Accepting request 802957 from home:jmoellers:branches:Linux-PAM

OBS-URL: https://build.opensuse.org/request/show/802957 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=211
2020-05-12 12:19:16 +00:00
parent a3260b7eb8
commit d205252584
4 changed files with 39 additions and 65 deletions
--- a/pam-hostnames-in-access_conf.patch
+++ b/pam-hostnames-in-access_conf.patch
@@ -1,8 +1,8 @@
-Index: modules/pam_access/pam_access.c
+Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c
 ===================================================================
--- modules/pam_access/pam_access.c.orig
-+++ modules/pam_access/pam_access.c
-@@ -692,10 +692,10 @@ string_match (pam_handle_t *pamh, const
+--- Linux-PAM-1.3.91.orig/modules/pam_access/pam_access.c
+++ Linux-PAM-1.3.91/modules/pam_access/pam_access.c
+@@ -699,10 +699,10 @@ string_match (pam_handle_t *pamh, const
     return (NO);
 }
 
@@ -15,7 +15,7 @@ Index: modules/pam_access/pam_access.c
  */
 static int
 network_netmask_match (pam_handle_t *pamh,
-@@ -704,10 +704,14 @@ network_netmask_match (pam_handle_t *pam
+@@ -711,10 +711,14 @@ network_netmask_match (pam_handle_t *pam
     char *netmask_ptr;
     char netmask_string[MAXHOSTNAMELEN + 1];
     int addr_type;
@@ -31,7 +31,7 @@ Index: modules/pam_access/pam_access.c
     /* OK, check if tok is of type addr/mask */
     if ((netmask_ptr = strchr(tok, '/')) != NULL)
       {
-@@ -717,7 +721,7 @@ network_netmask_match (pam_handle_t *pam
+@@ -724,7 +728,7 @@ network_netmask_match (pam_handle_t *pam
 	*netmask_ptr = 0;
 	netmask_ptr++;
 
@@ -40,7 +40,7 @@ Index: modules/pam_access/pam_access.c
 	  { /* no netaddr */
 	    return NO;
 	  }
-@@ -739,19 +743,47 @@ network_netmask_match (pam_handle_t *pam
+@@ -748,19 +752,47 @@ network_netmask_match (pam_handle_t *pam
 	    netmask_ptr = number_to_netmask(netmask, addr_type,
 		netmask_string, MAXHOSTNAMELEN);
 	  }
@@ -93,7 +93,7 @@ Index: modules/pam_access/pam_access.c
 	memset (&hint, '\0', sizeof (hint));
 	hint.ai_flags = AI_CANONNAME;
 	hint.ai_family = AF_UNSPEC;
-@@ -764,27 +796,52 @@ network_netmask_match (pam_handle_t *pam
+@@ -773,29 +805,54 @@ network_netmask_match (pam_handle_t *pam
         else
 	  {
 	    struct addrinfo *runp = item->res;
@@ -103,29 +103,31 @@ Index: modules/pam_access/pam_access.c
 	      {
 		char buf[INET6_ADDRSTRLEN];
 
+ 		DIAG_PUSH_IGNORE_CAST_ALIGN;
 -		inet_ntop (runp->ai_family,
 -			runp->ai_family == AF_INET
 -			? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
 -			: (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
 -			buf, sizeof (buf));
 +		(void) getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST);
+ 		DIAG_POP_IGNORE_CAST_ALIGN;
 
 -		if (are_addresses_equal(buf, tok, netmask_ptr))
 +		for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
 		  {
 -		    return YES;
-+		    char buf1[INET6_ADDRSTRLEN];
+                    char buf1[INET6_ADDRSTRLEN];
 +
-+		    if (runp->ai_family != runp1->ai_family)
-+		      continue;
+                    if (runp->ai_family != runp1->ai_family)
+                      continue;
 +
-+		    (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
+                    (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
 +
-+		    if (are_addresses_equal (buf, buf1, netmask_ptr))
-+		      {
-+			freeaddrinfo(ai);
-+			return YES;
-+		      }
+                    if (are_addresses_equal (buf, buf1, netmask_ptr))
+                      {
+                        freeaddrinfo(ai);
+                        return YES;
+                      }
 		  }
 		runp = runp->ai_next;
 	      }
@@ -134,20 +136,20 @@ Index: modules/pam_access/pam_access.c
     else
 -      return (are_addresses_equal(string, tok, netmask_ptr));
 +      {
-+	struct addrinfo *runp1;
+       struct addrinfo *runp1;
 +
-+	for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
-+	  {
-+	    char buf1[INET6_ADDRSTRLEN];
+       for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
+         {
+           char buf1[INET6_ADDRSTRLEN];
 +
-+	    (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
+           (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
 +
-+	    if (are_addresses_equal(string, buf1, netmask_ptr))
-+	      {
-+		freeaddrinfo(ai);
-+		return YES;
-+	      }
-+	  }
+           if (are_addresses_equal(string, buf1, netmask_ptr))
+             {
+               freeaddrinfo(ai);
+               return YES;
+             }
+         }
 +      }
 +
 +  freeaddrinfo(ai);
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue May 12 11:44:19 UTC 2020 - Josef Möllers <josef.moellers@suse.com>
+
+- Adapted patch pam-hostnames-in-access_conf.patch for new version
+  New version obsoleted patch use-correct-IP-address.patch
+  [pam-hostnames-in-access_conf.patch,
+   use-correct-IP-address.patch]
+
 -------------------------------------------------------------------
 Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>

--- a/pam.spec
+++ b/pam.spec
@@ -49,7 +49,6 @@ Source12:       pam-login_defs-check.sh
 Patch0:         fix-man-links.dif
 Patch2:         pam-limit-nproc.patch
 Patch4:         pam-hostnames-in-access_conf.patch
-Patch5:         use-correct-IP-address.patch
 BuildRequires:  audit-devel
 BuildRequires:  bison
 BuildRequires:  cracklib-devel
@@ -127,8 +126,7 @@ building both PAM-aware applications and modules for use with PAM.
 cp -a %{SOURCE12} .
 %patch0 -p1
 %patch2 -p1
-#%patch4
-#%patch5 -p1
+%patch4 -p1

 %build
 bash ./pam-login_defs-check.sh
--- a/use-correct-IP-address.patch
+++ b/use-correct-IP-address.patch
@@ -1,34 +0,0 @@
-Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c
-===================================================================
--- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c
-+++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c
-@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam
- 
-     if (item->debug)
-       pam_syslog (pamh, LOG_DEBUG,
-		"network_netmask_match: tok=%s, item=%s", tok, string);
-+		"network_netmask_match: tok=%s, string=%s", tok, string);
- 
-     /* OK, check if tok is of type addr/mask */
-     if ((netmask_ptr = strchr(tok, '/')) != NULL)
-@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam
- 
- 	/* check netmask */
- 	if (isipaddr(netmask_ptr, NULL, NULL) == NO)
-	  { /* netmask as integre value */
-+	  { /* netmask as integer value */
- 	    char *endptr = NULL;
- 	    netmask = strtol(netmask_ptr, &endptr, 0);
- 	    if ((endptr == netmask_ptr) || (*endptr != '\0'))
-@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam
- 
- 	ai = NULL;	/* just to be on the safe side */
- 
-	if (getaddrinfo (string, NULL, &hint, &ai) != 0)
-+	if (getaddrinfo (tok, NULL, &hint, &ai) != 0)
- 	  {
-	    pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string);
-+	    pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok);
- 
- 	    return NO;
- 	  }