X-Git-Url: http://git.home-dn.net/?p=manu%2Flibnss-mysql-bg.git;a=blobdiff_plain;f=debian%2Fpatches%2F04_shadow.dpatch;fp=debian%2Fpatches%2F04_shadow.dpatch;h=dbfff6e4b3b1e67b98e685987eac011df8ac8975;hp=0000000000000000000000000000000000000000;hb=232a60b046fdc5946aebb20ca0d2c0ff6be13c3b;hpb=3b68c4617dbfe199b3d8ddd44e4d5ef5e488bb50 diff --git a/debian/patches/04_shadow.dpatch b/debian/patches/04_shadow.dpatch new file mode 100755 index 0000000..dbfff6e --- /dev/null +++ b/debian/patches/04_shadow.dpatch @@ -0,0 +1,42 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_shadow.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add check for egid to properly works like "shadow" enabled authentications + +@DPATCH@ +--- libnss-mysql-bg-1.5/src/lookup.c 2011-09-13 09:28:30.000000000 +0200 ++++ libnss-mysql-bg-1.5/src/lookup.c 2011-09-13 09:47:16.000000000 +0200 +@@ -21,6 +21,8 @@ + #include "nss_mysql.h" + #include /* snprintf () */ + #include /* strcpy () */ ++#include ++#include + + extern conf_t conf; + +@@ -131,12 +133,22 @@ + int attempts = MAX_QUERY_ATTEMPTS; /* Attempt # (countdown) */ + static uid_t euid = -1; /* Last known euid for change detect */ + uid_t cur_euid; /* CURRENT euid */ ++ gid_t cur_egid; /* CURRENT egid */ ++ gid_t shadow_gid; /* gid for group shadow (usually 42 on Debian) */ + + DENTER + + cur_euid = geteuid (); ++ ++ /* Get shadow gid, if needed */ ++ if(cur_euid != 0) { ++ cur_egid = getegid (); ++ struct group *grp = getgrnam("shadow"); ++ shadow_gid = (grp ? grp->gr_gid : -1); ++ } ++ + D ("%s: restricted = %d, cur_euid = %u", FUNCNAME, restricted, cur_euid); +- if (restricted == ntrue && cur_euid != 0) ++ if (restricted == ntrue && cur_euid != 0 && (shadow_gid == -1 || cur_egid != shadow_gid)) + DSRETURN (NSS_NOTFOUND) + + /* Make sure euid hasn't changed, thus changing our access abilities */