[Pkg-shadow-commits] r786 - in trunk/debian: . patches

Nicolas FRANCOIS nekral-guest at costa.debian.org
Thu Jan 12 13:47:30 UTC 2006 

Author: nekral-guest
Date: 2006-01-12 13:47:28 +0000 (Thu, 12 Jan 2006)
New Revision: 786

Modified:
   trunk/debian/changelog
   trunk/debian/patches/463_login_delay_obeys_to_PAM
   trunk/debian/patches/series
Log:
shell's name must be -su when su fakes a login shell.
Closes #347747


Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2006-01-11 21:46:28 UTC (rev 785)
+++ trunk/debian/changelog	2006-01-12 13:47:28 UTC (rev 786)
@@ -18,6 +18,9 @@
         Closes: #296729
     - 482_libmisc_copydir_check_return_values:
       - check the return value of system calls in copy_tree
+    - 483_su_fakelogin_wrong_arg0:
+      - shell's name must be -su when su is faking a login shell.
+        Closes: #347747
   * Debian specific fixes:
     - debian/rules:
       - switch to cdbs for package build

Modified: trunk/debian/patches/463_login_delay_obeys_to_PAM
===================================================================
--- trunk/debian/patches/463_login_delay_obeys_to_PAM	2006-01-11 21:46:28 UTC (rev 785)
+++ trunk/debian/patches/463_login_delay_obeys_to_PAM	2006-01-12 13:47:28 UTC (rev 786)
@@ -5,11 +5,43 @@
 
 Status wrt upstream: Forwarded but not applied yet
 
-Index: shadow-4.0.13/src/login.c
+Index: shadow-4.0.14/src/login.c
 ===================================================================
---- shadow-4.0.13.orig/src/login.c	2005-10-27 16:10:53.130114016 +0200
-+++ shadow-4.0.13/src/login.c	2005-10-27 16:18:17.602543936 +0200
-@@ -595,10 +595,6 @@
+--- shadow-4.0.14.orig/src/login.c	2006-01-11 00:03:20.000000000 +0100
++++ shadow-4.0.14/src/login.c	2006-01-11 01:07:23.000000000 +0100
+@@ -327,7 +327,6 @@
+ 	char ptime[80];
+ #endif
+ 	int reason = PW_LOGIN;
+-	int delay;
+ 	int retries;
+ 	int failed;
+ 	int flag;
+@@ -346,6 +345,7 @@
+ 	pid_t child;
+ 	char *pam_user;
+ #else
++	int delay;
+ 	struct spwd *spwd = NULL;
+ #endif
+ 	/*
+@@ -568,7 +568,6 @@
+ 			alarm (timeout);
+ 
+ 		environ = newenvp;	/* make new environment active */
+-		delay = getdef_num ("FAIL_DELAY", 1);
+ 		retries = getdef_num ("LOGIN_RETRIES", RETRIES);
+ 
+ #ifdef USE_PAM
+@@ -584,17 +583,12 @@
+ 
+ 		/*
+ 		 * hostname & tty are either set to NULL or their correct values,
+-		 * depending on how much we know. We also set PAM's fail delay to
+-		 * ours.
++		 * depending on how much we know.
+ 		 */
+ 		retcode = pam_set_item (pamh, PAM_RHOST, hostname);
  		PAM_FAIL_CHECK;
  		retcode = pam_set_item (pamh, PAM_TTY, tty);
  		PAM_FAIL_CHECK;
@@ -20,25 +52,73 @@
  		/* if fflg == 1, then the user has already been authenticated */
  		if (!fflg || (getuid () != 0)) {
  			int failcount = 0;
-@@ -639,8 +635,6 @@
+@@ -635,8 +629,6 @@
  			  failed = 0;
- 			  
+ 
  			  failcount++;
 -			  if (delay > 0)
 -			    retcode = pam_fail_delay(pamh, 1000000*delay);
  
  			  retcode = pam_authenticate (pamh, 0);
- 			  
-@@ -915,10 +909,9 @@
+ 
+@@ -931,13 +923,16 @@
+ 		if (pwent.pw_passwd[0] == '\0')
+ 			pw_auth ("!", username, reason, (char *) 0);
+ 
++#ifndef USE_PAM
+ 		/*
+ 		 * Wait a while (a la SVR4 /usr/bin/login) before attempting
+ 		 * to login the user again. If the earlier alarm occurs
  		 * before the sleep() below completes, login will exit.
  		 */
- #ifndef USE_PAM
--		if (delay > 0)
--			sleep (delay);
-+ 		if (delay > 0)
-+		   sleep (delay); */
- #endif
--
++		delay = getdef_num ("FAIL_DELAY", 1);
+ 		if (delay > 0)
+ 			sleep (delay);
++#endif
+ 
  		puts (_("Login incorrect"));
  
- 		/* allow only one attempt with -r or -f */
+Index: shadow-4.0.14/debian/login.defs
+===================================================================
+--- shadow-4.0.14.orig/debian/login.defs	2006-01-11 00:03:20.000000000 +0100
++++ shadow-4.0.14/debian/login.defs	2006-01-11 01:07:15.000000000 +0100
+@@ -36,11 +36,6 @@
+ #MAIL_FILE      .mail
+ 
+ #
+-# Delay in seconds before being allowed another attempt after a login failure
+-#
+-FAIL_DELAY		3
+-
+-#
+ # Enable logging and display of /var/log/faillog login failure info.
+ # This option conflicts with the pam_tally PAM module.
+ #
+@@ -321,6 +316,7 @@
+ #ENV_HZ
+ #CHFN_AUTH
+ #CHSH_AUTH
++#FAIL_DELAY
+ 
+ ################# OBSOLETED #######################
+ #						  #
+Index: shadow-4.0.14/lib/getdef.c
+===================================================================
+--- shadow-4.0.14.orig/lib/getdef.c	2006-01-11 00:03:20.000000000 +0100
++++ shadow-4.0.14/lib/getdef.c	2006-01-11 01:07:15.000000000 +0100
+@@ -55,7 +55,6 @@
+ 	{"ENV_PATH", NULL},
+ 	{"ENV_SUPATH", NULL},
+ 	{"ERASECHAR", NULL},
+-	{"FAIL_DELAY", NULL},
+ 	{"FAILLOG_ENAB", NULL},
+ 	{"FAKE_SHELL", NULL},
+ 	{"FTMP_FILE", NULL},
+@@ -91,6 +90,7 @@
+ 	{"ENV_HZ", NULL},
+ 	{"ENV_TZ", NULL},
+ 	{"ENVIRON_FILE", NULL},
++	{"FAIL_DELAY", NULL},
+ 	{"ISSUE_FILE", NULL},
+ 	{"LASTLOG_ENAB", NULL},
+ 	{"LOGIN_STRING", NULL},

Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series	2006-01-11 21:46:28 UTC (rev 785)
+++ trunk/debian/patches/series	2006-01-12 13:47:28 UTC (rev 786)
@@ -46,6 +46,7 @@
 480_getopt_args_reorder
 481_userdel_remove_remove_group
 482_libmisc_copydir_check_return_values
+483_su_fakelogin_wrong_arg0
 # 999-2 is about using cdbs. It does not patch upstream files
 # so shouldn't be here, but we keep it for the future
 # 999-2_build_using_cdbs

More information about the Pkg-shadow-commits mailing list