBnullok\fR
72-argument overrides this default\&.
73+argument overrides this default and allows any user with a blank password to access the service\&.
74+.RE
75+.PP
76+\fBnullok_secure\fR
77+.RS 4
78+The default action of this module is to not permit the user access to a service if their official password is blank\&. The
79+\fBnullok_secure\fR
80+argument overrides this default and allows any user with a blank password to access the service as long as the value of PAM_TTY is set to one of the values found in /etc/securetty\&.
81 .RE
82 .PP
83 \fBtry_first_pass\fR
84diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml 39diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml
85index a8b64bb..1ced6f4 100644 40index 1b318f1..be0330e 100644
86--- a/modules/pam_unix/pam_unix.8.xml 41--- a/modules/pam_unix/pam_unix.8.xml
87+++ b/modules/pam_unix/pam_unix.8.xml 42+++ b/modules/pam_unix/pam_unix.8.xml
88@@ -159,7 +159,24 @@ 43@@ -159,7 +159,24 @@
@@ -112,10 +67,10 @@ index a8b64bb..1ced6f4 100644
112 </listitem> 67 </listitem>
113 </varlistentry> 68 </varlistentry>
114diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c 69diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
115index abccd82..2361957 100644 70index fc8595e..29e3341 100644
116--- a/modules/pam_unix/support.c 71--- a/modules/pam_unix/support.c
117+++ b/modules/pam_unix/support.c 72+++ b/modules/pam_unix/support.c
118@@ -189,13 +189,22 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, 73@@ -183,13 +183,22 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds,
119 /* now parse the arguments to this module */ 74 /* now parse the arguments to this module */
120 75
121 for (; argc-- > 0; ++argv) { 76 for (; argc-- > 0; ++argv) {
@@ -141,7 +96,7 @@ index abccd82..2361957 100644
141 } 96 }
142 } 97 }
143 98
144@@ -566,6 +575,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, 99@@ -560,6 +569,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
145 if (child == 0) { 100 if (child == 0) {
146 static char *envp[] = { NULL }; 101 static char *envp[] = { NULL };
147 const char *args[] = { NULL, NULL, NULL, NULL }; 102 const char *args[] = { NULL, NULL, NULL, NULL };
@@ -149,7 +104,7 @@ index abccd82..2361957 100644
149 104
150 /* XXX - should really tidy up PAM here too */ 105 /* XXX - should really tidy up PAM here too */
151 106
152@@ -593,7 +603,16 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, 107@@ -587,7 +597,16 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
153 /* exec binary helper */ 108 /* exec binary helper */
154 args[0] = CHKPWD_HELPER; 109 args[0] = CHKPWD_HELPER;
155 args[1] = user; 110 args[1] = user;
@@ -167,7 +122,7 @@ index abccd82..2361957 100644
167 args[2]="nullok"; 122 args[2]="nullok";
168 } else { 123 } else {
169 args[2]="nonull"; 124 args[2]="nonull";
170@@ -678,6 +697,17 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) 125@@ -672,6 +691,17 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
171 if (on(UNIX__NONULL, ctrl)) 126 if (on(UNIX__NONULL, ctrl))
172 return 0; /* will fail but don't let on yet */ 127 return 0; /* will fail but don't let on yet */
173 128
@@ -185,7 +140,7 @@ index abccd82..2361957 100644
185 /* UNIX passwords area */ 140 /* UNIX passwords area */
186 141
187 retval = get_pwd_hash(pamh, name, &pwd, &salt); 142 retval = get_pwd_hash(pamh, name, &pwd, &salt);
188@@ -764,7 +794,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name 143@@ -758,7 +788,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
189 } 144 }
190 } 145 }
191 } else { 146 } else {
@@ -195,46 +150,46 @@ index abccd82..2361957 100644
195 150
196 if (retval == PAM_SUCCESS) { 151 if (retval == PAM_SUCCESS) {
197diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h 152diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
198index 3729ce0..43cdbea 100644 153index b4c279c..8da4a8e 100644
199--- a/modules/pam_unix/support.h 154--- a/modules/pam_unix/support.h
200+++ b/modules/pam_unix/support.h 155+++ b/modules/pam_unix/support.h
201@@ -99,8 +99,9 @@ typedef struct { 156@@ -98,8 +98,9 @@ typedef struct {
202 #define UNIX_MIN_PASS_LEN 27 /* min length for password */
203 #define UNIX_QUIET 28 /* Don't print informational messages */ 157 #define UNIX_QUIET 28 /* Don't print informational messages */
204 #define UNIX_DES 29 /* DES, default */ 158 #define UNIX_NO_PASS_EXPIRY 29 /* Don't check for password expiration if not used for authentication */
205+#define UNIX_NULLOK_SECURE 30 /* NULL passwords allowed only on secure ttys */ 159 #define UNIX_DES 30 /* DES, default */
160+#define UNIX_NULLOK_SECURE 31 /* NULL passwords allowed only on secure ttys */
206 /* -------------- */ 161 /* -------------- */
207-#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ 162-#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */
208+#define UNIX_CTRLS_ 31 /* number of ctrl arguments defined */ 163+#define UNIX_CTRLS_ 32 /* number of ctrl arguments defined */
209 164
210 #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) 165 #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
211 166
212@@ -118,7 +119,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = 167@@ -117,7 +118,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
213 /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0}, 168 /* UNIX_AUTHTOK_TYPE */ {"authtok_type=", _ALL_ON_, 0100, 0},
214 /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, 169 /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0},
215 /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, 170 /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0},
216-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, 171-/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0},
217+/* UNIX__NONULL */ {NULL, _ALL_ON_^(02000000000), 01000, 0}, 172+/* UNIX__NONULL */ {NULL, _ALL_ON_^(02000000000), 01000, 0},
218 /* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, 173 /* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0},
219 /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, 174 /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0},
220 /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, 175 /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0},
221@@ -139,6 +140,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = 176@@ -139,6 +140,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
222 /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0},
223 /* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0}, 177 /* UNIX_QUIET */ {"quiet", _ALL_ON_, 01000000000, 0},
178 /* UNIX_NO_PASS_EXPIRY */ {"no_pass_expiry", _ALL_ON_, 02000000000, 0},
224 /* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, 179 /* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1},
225+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(01000), 02000000000, 0}, 180+/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(01000), 02000000000, 0},
226 }; 181 };
227 182
228 #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) 183 #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)
229@@ -171,6 +173,8 @@ extern int _unix_read_password(pam_handle_t * pamh 184@@ -172,6 +174,8 @@ extern int _unix_read_password(pam_handle_t * pamh
230 ,const char *prompt2
231 ,const char *data_name 185 ,const char *data_name
232 ,const void **pass); 186 ,const void **pass);
233+extern int _pammodutil_tty_secure(const pam_handle_t *pamh,
234+ const char *uttyname);
235 187
188+extern int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname);
189+
236 extern int _unix_run_verify_binary(pam_handle_t *pamh, 190 extern int _unix_run_verify_binary(pam_handle_t *pamh,
237 unsigned int ctrl, const char *user, int *daysleft); 191 unsigned int ctrl, const char *user, int *daysleft);
192 #endif /* _PAM_UNIX_SUPPORT_H */
238-- 193--
2392.1.4 1942.4.0
240 195