[Pkg-shadow-commits] r787 - trunk/debian/patches
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Fri Jan 13 09:32:30 UTC 2006
Author: nekral-guest
Date: 2006-01-13 09:32:29 +0000 (Fri, 13 Jan 2006)
New Revision: 787
Added:
trunk/debian/patches/483_su_fakelogin_wrong_arg0
Modified:
trunk/debian/patches/463_login_delay_obeys_to_PAM
Log:
I committed 463_login_delay_obeys_to_PAM instead of
483_su_fakelogin_wrong_arg0 in revision 786.
Revert the changes on 463_login_delay_obeys_to_PAM and commit the new
483_su_fakelogin_wrong_arg0 patch
Modified: trunk/debian/patches/463_login_delay_obeys_to_PAM
===================================================================
--- trunk/debian/patches/463_login_delay_obeys_to_PAM 2006-01-12 13:47:28 UTC (rev 786)
+++ trunk/debian/patches/463_login_delay_obeys_to_PAM 2006-01-13 09:32:29 UTC (rev 787)
@@ -5,43 +5,11 @@
Status wrt upstream: Forwarded but not applied yet
-Index: shadow-4.0.14/src/login.c
+Index: shadow-4.0.13/src/login.c
===================================================================
---- shadow-4.0.14.orig/src/login.c 2006-01-11 00:03:20.000000000 +0100
-+++ shadow-4.0.14/src/login.c 2006-01-11 01:07:23.000000000 +0100
-@@ -327,7 +327,6 @@
- char ptime[80];
- #endif
- int reason = PW_LOGIN;
-- int delay;
- int retries;
- int failed;
- int flag;
-@@ -346,6 +345,7 @@
- pid_t child;
- char *pam_user;
- #else
-+ int delay;
- struct spwd *spwd = NULL;
- #endif
- /*
-@@ -568,7 +568,6 @@
- alarm (timeout);
-
- environ = newenvp; /* make new environment active */
-- delay = getdef_num ("FAIL_DELAY", 1);
- retries = getdef_num ("LOGIN_RETRIES", RETRIES);
-
- #ifdef USE_PAM
-@@ -584,17 +583,12 @@
-
- /*
- * hostname & tty are either set to NULL or their correct values,
-- * depending on how much we know. We also set PAM's fail delay to
-- * ours.
-+ * depending on how much we know.
- */
- retcode = pam_set_item (pamh, PAM_RHOST, hostname);
+--- shadow-4.0.13.orig/src/login.c 2005-10-27 16:10:53.130114016 +0200
++++ shadow-4.0.13/src/login.c 2005-10-27 16:18:17.602543936 +0200
+@@ -595,10 +595,6 @@
PAM_FAIL_CHECK;
retcode = pam_set_item (pamh, PAM_TTY, tty);
PAM_FAIL_CHECK;
@@ -52,73 +20,25 @@
/* if fflg == 1, then the user has already been authenticated */
if (!fflg || (getuid () != 0)) {
int failcount = 0;
-@@ -635,8 +629,6 @@
+@@ -639,8 +635,6 @@
failed = 0;
-
+
failcount++;
- if (delay > 0)
- retcode = pam_fail_delay(pamh, 1000000*delay);
retcode = pam_authenticate (pamh, 0);
-
-@@ -931,13 +923,16 @@
- if (pwent.pw_passwd[0] == '\0')
- pw_auth ("!", username, reason, (char *) 0);
-
-+#ifndef USE_PAM
- /*
- * Wait a while (a la SVR4 /usr/bin/login) before attempting
- * to login the user again. If the earlier alarm occurs
+
+@@ -915,10 +909,9 @@
* before the sleep() below completes, login will exit.
*/
-+ delay = getdef_num ("FAIL_DELAY", 1);
- if (delay > 0)
- sleep (delay);
-+#endif
-
+ #ifndef USE_PAM
+- if (delay > 0)
+- sleep (delay);
++ if (delay > 0)
++ sleep (delay); */
+ #endif
+-
puts (_("Login incorrect"));
-Index: shadow-4.0.14/debian/login.defs
-===================================================================
---- shadow-4.0.14.orig/debian/login.defs 2006-01-11 00:03:20.000000000 +0100
-+++ shadow-4.0.14/debian/login.defs 2006-01-11 01:07:15.000000000 +0100
-@@ -36,11 +36,6 @@
- #MAIL_FILE .mail
-
- #
--# Delay in seconds before being allowed another attempt after a login failure
--#
--FAIL_DELAY 3
--
--#
- # Enable logging and display of /var/log/faillog login failure info.
- # This option conflicts with the pam_tally PAM module.
- #
-@@ -321,6 +316,7 @@
- #ENV_HZ
- #CHFN_AUTH
- #CHSH_AUTH
-+#FAIL_DELAY
-
- ################# OBSOLETED #######################
- # #
-Index: shadow-4.0.14/lib/getdef.c
-===================================================================
---- shadow-4.0.14.orig/lib/getdef.c 2006-01-11 00:03:20.000000000 +0100
-+++ shadow-4.0.14/lib/getdef.c 2006-01-11 01:07:15.000000000 +0100
-@@ -55,7 +55,6 @@
- {"ENV_PATH", NULL},
- {"ENV_SUPATH", NULL},
- {"ERASECHAR", NULL},
-- {"FAIL_DELAY", NULL},
- {"FAILLOG_ENAB", NULL},
- {"FAKE_SHELL", NULL},
- {"FTMP_FILE", NULL},
-@@ -91,6 +90,7 @@
- {"ENV_HZ", NULL},
- {"ENV_TZ", NULL},
- {"ENVIRON_FILE", NULL},
-+ {"FAIL_DELAY", NULL},
- {"ISSUE_FILE", NULL},
- {"LASTLOG_ENAB", NULL},
- {"LOGIN_STRING", NULL},
+ /* allow only one attempt with -r or -f */
Added: trunk/debian/patches/483_su_fakelogin_wrong_arg0
===================================================================
--- trunk/debian/patches/483_su_fakelogin_wrong_arg0 2006-01-12 13:47:28 UTC (rev 786)
+++ trunk/debian/patches/483_su_fakelogin_wrong_arg0 2006-01-13 09:32:29 UTC (rev 787)
@@ -0,0 +1,17 @@
+Goal: shell's name must be -su when a su fakes a login
+
+Status wrt upstream: not reported yet
+
+Index: shadow-4.0.14/src/su.c
+===================================================================
+--- shadow-4.0.14.orig/src/su.c 2006-01-12 14:35:45.000000000 +0100
++++ shadow-4.0.14/src/su.c 2006-01-12 14:41:10.000000000 +0100
+@@ -902,7 +902,7 @@
+ * Use the shell and create an argv
+ * with the rest of the command line included.
+ */
+- argv[-1] = shellstr;
++ argv[-1] = cp;
+ #ifndef USE_PAM
+ (void) execv (shellstr, &argv[-1]);
+ #else
More information about the Pkg-shadow-commits
mailing list