Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssh/patches/029-disable-redundant-pam_setcred.patch
author Jan Parcel <jan.parcel@oracle.com>
Mon, 25 Jan 2016 10:57:40 -0800
branchs11u3-sru
changeset 5324 5683175b6e99
permissions -rw-r--r--
PSARC/2015/395 OpenSSH 7.1p1 PSARC 2014/390 OpenSSH GSSKEY 21696247 upgrade OpenSSH to 7.1p1 22031540 problem in UTILITY/OPENSSH 22022180 problem in UTILITY/OPENSSH 22048638 problem in UTILITY/OPENSSH 19775805 OpenSSH contains a redundant call to do_pam_setcred() 21379157 OpenSSH shouldn't call setproject(3PROJECT) when configured to use PAM 20919294 upgrade OpenSSH to 6.8p1 19130869 migrate the Xforwarding bug fix (15350344) from SunSSH to OpenSSH 21861322 OpenSSH client hangs on broken pipe 22018764 remove cast128-cbc from OpenSSH 21919790 add GSSKeyEx as an alias to GSSAPIKeyExchange in OpenSSH 19941148 GSS-API Key Exchange for OpenSSH 21643415 OpenSSH should use AI_ADDRCONFIG per bug 19827438 20370803 OpenSSH patch number collision 20711463 OpenSSH wants to be able to login to a role too 22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5) 22582153 openssh system/linker should be added to core REQ

# This issue has been raised with the upstream OpenSSH community:
#
# 2426 OpenSSH doesn't need the second call to do_pam_setcred() on non-Linux
#      platforms
# https://bugzilla.mindrot.org/show_bug.cgi?id=2426
#
# The OpenSSH maintainers added a call to do_pam_setcred() in
# platform_setusercontext_post_groups() with no corresponding bugID along with
# a befuddling comment that initgroups(3C) wipes out supplementary groups:
#
#https://anongit.mindrot.org/openssh.git/commit/platform.c?id=cc12418e18242ce1f61d7035da4956274ba13a96
#
# This only applies in the Linux world if the LinuxPAM pam_group(8) module
# has been installed and configured which allows one to assign additional
# secondary groups to a user using /etc/security/group.conf in addition to
# /etc/group.  To confuse things a bit more, there is an OpenPAM PAM module
# of the same name, pam_group(8), which has different functionality, it
# performs access control based on group membership.
#
# In short, this additional call to do_pam_setcred() is Linux-specific and
# shouldn't be called on Solaris.
#
diff -pur old/platform.c new/platform.c
--- old/platform.c	2015-07-02 04:21:38.155790601 -0700
+++ new/platform.c	2015-07-02 05:11:06.302125686 -0700
@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *p
 void
 platform_setusercontext_post_groups(struct passwd *pw)
 {
-#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
+#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
 	/*
 	 * PAM credentials may take the form of supplementary groups.
 	 * These will have been wiped by the above initgroups() call.
upstream/oracle/userland-gate