rpms / pam

Clone
Source Code
GIT

Files

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c8s
  2.   SOURCES
  3.   pam-1.3.1-pam-usertype-SYS_UID_MAX.patch
Blob Blame History Raw 
diff -up Linux-PAM-1.3.1/configure.ac.pam-usertype-SYS_UID_MAX Linux-PAM-1.3.1/configure.ac
--- Linux-PAM-1.3.1/configure.ac.pam-usertype-SYS_UID_MAX	2022-06-22 16:41:09.169146826 +0200
+++ Linux-PAM-1.3.1/configure.ac	2022-06-22 16:43:54.343373619 +0200
@@ -615,12 +615,6 @@ if test x"$opt_uidmin" == x; then
 fi
 AC_DEFINE_UNQUOTED(PAM_USERTYPE_UIDMIN, $opt_uidmin, [Minimum regular user uid.])
 
-AC_ARG_WITH([sysuidmin], AS_HELP_STRING([--with-sysuidmin=<number>],[default value for system user min uid (101)]), opt_sysuidmin=$withval)
-if test x"$opt_sysuidmin" == x; then
-    opt_sysuidmin=101
-fi
-AC_DEFINE_UNQUOTED(PAM_USERTYPE_SYSUIDMIN, $opt_sysuidmin, [Minimum system user uid.])
-
 AC_ARG_WITH([kerneloverflowuid], AS_HELP_STRING([--with-kernel-overflow-uid=<number>],[kernel overflow uid, default (uint16_t)-2=65534]), opt_kerneloverflowuid=$withval)
 if test x"$opt_kerneloverflowuid" == x; then
     opt_kerneloverflowuid=65534
diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype-SYS_UID_MAX Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml
--- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml.pam-usertype-SYS_UID_MAX	2022-06-22 16:41:09.155146722 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.8.xml	2022-06-22 16:41:09.169146826 +0200
@@ -31,7 +31,7 @@
       pam_usertype.so is designed to succeed or fail authentication
       based on type of the account of the authenticated user.
       The type of the account is decided with help of
-      <emphasis>SYS_UID_MIN</emphasis> and <emphasis>SYS_UID_MAX</emphasis>
+      <emphasis>SYS_UID_MAX</emphasis>
       settings in <emphasis>/etc/login.defs</emphasis>. One use is to select
       whether to load other modules based on this test.
     </para>
diff -up Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype-SYS_UID_MAX Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c
--- Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c.pam-usertype-SYS_UID_MAX	2022-06-22 16:41:09.155146722 +0200
+++ Linux-PAM-1.3.1/modules/pam_usertype/pam_usertype.c	2022-06-22 16:41:09.169146826 +0200
@@ -277,7 +277,6 @@ static int
 pam_usertype_is_system(pam_handle_t *pamh, uid_t uid)
 {
     uid_t uid_min;
-    uid_t sys_min;
     uid_t sys_max;
 
     if (uid == (uid_t)-1) {
@@ -285,21 +284,19 @@ pam_usertype_is_system(pam_handle_t *pam
         return PAM_USER_UNKNOWN;
     }
 
-    if (uid <= 99) {
-        /* Reserved. */
-        return PAM_SUCCESS;
-    }
-
     if (uid == PAM_USERTYPE_OVERFLOW_UID) {
         /* nobody */
         return PAM_SUCCESS;
     }
 
     uid_min = pam_usertype_get_id(pamh, "UID_MIN", PAM_USERTYPE_UIDMIN);
-    sys_min = pam_usertype_get_id(pamh, "SYS_UID_MIN", PAM_USERTYPE_SYSUIDMIN);
     sys_max = pam_usertype_get_id(pamh, "SYS_UID_MAX", uid_min - 1);
 
-    return uid >= sys_min && uid <= sys_max ? PAM_SUCCESS : PAM_AUTH_ERR;
+    if (uid <= sys_max && uid < uid_min) {
+        return PAM_SUCCESS;
+    }
+
+    return PAM_AUTH_ERR;
 }
 
 static int
@@ -336,7 +333,7 @@ pam_usertype_evaluate(struct pam_usertyp
 
 /**
  * Arguments:
- * - issystem: uid in <SYS_UID_MIN, SYS_UID_MAX>
+ * - issystem: uid less than SYS_UID_MAX
  * - isregular: not issystem
  * - use_uid: use user that runs application not that is being authenticate (same as in pam_succeed_if)
  * - audit: log unknown users to syslog

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation