summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-extended/pam/libpam/pam-no-innetgr.patch92
-rw-r--r--meta/recipes-extended/pam/libpam_1.1.3.bb2
2 files changed, 94 insertions, 0 deletions
diff --git a/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch b/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch
new file mode 100644
index 0000000000..e622a0d246
--- /dev/null
+++ b/meta/recipes-extended/pam/libpam/pam-no-innetgr.patch
@@ -0,0 +1,92 @@
1innetgr may not be there so make sure that when innetgr is not present
2then we inform about it and not use it.
3
4-Khem
5Index: Linux-PAM-1.1.3/modules/pam_group/pam_group.c
6===================================================================
7--- Linux-PAM-1.1.3.orig/modules/pam_group/pam_group.c
8+++ Linux-PAM-1.1.3/modules/pam_group/pam_group.c
9@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p
10 }
11 /* If buffer starts with @, we are using netgroups */
12 if (buffer[0] == '@')
13- good &= innetgr (&buffer[1], NULL, user, NULL);
14+#ifdef HAVE_INNETGR
15+ good &= innetgr (&buffer[1], NULL, user, NULL);
16+#else
17+ pam_syslog (pamh, LOG_ERR, "pam_group does not have netgroup support");
18+#endif
19 /* otherwise, if the buffer starts with %, it's a UNIX group */
20 else if (buffer[0] == '%')
21 good &= pam_modutil_user_in_group_nam_nam(pamh, user, &buffer[1]);
22Index: Linux-PAM-1.1.3/modules/pam_time/pam_time.c
23===================================================================
24--- Linux-PAM-1.1.3.orig/modules/pam_time/pam_time.c
25+++ Linux-PAM-1.1.3/modules/pam_time/pam_time.c
26@@ -555,9 +555,13 @@ check_account(pam_handle_t *pamh, const
27 }
28 /* If buffer starts with @, we are using netgroups */
29 if (buffer[0] == '@')
30- good &= innetgr (&buffer[1], NULL, user, NULL);
31+#ifdef HAVE_INNETGR
32+ good &= innetgr (&buffer[1], NULL, user, NULL);
33+#else
34+ pam_syslog (pamh, LOG_ERR, "pam_time does not have netgroup support");
35+#endif
36 else
37- good &= logic_field(pamh, user, buffer, count, is_same);
38+ good &= logic_field(pamh, user, buffer, count, is_same);
39 D(("with user: %s", good ? "passes":"fails" ));
40
41 /* here we get the time field */
42Index: Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
43===================================================================
44--- Linux-PAM-1.1.3.orig/modules/pam_succeed_if/pam_succeed_if.c
45+++ Linux-PAM-1.1.3/modules/pam_succeed_if/pam_succeed_if.c
46@@ -231,18 +231,27 @@ evaluate_notingroup(pam_handle_t *pamh,
47 }
48 /* Return PAM_SUCCESS if the (host,user) is in the netgroup. */
49 static int
50-evaluate_innetgr(const char *host, const char *user, const char *group)
51+evaluate_innetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
52 {
53+#ifdef HAVE_INNETGR
54 if (innetgr(group, host, user, NULL) == 1)
55 return PAM_SUCCESS;
56+#else
57+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
58+#endif
59+
60 return PAM_AUTH_ERR;
61 }
62 /* Return PAM_SUCCESS if the (host,user) is NOT in the netgroup. */
63 static int
64-evaluate_notinnetgr(const char *host, const char *user, const char *group)
65+evaluate_notinnetgr(const pam_handle_t* pamh, const char *host, const char *user, const char *group)
66 {
67+#ifdef HAVE_INNETGR
68 if (innetgr(group, host, user, NULL) == 0)
69 return PAM_SUCCESS;
70+#else
71+ pam_syslog (pamh, LOG_ERR, "pam_succeed_if does not have netgroup support");
72+#endif
73 return PAM_AUTH_ERR;
74 }
75
76@@ -361,14 +370,14 @@ evaluate(pam_handle_t *pamh, int debug,
77 const void *rhost;
78 if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
79 rhost = NULL;
80- return evaluate_innetgr(rhost, user, right);
81+ return evaluate_innetgr(pamh, rhost, user, right);
82 }
83 /* (Rhost, user) is not in this group. */
84 if (strcasecmp(qual, "notinnetgr") == 0) {
85 const void *rhost;
86 if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS)
87 rhost = NULL;
88- return evaluate_notinnetgr(rhost, user, right);
89+ return evaluate_notinnetgr(pamh, rhost, user, right);
90 }
91 /* Fail closed. */
92 return PAM_SERVICE_ERR;
diff --git a/meta/recipes-extended/pam/libpam_1.1.3.bb b/meta/recipes-extended/pam/libpam_1.1.3.bb
index 9d6c317426..b62e2f27a0 100644
--- a/meta/recipes-extended/pam/libpam_1.1.3.bb
+++ b/meta/recipes-extended/pam/libpam_1.1.3.bb
@@ -19,6 +19,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/libs/pam/library/Linux-PAM-${PV}.tar.bz2 \
19 file://99_pam \ 19 file://99_pam \
20 file://pam.d/*" 20 file://pam.d/*"
21 21
22SRC_URI_append_libc-uclibc = " file://pam-no-innetgr.patch"
23
22SRC_URI[md5sum] = "6db7fcb5db6253350e3a4648ceac40e7" 24SRC_URI[md5sum] = "6db7fcb5db6253350e3a4648ceac40e7"
23SRC_URI[sha256sum] = "17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652" 25SRC_URI[sha256sum] = "17b268789b935a76e736a1150210dd12f156972973e79347668f828d43632652"
24 26