Package: libpam-modules Version: 0.79-3.1 Severity: important Tags: patch
Since version 246, a change has been made to libnss_ldap, whose functions getspnam() and getspnam_r() now return "*" instead of "x" previously, in the sp_pwdp member of a spwd struct. This introduces an incompatibility with the present version of libpam-modules, as the "*" case is not handled by the code in "support.c" (line 741), thus resulting in the helper program "unix_chkpwd" never being called. As a consequence, all the programs relying on libpam-modules to authenticate a user in an LDAP environment may fail. "kcheckpass" is an example of such a program. Proposed patch: $ diff -u support.c support.c.new --- support.c 2006-07-27 13:17:04.000000000 +0200 +++ support.c.new 2006-07-27 13:17:39.000000000 +0200 @@ -738,7 +738,7 @@ } retval = PAM_SUCCESS; - if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) { + if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || !strcmp(salt, "*") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) { if (geteuid() || SELINUX_ENABLED) { /* we are not root perhaps this is the reason? * Run helper */ -- System Information: Debian Release: testing/unstable APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15.6 Locale: LANG=C, LC_CTYPE=fr_FR (charmap=ISO-8859-1) Versions of packages libpam-modules depends on: ii libc6 2.3.6-15 GNU C Library: Shared libraries ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libdb4.3 4.3.29-4.1 Berkeley v4.3 Database Libraries [ ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libselinux1 1.30-1 SELinux shared libraries libpam-modules recommends no packages. -- no debconf information -- -- Service Hydrographique et Oceanographique de la Marine --- EPSHOM/CIS/MIC -- 13, rue du Chatellier --- BP 30316 --- 29603 Brest Cedex, FRANCE -- Phone: +33 2 98 22 17 49 --- Email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]