Репозитории ALT
5.1: | 1.1.3-alt0.M51.1 |
4.1: | 1.0.1-alt1 |
4.0: | 0.99.6.3-alt2 |
3.0: | 0.75-alt29 |
Группа :: Система/Основа
Пакет: pam
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: Linux-PAM-0.99.6.2-owl-pam_wheel-use_uid.patch
Скачать
Скачать
--- Linux-PAM-0.99.6.2.orig/modules/pam_wheel/README
+++ Linux-PAM-0.99.6.2/modules/pam_wheel/README
@@ -41,9 +41,9 @@ trust
use_uid
- The check for wheel membership will be done against the current uid instead
- of the original one (useful when jumping with su from one account to
- another for example).
+ The check for wheel membership will be done against the current uid;
+ this version of pam_wheel can only work in this way and ignores the
+ 'use_uid' argument.
EXAMPLES
--- Linux-PAM-0.99.6.2.orig/modules/pam_wheel/pam_wheel.8
+++ Linux-PAM-0.99.6.2/modules/pam_wheel/pam_wheel.8
@@ -47,7 +47,7 @@ The check for wheel membership is done o
The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd).
.TP 3n
\fBuse_uid\fR
-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example).
+The check for wheel membership will be done against the current uid; this version of pam_wheel can only work in this way and ignores the \fBuse_uid\fR argument.
.SH "MODULE SERVICES PROVIDED"
.PP
The
--- Linux-PAM-0.99.6.2.orig/modules/pam_wheel/pam_wheel.8.xml
+++ Linux-PAM-0.99.6.2/modules/pam_wheel/pam_wheel.8.xml
@@ -121,9 +121,9 @@
</term>
<listitem>
<para>
- The check for wheel membership will be done against
- the current uid instead of the original one (useful when
- jumping with su from one account to another for example).
+ The check for wheel membership will be done against the
+ current uid; this version of pam_wheel can only work in this
+ way and ignores the <option>use_uid</option> argument.
</para>
</listitem>
</varlistentry>
--- Linux-PAM-0.99.6.2.orig/modules/pam_wheel/pam_wheel.c
+++ Linux-PAM-0.99.6.2/modules/pam_wheel/pam_wheel.c
@@ -110,7 +110,7 @@ perform_check (pam_handle_t *pamh, int c
retval = pam_get_user(pamh, &username, NULL);
if ((retval != PAM_SUCCESS) || (!username)) {
if (ctrl & PAM_DEBUG_ARG) {
- pam_syslog(pamh, LOG_DEBUG, "can not get the username");
+ pam_syslog(pamh, LOG_DEBUG, "cannot get the username");
}
return PAM_SERVICE_ERR;
}
@@ -118,7 +118,7 @@ perform_check (pam_handle_t *pamh, int c
pwd = pam_modutil_getpwnam (pamh, username);
if (!pwd) {
if (ctrl & PAM_DEBUG_ARG) {
- pam_syslog(pamh, LOG_NOTICE, "unknown user %s", username);
+ pam_syslog(pamh, LOG_NOTICE, "unknown username");
}
return PAM_USER_UNKNOWN;
}
@@ -129,7 +129,9 @@ perform_check (pam_handle_t *pamh, int c
}
}
+#if 0
if (ctrl & PAM_USE_UID_ARG) {
+#endif
tpwd = pam_modutil_getpwuid (pamh, getuid());
if (!tpwd) {
if (ctrl & PAM_DEBUG_ARG) {
@@ -138,6 +140,7 @@ perform_check (pam_handle_t *pamh, int c
return PAM_SERVICE_ERR;
}
fromsu = tpwd->pw_name;
+#if 0
} else {
fromsu = pam_modutil_getlogin(pamh);
if (fromsu) {
@@ -150,6 +153,7 @@ perform_check (pam_handle_t *pamh, int c
return PAM_SERVICE_ERR;
}
}
+#endif
/*
* At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu