Bug#203222: Patch for pam/nis

Tue, 01 Aug 2006 20:05:05 -0700

Crap, I sent the wrong patch. That was the old patch that we've all seen before. The new patch is far simpler and can probably be sent upstream (if they will take it). but for completeness I figured it would be best to make sure its in the applicable bugs, too. 

Sorry about that.

Steve Langasek wrote:

On Tue, Aug 01, 2006 at 03:47:42PM -0500, Scott M. Dier wrote:
This patch 'works for me' and re-uses the (i feel) applicable shadow doesn't have to be valid/existing option. 



diff -ur pam-0.76/debian/changelog pam-0.76-new/debian/changelog
--- pam-0.76/debian/changelog   2005-08-31 16:00:35.267474000 -0500
+++ pam-0.76-new/debian/changelog       2005-08-31 15:55:45.857647000 -0500
@@ -1,3 +1,10 @@
+pam (0.76-22umn1) unstable; urgency=low
+
+  * Ported patches from newer version of Linux-PAM to support NIS
+    password changing in the pam_unix module.
+
+ -- Scott M. Dier <[EMAIL PROTECTED]>  Wed, 31 Aug 2005 15:30:08 -0500
+


You haven't said what version it's backported from, and you've applied it
against the sarge version of the pam package.  This patch is useless to me;
PAM is currently at 0.79 in etch, and I don't have any intention of trying
to merge more individual patches from upstream into the Debian package when
the patch set is already thoroughly unwieldly.

If you can tell me the provenance of the patch, I can consider targetting an
appropriate upstream version for etch instead.




--
Scott Dier <[EMAIL PROTECTED]>
CS/IT Systems Staff

--- pam-0.79/Linux-PAM/modules/pam_unix/pam_unix_passwd.c       2006-07-25 
16:56:36.098001000 -0500
+++ pam_unix_passwd.c   2006-07-25 16:56:07.218039000 -0500
@@ -1043,7 +1043,11 @@
                                            "You must wait longer to change 
your password");
                        else
                                retval = PAM_SUCCESS;
-               }
+               } else if ((retval == PAM_AUTHINFO_UNAVAIL) && 
on(UNIX_BROKEN_SHADOW, ctrl)) {
+                  /* If the admin doesn't want to worry about shadow, reply 
with success */
+                  retval = PAM_SUCCESS;
+                }
+                
        } else if (on(UNIX__UPDATE, ctrl)) {
                /*
                 * tpass is used below to store the _pam_md() return; it
@@ -1144,8 +1148,12 @@
 
                retval = _unix_verify_shadow(pamh, user, ctrl);
                if (retval != PAM_SUCCESS) {
+                  if(on(UNIX_BROKEN_SHADOW, ctrl) && on(UNIX_NIS,ctrl)) {
+                    retval = PAM_SUCCESS;
+                  } else {
                        _log_err(LOG_NOTICE, pamh, "user not authenticated 2");
                        return retval;
+                  }
                }
 
                retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);

Reply via email to