Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/029-disable-redundant-pam_setcred.patch
author Brent Paulson <Brent.Paulson@Oracle.COM>
Fri, 10 Jul 2015 05:57:54 -0700
changeset 4649 b795d11564a3
permissions -rw-r--r--
19775805 OpenSSH contains a redundant call to do_pam_setcred() 21379157 OpenSSH shouldn't call setproject(3PROJECT) when configured to use PAM
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
4649
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     1
 
# This issue has been raised with the upstream OpenSSH community:
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     2
 
#
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     3
 
# 2426 OpenSSH doesn't need the second call to do_pam_setcred() on non-Linux
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     4
 
#      platforms
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     5
 
# https://bugzilla.mindrot.org/show_bug.cgi?id=2426
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     6
 
#
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     7
 
# The OpenSSH maintainers added a call to do_pam_setcred() in
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     8
 
# platform_setusercontext_post_groups() with no corresponding bugID along with
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
     9
 
# a befuddling comment that initgroups(3C) wipes out supplementary groups:
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    10
 
#
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    11
 
#https://anongit.mindrot.org/openssh.git/commit/platform.c?id=cc12418e18242ce1f61d7035da4956274ba13a96
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    12
 
#
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    13
 
# This only applies in the Linux world if the LinuxPAM pam_group(8) module
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    14
 
# has been installed and configured which allows one to assign additional
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    15
 
# secondary groups to a user using /etc/security/group.conf in addition to
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    16
 
# /etc/group.  To confuse things a bit more, there is an OpenPAM PAM module
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    17
 
# of the same name, pam_group(8), which has different functionality, it
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    18
 
# performs access control based on group membership.
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    19
 
#
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    20
 
# In short, this additional call to do_pam_setcred() is Linux-specific and
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    21
 
# shouldn't be called on Solaris.
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    22
 
#
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    23
 
diff -pur old/platform.c new/platform.c
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    24
 
--- old/platform.c	2015-07-02 04:21:38.155790601 -0700
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    25
 
+++ new/platform.c	2015-07-02 05:11:06.302125686 -0700
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    26
 
@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *p
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    27
 
 void
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    28
 
 platform_setusercontext_post_groups(struct passwd *pw)
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    29
 
 {
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    30
 
-#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    31
 
+#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    32
 
 	/*
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    33
 
 	 * PAM credentials may take the form of supplementary groups.
b795d11564a3 19775805 OpenSSH contains a redundant call to do_pam_setcred()
Brent Paulson <Brent.Paulson@Oracle.COM>
parents:
diff changeset 
    34
 
 	 * These will have been wiped by the above initgroups() call.
upstream/oracle/userland-gate