diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/pam/libpam/pam-no-innetgr.patch | 92 | ||||
-rw-r--r-- | meta/recipes-extended/pam/libpam_1.1.3.bb | 2 |
2 files changed, 94 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch b/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch new file mode 100644 index 0000000000..e622a0d246 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch | |||
@@ -0,0 +1,92 @@ | |||
1 | innetgr may not be there so make sure that when innetgr is not present | ||
2 | then we inform about it and not use it. | ||
3 | |||
4 | -Khem | ||
5 | Index: Linux-PAM-1.1.3/modules/pam_group/pam_group.c | ||
6 | =================================================================== | ||
7 | --- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c | ||
8 | +++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c | ||
9 | @@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p | ||
10 | } | ||
11 | /* If buffer starts with @, we are using netgroups */ | ||
12 | if (buffer[0] == '@') | ||
13 | - good &= innetgr (&buffer[1], NULL, user, NULL); | ||
14 | +#ifdef HAVE_INNETGR | ||
15 | + good &= innetgr (&buffer[1], NULL, user, NULL); | ||
16 | +#else | ||
17 | + pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support"); | ||
18 | +#endif | ||
19 | /* otherwise, if the buffer starts with %, it's a UNIX group */ | ||
20 | else if (buffer[0] == '%') | ||
21 | good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]); | ||
22 | Index: Linux-PAM-1.1.3/modules/pam_time/pam_time.c | ||
23 | =================================================================== | ||
24 | --- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c | ||
25 | +++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c | ||
26 | @@ -555,9 +555,13 @@ check_account(pam_handle_t *pamh, const | ||
27 | } | ||
28 | /* If buffer starts with @, we are using netgroups */ | ||
29 | if (buffer[0] == '@') | ||
30 | - good &= innetgr (&buffer[1], NULL, user, NULL); | ||
31 | +#ifdef HAVE_INNETGR | ||
32 | + good &= innetgr (&buffer[1], NULL, user, NULL); | ||
33 | +#else | ||
34 | + pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support"); | ||
35 | +#endif | ||
36 | else | ||
37 | - good &= logic_field(pamh, user, buffer, count, is_same); | ||
38 | + good &= logic_field(pamh, user, buffer, count, is_same); | ||
39 | D(("with user: %s", good ? "passes":"fails" )); | ||
40 | |||
41 | /* here we get the time field */ | ||
42 | Index: Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c | ||
43 | =================================================================== | ||
44 | --- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c | ||
45 | +++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c | ||
46 | @@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh, | ||
47 | } | ||
48 | /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */ | ||
49 | static int | ||
50 | -evaluate_innetgr(const char *host, const char *user, const char *group) | ||
51 | +evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) | ||
52 | { | ||
53 | +#ifdef HAVE_INNETGR | ||
54 | if (innetgr(group, host, user, NULL) == 1) | ||
55 | return PAM_SUCCESS; | ||
56 | +#else | ||
57 | + pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support"); | ||
58 | +#endif | ||
59 | + | ||
60 | return PAM_AUTH_ERR; | ||
61 | } | ||
62 | /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */ | ||
63 | static int | ||
64 | -evaluate_notinnetgr(const char *host, const char *user, const char *group) | ||
65 | +evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group) | ||
66 | { | ||
67 | +#ifdef HAVE_INNETGR | ||
68 | if (innetgr(group, host, user, NULL) == 0) | ||
69 | return PAM_SUCCESS; | ||
70 | +#else | ||
71 | + pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support"); | ||
72 | +#endif | ||
73 | return PAM_AUTH_ERR; | ||
74 | } | ||
75 | |||
76 | @@ -361,14 +370,14 @@ evaluate(pam_handle_t *pamh, int debug, | ||
77 | const void *rhost; | ||
78 | if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) | ||
79 | rhost = NULL; | ||
80 | - return evaluate_innetgr(rhost, user, right); | ||
81 | + return evaluate_innetgr(pamh, rhost, user, right); | ||
82 | } | ||
83 | /* (Rhost, user) is not in this group. */ | ||
84 | if (strcasecmp(qual, "notinnetgr") == 0) { | ||
85 | const void *rhost; | ||
86 | if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS) | ||
87 | rhost = NULL; | ||
88 | - return evaluate_notinnetgr(rhost, user, right); | ||
89 | + return evaluate_notinnetgr(pamh, rhost, user, right); | ||
90 | } | ||
91 | /* Fail closed. */ | ||
92 | return PAM_SERVICE_ERR; | ||
diff --git a/meta/recipes-extended/pam/libpam_1.1.3.bb b/meta/recipes-extended/pam/libpam_1.1.3.bb index 9d6c317426..b62e2f27a0 100644 --- a/meta/recipes-extended/pam/libpam_1.1.3.bb +++ b/meta/recipes-extended/pam/libpam_1.1.3.bb | |||
@@ -19,6 +19,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \ | |||
19 | file://99_pam \ | 19 | file://99_pam \ |
20 | file://pam.d/*" | 20 | file://pam.d/*" |
21 | 21 | ||
22 | SRC_URI_append_libc-uclibc = " file://pam-no-innetgr.patch" | ||
23 | |||
22 | SRC_URI[md5sum] = "6db7fcb5db6253350e3a4648ceac40e7" | 24 | SRC_URI[md5sum] = "6db7fcb5db6253350e3a4648ceac40e7" |
23 | SRC_URI[sha256sum] = "17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652" | 25 | SRC_URI[sha256sum] = "17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652" |
24 | 26 | ||