pool/pam
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 940244 from Linux-PAM

Browse Source 
- Drop pam_umask-usergroups-login_defs.patch, does more harm
  than helps. If not explizit specified as module option, we
  use UMASK from login.defs unmodified. (forwarded request 940243 from kukuk)

OBS-URL: https://build.opensuse.org/request/show/940244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=120
This commit is contained in:
Dominique Leuenberger 2021-12-17 22:54:22 +00:00 committed by Git OBS Bridge
commit e11a0c3af1
3 changed files with 7 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pam.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Drop pam_umask-usergroups-login_defs.patch, does more harm
than helps. If not explizit specified as module option, we
use UMASK from login.defs unmodified.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

2
pam.spec
View File

@ -68,7 +68,6 @@ Patch1: pam-limit-nproc.patch
Patch2: pam-hostnames-in-access_conf.patch Patch2: pam-hostnames-in-access_conf.patch
Patch3: pam-xauth_ownership.patch Patch3: pam-xauth_ownership.patch
Patch4: pam-bsc1177858-dont-free-environment-string.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch
Patch5: pam_umask-usergroups-login_defs.patch
Patch10: pam_xauth_data.3.xml.patch Patch10: pam_xauth_data.3.xml.patch
Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch
Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch
@ -182,7 +181,6 @@ cp -a %{SOURCE12} .
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch5 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1 %patch12 -p1

129
pam_umask-usergroups-login_defs.patch
View File

@ -1,129 +0,0 @@
Description:
Deprecate pam_umask explicit "usergroups" option and instead read it from /etc/login.def's
"USERGROUP_ENAB" option if umask is only defined there.
Original Author: Martin Pitt <martin.pitt@ubuntu.com>
Bug-Debian: http://bugs.debian.org/583958
Index: Linux-PAM-1.5.2/modules/pam_umask/README
===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/README
+++ Linux-PAM-1.5.2/modules/pam_umask/README
@@ -15,7 +15,7 @@ following order:
• umask= argument
- • UMASK entry from /etc/login.defs
+ • UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB)
• UMASK= entry from /etc/default/login
@@ -38,7 +38,10 @@ usergroups
If the user is not root and the username is the same as primary group name,
the umask group bits are set to be the same as owner bits (examples: 022 ->
- 002, 077 -> 007).
+ 002, 077 -> 007). Note that using this option explicitly is discouraged.
+ pam_umask enables this functionality by default if /etc/login.defs enables
+ USERGROUPS_ENAB, and the umask is not set explicitly in other places than /
+ etc/login.defs.
nousergroups
Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8
===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8
+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8
@@ -68,7 +68,9 @@ umask= argument
.sp -1
.IP \(bu 2.3
.\}
-UMASK entry from /etc/login\&.defs
+UMASK entry from
+/etc/login\&.defs
+(influenced by USERGROUPS_ENAB)
.RE
.sp
.RS 4
@@ -79,7 +81,8 @@ UMASK entry from /etc/login\&.defs
.sp -1
.IP \(bu 2.3
.\}
-UMASK= entry from /etc/default/login
+UMASK= entry from
+/etc/default/login
.RE
.PP
The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&.
@@ -98,7 +101,10 @@ Don\*(Aqt print informative messages\&.
.PP
\fBusergroups\fR
.RS 4
-If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&.
+If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. Note that using this option explicitly is discouraged\&. pam_umask enables this functionality by default if
+/etc/login\&.defs
+enables USERGROUPS_ENAB, and the umask is not set explicitly in other places than
+/etc/login\&.defs\&.
.RE
.PP
\fBnousergroups\fR
Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml
===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8.xml
+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml
@@ -61,12 +61,13 @@
</listitem>
<listitem>
<para>
- UMASK entry from /etc/login.defs
+ UMASK entry from <filename>/etc/login.defs</filename>
+ (influenced by USERGROUPS_ENAB)
</para>
</listitem>
<listitem>
<para>
- UMASK= entry from /etc/default/login
+ UMASK= entry from <filename>/etc/default/login</filename>
</para>
</listitem>
</itemizedlist>
@@ -118,6 +119,11 @@
If the user is not root and the username is the same as
primary group name, the umask group bits are set to be the
same as owner bits (examples: 022 -> 002, 077 -> 007).
+ Note that using this option explicitly is discouraged. pam_umask
+ enables this functionality by default if
+ <filename>/etc/login.defs</filename> enables
+ USERGROUPS_ENAB, and the umask is not set explicitly in other
+ places than <filename>/etc/login.defs</filename>.
</para>
</listitem>
</varlistentry>
Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c
===================================================================
--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.c
+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c
@@ -104,7 +104,23 @@ get_options (pam_handle_t *pamh, options
parse_option (pamh, *argv, options);
if (options->umask == NULL) {
- options->login_umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
+ {
+ options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK");
+ /* login.defs' USERGROUPS_ENAB will modify the UMASK setting there by way
+ * of usergroups; but we don't want it to influence umask definitions
+ * from other places (like GECOS).
+ */
+ if (options->umask != NULL)
+ {
+ char *result = pam_modutil_search_key (pamh, LOGIN_DEFS,
+ "USERGROUPS_ENAB");
+ if (result != NULL)
+ {
+ options->usergroups = (strcasecmp (result, "yes") == 0);
+ free (result);
+ }
+ }
+ }
if (options->login_umask == NULL)
options->login_umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK");
options->umask = options->login_umask;