From: Ian Beckwith Date: Sat, 28 Jan 2012 23:01:03 +0000 (+0000) Subject: 040_pam-password-prompting: remove patch, taken upstream X-Git-Url: http://erislabs.net/gitweb/?p=ckermit.git;a=commitdiff_plain;h=refs%2Fheads%2Fpatches%2F040_pam-password-prompting 040_pam-password-prompting: remove patch, taken upstream --- diff --git a/debian/patches/040_pam-password-prompting.patch b/debian/patches/040_pam-password-prompting.patch deleted file mode 100644 index 28d0791..0000000 --- a/debian/patches/040_pam-password-prompting.patch +++ /dev/null @@ -1,103 +0,0 @@ -Make IKSD authentication (using PAM) ask for a password when an -invalid username has been given, to avoid disclosing which account -names are valid. See #417247. ---- ckermit-211.orig/ckufio.c -+++ ckermit-211/ckufio.c -@@ -490,6 +490,9 @@ - static char guestpass[GUESTPASS] = { NUL, NUL }; /* Anonymous "password" */ - static int logged_in = 0; /* Set when user is logged in */ - static int askpasswd = 0; /* Have OK user, must ask for passwd */ -+#ifdef CK_PAM -+extern int gotemptypasswd; -+#endif /* CK_PAM */ - #endif /* CK_LOGIN */ - - #ifdef CKROOT -@@ -8043,8 +8046,12 @@ - } - } - debug(F110,"zvpass","calling pam_authenticate",0); -- if (*p) -- pam_pw = p; -+ if (*p -+#ifdef CK_LOGIN -+ || gotemptypasswd -+#endif /* CK_LOGIN */ -+ ) -+ pam_pw = p; - if ((pam_status = pam_authenticate(pamh, 0)) != PAM_SUCCESS) { - reply = pam_strerror(pamh, pam_status); - debug(F110,"zvpass PAM failure",reply,0); ---- ckermit-211.orig/ckuus7.c -+++ ckermit-211/ckuus7.c -@@ -98,6 +98,12 @@ - - extern char * k_info_dir; - -+#ifdef CK_LOGIN -+#ifdef CK_PAM -+int gotemptypasswd = 0; /* distinguish empty passwd from none given */ -+#endif /* CK_PAM */ -+#endif /* CK_LOGIN */ -+ - #ifndef NOSPL - extern int nmac; - extern struct mtab *mactab; -@@ -14656,9 +14662,9 @@ - #ifdef CK_RECALL - extern int on_recall; /* around Password prompting */ - #endif /* CK_RECALL */ --#ifdef CK_PAM -+#ifdef COMMENT - extern int guest; --#endif /* CK_PAM */ -+#endif /* COMMENT */ - int rprompt = 0; /* Restore prompt */ - #ifdef CKSYSLOG - int savlog; -@@ -14774,9 +14780,9 @@ - debug(F111,"ckxlogin zvuser",userid,ok); - - if (!*passwd && promptok --#ifdef CK_PAM -+#ifdef COMMENT - && guest --#endif /* CK_PAM */ -+#endif /* COMMENT */ - ) { - char prmpt[80]; - -@@ -14852,6 +14858,9 @@ - if (pflag) prompt(xxstring); /* Issue prompt if at top level */ - cmres(); /* Reset the parser */ - for (x = -1; x < 0;) { /* Prompt till they answer */ -+#ifdef CK_PAM -+ gotemptypasswd=0; -+#endif /* CK_PAM */ - x = cmtxt("","",&s,NULL); /* Get a literal line of text */ - if (x == -4 || x == -10) { - printf("\r\n%sLogin cancelled\n", -@@ -14861,6 +14870,10 @@ - #endif /* CKSYSLOG */ - doexit(GOOD_EXIT,0); - } -+#ifdef CK_PAM -+ if(!*s) -+ gotemptypasswd=1; -+#endif /* CK_PAM */ - if (sstate) /* In case of a Kermit packet */ - goto XCKXLOG; - cmres(); /* Reset the parser again */ -@@ -14895,6 +14908,12 @@ - if (ok) { - ok = zvpass((char *)passwd); /* Check password */ - debug(F101,"ckxlogin zvpass","",ok); -+#ifdef CK_PAM -+ } else { -+ /* Fake pam password failure for nonexistent users */ -+ sleep(1); -+ printf("Authentication failure\n"); -+#endif - } - - if (ok > 0 && isguest) { diff --git a/debian/patches/series b/debian/patches/series index e7b18b9..26dec71 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,2 @@ -040_pam-password-prompting.patch 050_ck_patch.patch 060_speeling.patch