File pam-userdb-upgrade-to-1.3.1.patch of Package pam.32014
diff -ru Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/pam_userdb.8
--- Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 2013-06-18 16:26:14.000000000 +0200
+++ /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/pam_userdb.8 2017-05-18 09:47:35.000000000 +0200
@@ -2,12 +2,12 @@
.\" Title: pam_userdb
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 06/18/2013
+.\" Date: 05/18/2017
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_USERDB" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_USERDB" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -53,7 +53,9 @@
/path/database
database for performing lookup\&. There is no default; the module will return
\fBPAM_IGNORE\fR
-if no database is provided\&.
+if no database is provided\&. Note that the path to the database file should be specified without the
+\&.db
+suffix\&.
.RE
.PP
\fBdebug\fR
@@ -139,7 +141,7 @@
.RS 4
.\}
.nf
-auth sufficient pam_userdb\&.so icase db=/etc/dbtest\&.db
+auth sufficient pam_userdb\&.so icase db=/etc/dbtest
.fi
.if n \{\
diff -ru Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/pam_userdb.8.xml
--- Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml 2013-06-18 16:11:21.000000000 +0200
+++ /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/pam_userdb.8.xml 2017-02-10 11:10:15.000000000 +0100
@@ -89,7 +89,8 @@
Use the <filename>/path/database</filename> database for
performing lookup. There is no default; the module will
return <emphasis remap='B'>PAM_IGNORE</emphasis> if no
- database is provided.
+ database is provided. Note that the path to the database file
+ should be specified without the <filename>.db</filename> suffix.
</para>
</listitem>
</varlistentry>
@@ -260,7 +261,7 @@
<refsect1 id='pam_userdb-examples'>
<title>EXAMPLES</title>
<programlisting>
-auth sufficient pam_userdb.so icase db=/etc/dbtest.db
+auth sufficient pam_userdb.so icase db=/etc/dbtest
</programlisting>
</refsect1>
diff -ru Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/pam_userdb.c
--- Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c 2018-11-26 14:04:37.768275886 +0100
+++ /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/pam_userdb.c 2017-02-10 11:10:15.000000000 +0100
@@ -213,15 +213,23 @@
/* crypt(3) password storage */
- char *cryptpw;
+ char *cryptpw = NULL;
if (data.dsize < 13) {
compare = -2;
} else if (ctrl & PAM_ICASE_ARG) {
compare = -2;
} else {
+#ifdef HAVE_CRYPT_R
+ struct crypt_data *cdata = NULL;
+ cdata = malloc(sizeof(*cdata));
+ if (cdata != NULL) {
+ cdata->initialized = 0;
+ cryptpw = crypt_r(pass, data.dptr, cdata);
+ }
+#else
cryptpw = crypt (pass, data.dptr);
-
+#endif
if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) {
compare = memcmp(data.dptr, cryptpw, data.dsize);
} else {
@@ -232,9 +240,11 @@
else
pam_syslog(pamh, LOG_INFO, "crypt() returned NULL");
}
- };
-
- };
+ }
+#ifdef HAVE_CRYPT_R
+ free(cdata);
+#endif
+ }
} else {
@@ -324,7 +334,7 @@
/* --- authentication management functions (only) --- */
-PAM_EXTERN int
+int
pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
@@ -387,7 +397,7 @@
return PAM_SERVICE_ERR;
case -1:
/* incorrect password */
- pam_syslog(pamh, LOG_WARNING,
+ pam_syslog(pamh, LOG_NOTICE,
"user `%s' denied access (incorrect password)",
username);
return PAM_AUTH_ERR;
@@ -413,14 +423,14 @@
return PAM_IGNORE;
}
-PAM_EXTERN int
+int
pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
int argc UNUSED, const char **argv UNUSED)
{
return PAM_SUCCESS;
}
-PAM_EXTERN int
+int
pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
@@ -465,23 +475,6 @@
return PAM_SUCCESS;
}
-
-#ifdef PAM_STATIC
-
-/* static module data */
-
-struct pam_module _pam_userdb_modstruct = {
- "pam_userdb",
- pam_sm_authenticate,
- pam_sm_setcred,
- pam_sm_acct_mgmt,
- NULL,
- NULL,
- NULL,
-};
-
-#endif
-
/*
* Copyright (c) Cristian Gafton <gafton@redhat.com>, 1999
* All rights reserved
diff -ru Linux-PAM-1.1.8/modules/pam_userdb/README /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/README
--- Linux-PAM-1.1.8/modules/pam_userdb/README 2013-09-19 10:02:21.000000000 +0200
+++ /suse/jmoellers/OBS/Linux-PAM/pam/Linux-PAM-1.3.1/modules/pam_userdb/README 2017-05-18 09:47:35.000000000 +0200
@@ -13,14 +13,15 @@
crypt=[crypt|none]
Indicates whether encrypted or plaintext passwords are stored in the
- database. If it is crypt, passwords should be stored in the database in
+ database. If it is crypt, passwords should be stored in the database in
crypt(3) form. If none is selected, passwords should be stored in the
database as plaintext.
db=/path/database
Use the /path/database database for performing lookup. There is no default;
- the module will return PAM_IGNORE if no database is provided.
+ the module will return PAM_IGNORE if no database is provided. Note that the
+ path to the database file should be specified without the .db suffix.
debug
@@ -65,7 +66,7 @@
EXAMPLES
-auth sufficient pam_userdb.so icase db=/etc/dbtest.db
+auth sufficient pam_userdb.so icase db=/etc/dbtest
AUTHOR
