rpms/pam/F-8 pam-0.99.8.1-unix-any-user.patch, NONE, 1.1 pam.spec, 1.163, 1.164

Tomas Mraz (tmraz) fedora-extras-commits at redhat.com
Tue Feb 19 20:45:31 UTC 2008 

Author: tmraz

Update of /cvs/pkgs/rpms/pam/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27617

Modified Files:
	pam.spec 
Added Files:
	pam-0.99.8.1-unix-any-user.patch 
Log Message:
- allow mod_auth_pam to work if httpd user has access to shadow


pam-0.99.8.1-unix-any-user.patch:

--- NEW FILE pam-0.99.8.1-unix-any-user.patch ---
diff -up Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c.any-user Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c
--- Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c.any-user	2008-02-19 20:12:52.000000000 +0100
+++ Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c	2008-02-19 20:58:42.000000000 +0100
@@ -101,7 +101,9 @@ int main(int argc, char *argv[])
 	  /* if the caller specifies the username, verify that user
 	     matches it */
 	  if (strcmp(user, argv[1])) {
-	    return PAM_AUTH_ERR;
+	    user = argv[1];
+	    /* no match -> permanently change to the real user and proceed */
+	    setuid(getuid());
 	  }
 	}
 


Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-8/pam.spec,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -r1.163 -r1.164
--- pam.spec	19 Feb 2008 19:13:42 -0000	1.163
+++ pam.spec	19 Feb 2008 20:44:50 -0000	1.164
@@ -33,6 +33,7 @@
 Patch5:  pam-0.99.8.1-audit-no-log.patch
 Patch24: pam-0.99.8.1-unix-update-helper.patch
 Patch25: pam-0.99.8.1-unix-hpux-aging.patch
+Patch26: pam-0.99.8.1-unix-any-user.patch
 Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
 Patch32: pam-0.99.3.0-tally-fail-close.patch
 Patch40: pam-0.99.7.1-namespace-temp-logon.patch
@@ -107,6 +108,7 @@
 %patch5 -p1 -b .no-log
 %patch24 -p1 -b .update-helper
 %patch25 -p1 -b .unix-hpux-aging
+%patch26 -p1 -b .any-user
 %patch31 -p1 -b .try-first-pass
 %patch32 -p1 -b .fail-close
 %patch40 -p1 -b .temp-logon
@@ -374,7 +376,8 @@
 
 %changelog
 * Tue Feb 19 2008 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-17.1
-- fix spurious syslog message (#433459)
+- fix spurious syslog message and allow mod_auth_pam
+  to work if httpd user has access to shadow (#433459)
 
 * Mon Jan 28 2008 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-17
 - test for setkeycreatecon correctly

More information about the fedora-extras-commits mailing list