Your message dated Mon, 20 Aug 2012 15:07:20 +0100 with message-id <20120820140720.GA8398@desktop> and subject line Re: Bug#385068: add some pam features has caused the Debian Bug report #385068, regarding add some pam features to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 385068: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385068 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: cupsys Version: 1.2.2-1 Severity: wishlist Tags: patch Please add these pam features: 1) pam_set_item(pamh, PAM_TTY, "cups") ----------------------------------- Need by some pam-modules which need the 'tty' variable, like pam_group, pam_access, pam_time, etc. 2) pam_set_item(pamh, PAM_RHOST, con->http.hostname) ------------------------------------------------- Usefull for some pam-modules like pam_access, etc and for the logs, which are created by pam. 3) pam_setcred(pamh, PAM_ESTABLISH_CRED|PAM_SILENT) ------------------------------------------------ Need by some pam-modules like pam_tally, pam_group, etc. The patch is in the attachment and for the original tarball. Thanks. - Markus Nass -- Key fingerprint = DC3C 257C 2B71 8FA4 F609 F7F7 7C14 F806 5665 77FD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Was nicht fliegen kann, kann auch nicht abstürzen. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~diff -urN old/cups-1.2.2/scheduler/auth.c new/cups-1.2.2/scheduler/auth.c --- old/cups-1.2.2/scheduler/auth.c 2006-06-07 22:58:29.000000000 +0200 +++ new/cups-1.2.2/scheduler/auth.c 2006-08-28 21:28:59.000000000 +0200 @@ -510,6 +510,28 @@ return; } + pamerr = pam_set_item(pamh, PAM_TTY, "cups"); + if (pamerr != PAM_SUCCESS) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "cupsdAuthorize: pam_set_item() returned %d " + "(%s)!\n", + pamerr, pam_strerror(pamh, pamerr)); + pam_end(pamh, 0); + return; + } + + pamerr = pam_set_item(pamh, PAM_RHOST, con->http.hostname); + if (pamerr != PAM_SUCCESS) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "cupsdAuthorize: pam_set_item() returned %d " + "(%s)!\n", + pamerr, pam_strerror(pamh, pamerr)); + pam_end(pamh, 0); + return; + } + pamerr = pam_authenticate(pamh, PAM_SILENT); if (pamerr != PAM_SUCCESS) { @@ -532,6 +554,17 @@ return; } + pamerr = pam_setcred(pamh, PAM_ESTABLISH_CRED|PAM_SILENT); + if (pamerr != PAM_SUCCESS) + { + cupsdLogMessage(CUPSD_LOG_ERROR, + "cupsdAuthorize: pam_setcred() returned %d " + "(%s)!\n", + pamerr, pam_strerror(pamh, pamerr)); + pam_end(pamh, 0); + return; + } + pam_end(pamh, PAM_SUCCESS); #elif defined(HAVE_USERSEC_H)
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---fixed 385068 1.4.0~svn8773-1 thanks >From changelog.Debian: 43. PAM support; the scheduler now sets more PAM attributes to better support third-party authentication schemes.
--- End Message ---
