1 #! /bin/sh /usr/share/dpatch/dpatch-run
2 ## 04_shadow.dpatch by <elacour@home-dn.net>
4 ## All lines beginning with `## DP:' are a description of the patch.
5 ## DP: Add check for egid to properly works like "shadow" enabled authentications
8 --- libnss-mysql-bg-1.5/src/lookup.c 2011-09-13 09:28:30.000000000 +0200
9 +++ libnss-mysql-bg-1.5/src/lookup.c 2011-09-13 09:47:16.000000000 +0200
11 #include "nss_mysql.h"
12 #include <stdio.h> /* snprintf () */
13 #include <string.h> /* strcpy () */
14 +#include <sys/types.h>
20 int attempts = MAX_QUERY_ATTEMPTS; /* Attempt # (countdown) */
21 static uid_t euid = -1; /* Last known euid for change detect */
22 uid_t cur_euid; /* CURRENT euid */
23 + gid_t cur_egid; /* CURRENT egid */
24 + gid_t shadow_gid; /* gid for group shadow (usually 42 on Debian) */
28 cur_euid = geteuid ();
30 + /* Get shadow gid, if needed */
32 + cur_egid = getegid ();
33 + struct group *grp = getgrnam("shadow");
34 + shadow_gid = (grp ? grp->gr_gid : -1);
37 D ("%s: restricted = %d, cur_euid = %u", FUNCNAME, restricted, cur_euid);
38 - if (restricted == ntrue && cur_euid != 0)
39 + if (restricted == ntrue && cur_euid != 0 && (shadow_gid == -1 || cur_egid != shadow_gid))
40 DSRETURN (NSS_NOTFOUND)
42 /* Make sure euid hasn't changed, thus changing our access abilities */