diff options
Diffstat (limited to 'testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch')
| -rw-r--r-- | testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch | 105 |
1 files changed, 0 insertions, 105 deletions
diff --git a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch b/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch deleted file mode 100644 index 8755cf602..000000000 --- a/testing/source/PAM/a/pam/fedora-patches/pam-1.3.1-unix-no-fallback.patch +++ /dev/null @@ -1,105 +0,0 @@ -Index: Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/pam_unix.8.xml -+++ Linux-PAM-1.3.1/modules/pam_unix/pam_unix.8.xml -@@ -293,11 +293,10 @@ - <listitem> - <para> - When a user changes their password next, -- encrypt it with the SHA256 algorithm. If the -- SHA256 algorithm is not known to the <citerefentry> -+ encrypt it with the SHA256 algorithm. The -+ SHA256 algorithm must be supported by the <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry> function, -- fall back to MD5. -+ </citerefentry> function. - </para> - </listitem> - </varlistentry> -@@ -308,11 +307,10 @@ - <listitem> - <para> - When a user changes their password next, -- encrypt it with the SHA512 algorithm. If the -- SHA512 algorithm is not known to the <citerefentry> -+ encrypt it with the SHA512 algorithm. The -+ SHA512 algorithm must be supported by the <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry> function, -- fall back to MD5. -+ </citerefentry> function. - </para> - </listitem> - </varlistentry> -@@ -323,11 +321,10 @@ - <listitem> - <para> - When a user changes their password next, -- encrypt it with the blowfish algorithm. If the -- blowfish algorithm is not known to the <citerefentry> -+ encrypt it with the blowfish algorithm. The -+ blowfish algorithm must be supported by the <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry> function, -- fall back to MD5. -+ </citerefentry> function. - </para> - </listitem> - </varlistentry> -@@ -338,11 +335,10 @@ - <listitem> - <para> - When a user changes their password next, -- encrypt it with the gost-yescrypt algorithm. If the -- gost-yescrypt algorithm is not known to the <citerefentry> -+ encrypt it with the gost-yescrypt algorithm. The -+ gost-yescrypt algorithm must be supported by the <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry> function, -- fall back to MD5. -+ </citerefentry> function. - </para> - </listitem> - </varlistentry> -@@ -353,11 +349,10 @@ - <listitem> - <para> - When a user changes their password next, -- encrypt it with the yescrypt algorithm. If the -- yescrypt algorithm is not known to the <citerefentry> -+ encrypt it with the yescrypt algorithm. The -+ yescrypt algorithm must be supported by the <citerefentry> - <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> -- </citerefentry> function, -- fall back to MD5. -+ </citerefentry> function. - </para> - </listitem> - </varlistentry> -Index: Linux-PAM-1.3.1/modules/pam_unix/passverify.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_unix/passverify.c -+++ Linux-PAM-1.3.1/modules/pam_unix/passverify.c -@@ -466,10 +466,9 @@ PAMH_ARG_DECL(char * create_password_has - sp = crypt(password, salt); - #endif - if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { -- /* libxcrypt/libc doesn't know the algorithm, use MD5 */ -+ /* libxcrypt/libc doesn't know the algorithm, error out */ - pam_syslog(pamh, LOG_ERR, -- "Algo %s not supported by the crypto backend, " -- "falling back to MD5\n", -+ "Algo %s not supported by the crypto backend.\n", - on(UNIX_YESCRYPT_PASS, ctrl) ? "yescrypt" : - on(UNIX_GOST_YESCRYPT_PASS, ctrl) ? "gost_yescrypt" : - on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : -@@ -481,7 +480,7 @@ PAMH_ARG_DECL(char * create_password_has - #ifdef HAVE_CRYPT_R - free(cdata); - #endif -- return crypt_md5_wrapper(password); -+ return NULL; - } - sp = x_strdup(sp); - #ifdef HAVE_CRYPT_R |