rpms/pam/F-8 pam-0.99.8.1-unix-any-user.patch, NONE, 1.1 pam.spec, 1.163, 1.164
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Tue Feb 19 20:45:31 UTC 2008
Author: tmraz
Update of /cvs/pkgs/rpms/pam/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27617
Modified Files:
pam.spec
Added Files:
pam-0.99.8.1-unix-any-user.patch
Log Message:
- allow mod_auth_pam to work if httpd user has access to shadow
pam-0.99.8.1-unix-any-user.patch:
--- NEW FILE pam-0.99.8.1-unix-any-user.patch ---
diff -up Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c.any-user Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c
--- Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c.any-user 2008-02-19 20:12:52.000000000 +0100
+++ Linux-PAM-0.99.8.1/modules/pam_unix/unix_chkpwd.c 2008-02-19 20:58:42.000000000 +0100
@@ -101,7 +101,9 @@ int main(int argc, char *argv[])
/* if the caller specifies the username, verify that user
matches it */
if (strcmp(user, argv[1])) {
- return PAM_AUTH_ERR;
+ user = argv[1];
+ /* no match -> permanently change to the real user and proceed */
+ setuid(getuid());
}
}
Index: pam.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam/F-8/pam.spec,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -r1.163 -r1.164
--- pam.spec 19 Feb 2008 19:13:42 -0000 1.163
+++ pam.spec 19 Feb 2008 20:44:50 -0000 1.164
@@ -33,6 +33,7 @@
Patch5: pam-0.99.8.1-audit-no-log.patch
Patch24: pam-0.99.8.1-unix-update-helper.patch
Patch25: pam-0.99.8.1-unix-hpux-aging.patch
+Patch26: pam-0.99.8.1-unix-any-user.patch
Patch31: pam-0.99.3.0-cracklib-try-first-pass.patch
Patch32: pam-0.99.3.0-tally-fail-close.patch
Patch40: pam-0.99.7.1-namespace-temp-logon.patch
@@ -107,6 +108,7 @@
%patch5 -p1 -b .no-log
%patch24 -p1 -b .update-helper
%patch25 -p1 -b .unix-hpux-aging
+%patch26 -p1 -b .any-user
%patch31 -p1 -b .try-first-pass
%patch32 -p1 -b .fail-close
%patch40 -p1 -b .temp-logon
@@ -374,7 +376,8 @@
%changelog
* Tue Feb 19 2008 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-17.1
-- fix spurious syslog message (#433459)
+- fix spurious syslog message and allow mod_auth_pam
+ to work if httpd user has access to shadow (#433459)
* Mon Jan 28 2008 Tomas Mraz <tmraz at redhat.com> 0.99.8.1-17
- test for setkeycreatecon correctly
More information about the fedora-extras-commits
mailing list