diff options
Diffstat (limited to 'source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch')
| -rw-r--r-- | source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch b/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch new file mode 100644 index 000000000..41733ae04 --- /dev/null +++ b/source/a/pam/fedora-patches/pam-1.3.1-unix-fix_checksalt_syslog.patch @@ -0,0 +1,104 @@ +From d8d11db2cef65da5d2afa7acf21aa9c8cd88abed Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tmraz@fedoraproject.org> +Date: Tue, 27 Nov 2018 16:11:03 +0100 +Subject: [PATCH] pam_unix: Use pam_syslog instead of helper_log_err. + +* modules/pam_unix/passverify.c (verify_pwd_hash): Add pamh argument via + PAMH_ARG_DECL. Call pam_syslog() instead of helper_log_err(). +* modules/pam_unix/passverify.h: Adjust the declaration of verify_pwd_hash(). +* modules/pam_unix/support.c (_unix_verify_password): Add the pamh argument + to verify_pwd_hash() call. +--- + modules/pam_unix/passverify.c | 24 +++++++++++++----------- + modules/pam_unix/passverify.h | 6 +++--- + modules/pam_unix/support.c | 2 +- + 3 files changed, 17 insertions(+), 15 deletions(-) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 2c808eb5..80e32767 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -65,8 +65,8 @@ strip_hpux_aging(char *hash) + } + } + +-int +-verify_pwd_hash(const char *p, char *hash, unsigned int nullok) ++PAMH_ARG_DECL(int verify_pwd_hash, ++ const char *p, char *hash, unsigned int nullok) + { + size_t hash_len; + char *pp = NULL; +@@ -116,11 +116,10 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) + * pam_syslog() needs a pam handle, + * but that's not available here. + */ +- helper_log_err(LOG_ERR, +- "pam_unix(verify_pwd_hash): The method " +- "for computing the hash \"%.6s\" has been " +- "disabled in libcrypt by the preset from " +- "the system's vendor and/or administrator.", ++ pam_syslog(pamh, LOG_ERR, ++ "The support for password hash \"%.6s\" " ++ "has been disabled in libcrypt " ++ "configuration.", + hash); + } + /* +@@ -132,12 +131,15 @@ verify_pwd_hash(const char *p, char *hash, unsigned int nullok) + * recent implementations of libcrypt. + */ + if (retval_checksalt == CRYPT_SALT_INVALID) { +- helper_log_err(LOG_ERR, +- "pam_unix(verify_pwd_hash): The hash \"%.6s\"" +- "does not use a method known by the version " +- "of libcrypt this system is supplied with.", ++ pam_syslog(pamh, LOG_ERR, ++ "The password hash \"%.6s\" is unknown to " ++ "libcrypt.", + hash); + } ++#else ++#ifndef HELPER_COMPILE ++ (void)pamh; ++#endif + #endif + #ifdef HAVE_CRYPT_R + struct crypt_data *cdata; +diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h +index 086c28ac..e9a88fbf 100644 +--- a/modules/pam_unix/passverify.h ++++ b/modules/pam_unix/passverify.h +@@ -12,9 +12,6 @@ + + #define OLD_PASSWORDS_FILE "/etc/security/opasswd" + +-int +-verify_pwd_hash(const char *p, char *hash, unsigned int nullok); +- + int + is_pwd_shadowed(const struct passwd *pwd); + +@@ -65,6 +62,9 @@ read_passwords(int fd, int npass, char **passwords); + #define PAMH_ARG(...) pamh, __VA_ARGS__ + #endif + ++PAMH_ARG_DECL(int verify_pwd_hash, ++ const char *p, char *hash, unsigned int nullok); ++ + PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned long long ctrl, int rounds); + +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index 6894288d..ea5594d2 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -770,7 +770,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name + } + } + } else { +- retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); ++ retval = verify_pwd_hash(pamh, p, salt, off(UNIX__NONULL, ctrl)); + } + + if (retval == PAM_SUCCESS) { |