diff --git a/encryption_method_nis.diff b/encryption_method_nis.diff new file mode 100644 index 0000000..55980bf --- /dev/null +++ b/encryption_method_nis.diff @@ -0,0 +1,77 @@ +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 0cfc0f4..2239206 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + * rebuild the password database file. + */ + ++ ++ /* if it is a NIS account, check for special hash algo */ ++ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { ++ /* preset encryption method with value from /etc/login.defs */ ++ int j; ++ char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); ++ if (val) { ++ for (j = 0; j < UNIX_CTRLS_; ++j) { ++ if (unix_args[j].token && unix_args[j].is_hash_algo ++ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { ++ break; ++ } ++ } ++ if (j >= UNIX_CTRLS_) { ++ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); ++ } else { ++ ctrl &= unix_args[j].mask; /* for turning things off */ ++ ctrl |= unix_args[j].flag; /* for turning things on */ ++ } ++ free (val); ++ } ++ } ++ + /* + * First we encrypt the new password. + */ +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index 19d72e6..dafa9f0 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -37,8 +37,8 @@ + #define SELINUX_ENABLED 0 + #endif + +-static char * +-search_key (const char *key, const char *filename) ++char * ++_unix_search_key (const char *key, const char *filename) + { + FILE *fp; + char *buf = NULL; +@@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + } + + /* preset encryption method with value from /etc/login.defs */ +- val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); ++ val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo +@@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + + /* read number of rounds for crypt algo */ + if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { +- val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); ++ val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + + if (val) { + *rounds = strtol(val, NULL, 10); +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 6f5b2eb..a35a8a8 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh + + extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned int ctrl, const char *user, int *daysleft); ++extern char *_unix_search_key(const char *key, const char *filename); + #endif /* _PAM_UNIX_SUPPORT_H */ diff --git a/pam.changes b/pam.changes index ae1b8d6..99a08cc 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + ------------------------------------------------------------------- Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index bc38089..864933e 100644 --- a/pam.spec +++ b/pam.spec @@ -54,6 +54,7 @@ Source9: baselibs.conf Patch0: fix-man-links.dif Patch1: Linux-PAM-git-20150109.diff Patch2: pam-limit-nproc.patch +Patch3: encryption_method_nis.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -104,6 +105,7 @@ building both PAM-aware applications and modules for use with PAM. %patch0 -p1 %patch1 -p2 %patch2 -p1 +%patch3 -p1 %build autoreconf -fiv