- pam_unix: fix missing initialization of daysleft (#1887077)
- pam_motd: change privilege message prompt to default (#1861640)
This commit is contained in:
parent
767f761a2d
commit
75940340ad
27
pam-1.4.0-motd-privilege-message.patch
Normal file
27
pam-1.4.0-motd-privilege-message.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 9f24bbeeb4fe04bc396898cd9825478ad52c5ac7 Mon Sep 17 00:00:00 2001
|
||||
From: ikerexxe <ipedrosa@redhat.com>
|
||||
Date: Wed, 21 Oct 2020 09:47:20 +0200
|
||||
Subject: [PATCH] pam_motd: unset prompt value to drop privileges
|
||||
|
||||
modules/pam_motd/pam_motd.c: set NULL value instead of "key user" for the
|
||||
prompt when dropping privileges.
|
||||
---
|
||||
modules/pam_motd/pam_motd.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c
|
||||
index a4fd0e59..6ac8cba2 100644
|
||||
--- a/modules/pam_motd/pam_motd.c
|
||||
+++ b/modules/pam_motd/pam_motd.c
|
||||
@@ -288,7 +288,7 @@ static int drop_privileges(pam_handle_t *pamh, struct pam_modutil_privs *privs)
|
||||
const char *username;
|
||||
int retval;
|
||||
|
||||
- retval = pam_get_user(pamh, &username, "key user");
|
||||
+ retval = pam_get_user(pamh, &username, NULL);
|
||||
|
||||
if (retval == PAM_SUCCESS) {
|
||||
pw = pam_modutil_getpwnam (pamh, username);
|
||||
--
|
||||
2.26.2
|
||||
|
32
pam-1.4.0-unix-init-daysleft.patch
Normal file
32
pam-1.4.0-unix-init-daysleft.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From db6b293046aee4735f3aa2d1713742ed4b533219 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
Date: Wed, 22 Jul 2020 11:47:55 +0200
|
||||
Subject: [PATCH] Fix missing initialization of daysleft
|
||||
|
||||
The daysleft otherwise stays uninitialized if there is no shadow entry.
|
||||
|
||||
Regression from commit f5adefa.
|
||||
|
||||
Fixes #255
|
||||
|
||||
* modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Initialize daysleft.
|
||||
---
|
||||
modules/pam_unix/pam_unix_acct.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
|
||||
index de8d65c1..f46f2308 100644
|
||||
--- a/modules/pam_unix/pam_unix_acct.c
|
||||
+++ b/modules/pam_unix/pam_unix_acct.c
|
||||
@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
|
||||
unsigned long long ctrl;
|
||||
const void *void_uname;
|
||||
const char *uname;
|
||||
- int retval, daysleft;
|
||||
+ int retval, daysleft = -1;
|
||||
char buf[256];
|
||||
|
||||
D(("called."));
|
||||
--
|
||||
2.26.2
|
||||
|
12
pam.spec
12
pam.spec
@ -3,7 +3,7 @@
|
||||
Summary: An extensible library which provides authentication for applications
|
||||
Name: pam
|
||||
Version: 1.4.0
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
# The library is BSD licensed with option to relicense as GPLv2+
|
||||
# - this option is redundant as the BSD license allows that anyway.
|
||||
# pam_timestamp, pam_loginuid, and pam_console modules are GPLv2+.
|
||||
@ -48,6 +48,10 @@ Patch58: pam-1.3.1-faillock-change-file-permissions.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/16cebfeb30a8bd7c7dc269190a054c25b0f8d044
|
||||
# https://github.com/linux-pam/linux-pam/commit/ad8b6feaf8ea989368676acaea905998a807986e
|
||||
Patch59: pam-1.4.0-motd-filter-files.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/db6b293046aee4735f3aa2d1713742ed4b533219
|
||||
Patch60: pam-1.4.0-unix-init-daysleft.patch
|
||||
# https://github.com/linux-pam/linux-pam/commit/9f24bbeeb4fe04bc396898cd9825478ad52c5ac7
|
||||
Patch61: pam-1.4.0-motd-privilege-message.patch
|
||||
|
||||
%global _pamlibdir %{_libdir}
|
||||
%global _moduledir %{_libdir}/security
|
||||
@ -139,6 +143,8 @@ cp %{SOURCE18} .
|
||||
%patch57 -p1 -b .determine-user-exists
|
||||
%patch58 -p1 -b .faillock-change-file-permissions
|
||||
%patch59 -p1 -b .motd-filter-files
|
||||
%patch60 -p1 -b .unix-init-daysleft
|
||||
%patch61 -p1 -b .motd-privilege-message
|
||||
|
||||
autoreconf -i
|
||||
|
||||
@ -398,6 +404,10 @@ done
|
||||
%doc doc/sag/*.txt doc/sag/html
|
||||
|
||||
%changelog
|
||||
* Mon Oct 19 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-6
|
||||
- pam_unix: fix missing initialization of daysleft (#1887077)
|
||||
- pam_motd: change privilege message prompt to default (#1861640)
|
||||
|
||||
* Wed Oct 14 2020 Iker Pedrosa <ipedrosa@redhat.com> - 1.4.0-5
|
||||
- pam_motd: read motd files with target user credentials skipping unreadable ones (#1861640)
|
||||
- Clarify upstreamed patches
|
||||
|
Loading…
Reference in New Issue
Block a user