Hello community,
here is the log from the commit of package pam for openSUSE:Factory checked in
at 2020-06-14 18:13:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/pam (Old)
and /work/SRC/openSUSE:Factory/.pam.new.3606 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pam"
Sun Jun 14 18:13:10 2020 rev:102 rq:812631 version:1.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/pam/pam.changes 2020-04-08 19:54:03.585008383
+0200
+++ /work/SRC/openSUSE:Factory/.pam.new.3606/pam.changes 2020-06-14
18:13:16.662434314 +0200
@@ -1,0 +2,79 @@
+Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk <ku...@suse.com>
+
+- Update to final 1.4.0 release
+ - includes pam-check-user-home-dir.patch
+ - obsoletes fix-man-links.dif
+
+-------------------------------------------------------------------
+Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk <ku...@suse.com>
+
+- common-password: remove pam_cracklib, as that is deprecated.
+
+-------------------------------------------------------------------
+Thu May 28 12:36:33 UTC 2020 - Josef Möllers <josef.moell...@suse.com>
+
+- pam_setquota.so:
+ When setting quota, don't apply any quota if the user's $HOME is
+ a mountpoint (ie the user has a partition of his/her own).
+ [bsc#1171721, pam-check-user-home-dir.patch]
+
+-------------------------------------------------------------------
+Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk <ku...@suse.com>
+
+- Update to current Linux-PAM snapshot
+ - pam_tally* and pam_cracklib got deprecated
+- Disable pam_faillock and pam_setquota until they are whitelisted
+
+-------------------------------------------------------------------
+Tue May 12 11:44:19 UTC 2020 - Josef Möllers <josef.moell...@suse.com>
+
+- Adapted patch pam-hostnames-in-access_conf.patch for new version
+ New version obsoleted patch use-correct-IP-address.patch
+ [pam-hostnames-in-access_conf.patch,
+ use-correct-IP-address.patch]
+
+-------------------------------------------------------------------
+Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk <ku...@suse.com>
+
+- Update to current Linux-PAM snapshot
+ - Obsoletes pam_namespace-systemd.diff
+
+-------------------------------------------------------------------
+Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk <ku...@suse.com>
+
+- Update to current Linux-PAM snapshot
+ - Add pam_faillock
+ - Multiple minor bug fixes and documentation improvements
+ - Fixed grammar of messages printed via pam_prompt
+ - Added support for a vendor directory and libeconf
+ - configure: Allowed disabling documentation through --disable-doc
+ - pam_get_authtok_verify: Avoid duplicate password verification
+ - pam_env: Changed the default to not read the user .pam_environment file
+ - pam_group, pam_time: Fixed logical error with multiple ! operators
+ - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session
+ - pam_lastlog: Do not log info about failed login if the session was opened
+ with PAM_SILENT flag
+ - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs
+ - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize'
+ limit
+ - pam_motd: Export MOTD_SHOWN=pam after showing MOTD
+ - pam_motd: Support multiple motd paths specified, with filename overrides
+ - pam_namespace: Added a systemd service, which creates the namespaced
+ instance parent directories during boot
+ - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts
+ - pam_shells: Recognize /bin/sh as the default shell
+ - pam_succeed_if: Support lists in group membership checks
+ - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE
+ - pam_umask: Added new 'nousergroups' module argument and allowed specifying
+ the default for usergroups at build-time
+ - pam_unix: Added 'nullresetok' option to allow resetting blank passwords
+ - pam_unix: Report unusable hashes found by checksalt to syslog
+ - pam_unix: Support for (gost-)yescrypt hashing methods
+ - pam_unix: Use bcrypt b-variant when it bcrypt is chosen
+ - pam_usertype: New module to tell if uid is in login.defs ranges
+ - Added new API call pam_start_confdir() for special applications that
+ cannot use the system-default PAM configuration paths and need to
+ explicitly specify another path
+- pam_namespace-systemd.diff: fix path of pam_namespace.services
+
+-------------------------------------------------------------------
Old:
----
Linux-PAM-1.3.1-docs.tar.xz
fix-man-links.dif
linux-pam-1.3.1+git20190923.ea78d67.tar.xz
use-correct-IP-address.patch
New:
----
Linux-PAM-1.4.0-docs.tar.xz
Linux-PAM-1.4.0.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ pam.spec ++++++
--- /var/tmp/diff_new_pack.YMQap2/_old 2020-06-14 18:13:17.270436356 +0200
+++ /var/tmp/diff_new_pack.YMQap2/_new 2020-06-14 18:13:17.274436369 +0200
@@ -16,26 +16,25 @@
#
-%if ! %{defined _distconfdir}
- %define _distconfdir %{_sysconfdir}
- %define config_noreplace 1
-%endif
-
#
%define enable_selinux 1
-%define libpam_so_version 0.84.2
+%define libpam_so_version 0.85.1
%define libpam_misc_so_version 0.82.1
%define libpamc_so_version 0.82.1
+%if ! %{defined _distconfdir}
+ %define _distconfdir %{_sysconfdir}
+ %define config_noreplace 1
+%endif
Name: pam
#
-Version: 1.3.1+git20190923.ea78d67
+Version: 1.4.0
Release: 0
Summary: A Security Tool that Provides Authentication for Applications
License: GPL-2.0-or-later OR BSD-3-Clause
Group: System/Libraries
URL: http://www.linux-pam.org/
-Source: linux-pam-%{version}.tar.xz
-Source1: Linux-PAM-1.3.1-docs.tar.xz
+Source: Linux-PAM-%{version}.tar.xz
+Source1: Linux-PAM-%{version}-docs.tar.xz
Source3: other.pamd
Source4: common-auth.pamd
Source5: common-account.pamd
@@ -46,24 +45,19 @@
Source10: unix2_chkpwd.c
Source11: unix2_chkpwd.8
Source12: pam-login_defs-check.sh
-Patch0: fix-man-links.dif
Patch2: pam-limit-nproc.patch
Patch4: pam-hostnames-in-access_conf.patch
-Patch5: use-correct-IP-address.patch
BuildRequires: audit-devel
-# Remove with next version update:
-BuildRequires: autoconf
-BuildRequires: automake
BuildRequires: bison
BuildRequires: cracklib-devel
BuildRequires: flex
BuildRequires: libtool
+BuildRequires: xz
+Requires(post): permissions
# All login.defs variables require support from shadow side.
# Upgrade this symbol version only if new variables appear!
# Verify by shadow-login_defs-check.sh from shadow source package.
Recommends: login_defs-support-for-pam >= 1.3.1
-Requires(post): permissions
-BuildRequires: xz
%if 0%{?suse_version} > 1320
BuildRequires: pkgconfig(libeconf)
BuildRequires: pkgconfig(libnsl)
@@ -84,7 +78,7 @@
%package extra
Summary: PAM module to authenticate against a separate database
-Group: System/Libraries%description
+Group: System/Libraries
BuildRequires: libdb-4_8-devel
BuildRequires: pam-devel
@@ -125,18 +119,29 @@
This package contains header files and static libraries used for
building both PAM-aware applications and modules for use with PAM.
+%package deprecated
+Summary: Deprecated PAM Modules
+Group: System/Libraries
+Provides: pam:/%{_lib}/security/pam_cracklib.so
+Provides: pam:/%{_lib}/security/pam_tally2.so
+
+%description deprecated
+PAM (Pluggable Authentication Modules) is a system security tool that
+allows system administrators to set authentication policies without
+having to recompile programs that do authentication.
+
+This package contains deprecated extra modules like pam_cracklib and
+pam_tally2, which are no longer supported upstream and will be completly
+removed with one of the next releases.
+
%prep
-%setup -q -n linux-pam-%{version} -b 1
-cp -av ../Linux-PAM-1.3.1/* .
+%setup -q -n Linux-PAM-%{version} -b 1
cp -a %{SOURCE12} .
-%patch0 -p1
%patch2 -p1
-%patch4
-%patch5 -p1
+%patch4 -p1
%build
bash ./pam-login_defs-check.sh
-./autogen.sh
export CFLAGS="%{optflags} -DNDEBUG"
%configure \
--sbindir=/sbin \
@@ -147,12 +152,13 @@
--libdir=/%{_lib} \
--enable-isadir=../../%{_lib}/security \
--enable-securedir=/%{_lib}/security \
- --enable-vendordir=%{_distconfdir}
+ --enable-vendordir=%{_distconfdir} \
+ --enable-tally2 --enable-cracklib
make %{?_smp_mflags}
-gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
%{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o
%{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/
-lpam
+gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE
%{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o
%{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam
%check
-make %{?_smp_mflags} check
+%make_build check
%install
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
@@ -204,13 +210,8 @@
cp -fpv "$i" "$DOC/modules/README.${i%/*}"
done
popd
-#
-# pam_tally is deprecated since ages
-#
-rm -f %{buildroot}/%{_lib}/security/pam_tally.so
-rm -f %{buildroot}/sbin/pam_tally
-rm -f %{buildroot}%{_mandir}/man8/pam_tally.8*
-rm -f %{buildroot}%{_defaultdocdir}/pam/modules/README.pam_tally
+# XXX Remove until whitelisted
+rm %{buildroot}/%{_lib}/security/pam_faillock.so
# Install unix2_chkpwd
install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/
install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/
@@ -227,16 +228,15 @@
%set_permissions /sbin/unix2_chkpwd
%postun -p /sbin/ldconfig
-
%pre
for i in securetty pam.d/other pam.d/common-account pam.d/common-auth
pam.d/common-password pam.d/common-session ; do
- test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old
||:
+ test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i}.rpmsave.old ||:
done
%posttrans
# Migration to /usr/etc.
for i in securetty pam.d/other pam.d/common-account pam.d/common-auth
pam.d/common-password pam.d/common-session ; do
- test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
+ test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave
%{_sysconfdir}/${i} ||:
done
%files -f Linux-PAM.lang
@@ -258,6 +258,7 @@
%config(noreplace) %{_sysconfdir}/environment
%config(noreplace) %{_sysconfdir}/security/access.conf
%config(noreplace) %{_sysconfdir}/security/group.conf
+%config(noreplace) %{_sysconfdir}/security/faillock.conf
%config(noreplace) %{_sysconfdir}/security/limits.conf
%config(noreplace) %{_sysconfdir}/security/pam_env.conf
%if %{enable_selinux}
@@ -272,54 +273,57 @@
%{_mandir}/man5/environment.5%{?ext_man}
%{_mandir}/man5/*.conf.5%{?ext_man}
%{_mandir}/man5/pam.d.5%{?ext_man}
-%{_mandir}/man8/mkhomedir_helper.8.gz
-%{_mandir}/man8/pam.8.gz
-%{_mandir}/man8/PAM.8.gz
-%{_mandir}/man8/pam_access.8.gz
-%{_mandir}/man8/pam_cracklib.8.gz
-%{_mandir}/man8/pam_debug.8.gz
-%{_mandir}/man8/pam_deny.8.gz
-%{_mandir}/man8/pam_echo.8.gz
-%{_mandir}/man8/pam_env.8.gz
-%{_mandir}/man8/pam_exec.8.gz
-%{_mandir}/man8/pam_faildelay.8.gz
-%{_mandir}/man8/pam_filter.8.gz
-%{_mandir}/man8/pam_ftp.8.gz
-%{_mandir}/man8/pam_group.8.gz
-%{_mandir}/man8/pam_issue.8.gz
-%{_mandir}/man8/pam_keyinit.8.gz
-%{_mandir}/man8/pam_lastlog.8.gz
-%{_mandir}/man8/pam_limits.8.gz
-%{_mandir}/man8/pam_listfile.8.gz
-%{_mandir}/man8/pam_localuser.8.gz
-%{_mandir}/man8/pam_loginuid.8.gz
-%{_mandir}/man8/pam_mail.8.gz
-%{_mandir}/man8/pam_mkhomedir.8.gz
-%{_mandir}/man8/pam_motd.8.gz
-%{_mandir}/man8/pam_namespace.8.gz
-%{_mandir}/man8/pam_nologin.8.gz
-%{_mandir}/man8/pam_permit.8.gz
-%{_mandir}/man8/pam_pwhistory.8.gz
-%{_mandir}/man8/pam_rhosts.8.gz
-%{_mandir}/man8/pam_rootok.8.gz
-%{_mandir}/man8/pam_securetty.8.gz
-%{_mandir}/man8/pam_selinux.8.gz
-%{_mandir}/man8/pam_sepermit.8.gz
-%{_mandir}/man8/pam_shells.8.gz
-%{_mandir}/man8/pam_succeed_if.8.gz
-%{_mandir}/man8/pam_tally2.8.gz
-%{_mandir}/man8/pam_time.8.gz
-%{_mandir}/man8/pam_timestamp.8.gz
-%{_mandir}/man8/pam_timestamp_check.8.gz
-%{_mandir}/man8/pam_tty_audit.8.gz
-%{_mandir}/man8/pam_umask.8.gz
-%{_mandir}/man8/pam_unix.8.gz
-%{_mandir}/man8/pam_warn.8.gz
-%{_mandir}/man8/pam_wheel.8.gz
-%{_mandir}/man8/pam_xauth.8.gz
-%{_mandir}/man8/unix_chkpwd.8.gz
-%{_mandir}/man8/unix2_chkpwd.8.gz
-%{_mandir}/man8/unix_update.8.gz
+%{_mandir}/man8/PAM.8%{?ext_man}
+%{_mandir}/man8/faillock.8%{?ext_man}
+%{_mandir}/man8/mkhomedir_helper.8%{?ext_man}
+%{_mandir}/man8/pam.8%{?ext_man}
+%{_mandir}/man8/pam_access.8%{?ext_man}
+%{_mandir}/man8/pam_debug.8%{?ext_man}
+%{_mandir}/man8/pam_deny.8%{?ext_man}
+%{_mandir}/man8/pam_echo.8%{?ext_man}
+%{_mandir}/man8/pam_env.8%{?ext_man}
+%{_mandir}/man8/pam_exec.8%{?ext_man}
+%{_mandir}/man8/pam_faildelay.8%{?ext_man}
+%{_mandir}/man8/pam_faillock.8%{?ext_man}
+%{_mandir}/man8/pam_filter.8%{?ext_man}
+%{_mandir}/man8/pam_ftp.8%{?ext_man}
+%{_mandir}/man8/pam_group.8%{?ext_man}
+%{_mandir}/man8/pam_issue.8%{?ext_man}
+%{_mandir}/man8/pam_keyinit.8%{?ext_man}
+%{_mandir}/man8/pam_lastlog.8%{?ext_man}
+%{_mandir}/man8/pam_limits.8%{?ext_man}
+%{_mandir}/man8/pam_listfile.8%{?ext_man}
+%{_mandir}/man8/pam_localuser.8%{?ext_man}
+%{_mandir}/man8/pam_loginuid.8%{?ext_man}
+%{_mandir}/man8/pam_mail.8%{?ext_man}
+%{_mandir}/man8/pam_mkhomedir.8%{?ext_man}
+%{_mandir}/man8/pam_motd.8%{?ext_man}
+%{_mandir}/man8/pam_namespace.8%{?ext_man}
+%{_mandir}/man8/pam_namespace_helper.8%{?ext_man}
+%{_mandir}/man8/pam_nologin.8%{?ext_man}
+%{_mandir}/man8/pam_permit.8%{?ext_man}
+%{_mandir}/man8/pam_pwhistory.8%{?ext_man}
+%{_mandir}/man8/pam_rhosts.8%{?ext_man}
+%{_mandir}/man8/pam_rootok.8%{?ext_man}
+%{_mandir}/man8/pam_securetty.8%{?ext_man}
+%{_mandir}/man8/pam_selinux.8%{?ext_man}
+%{_mandir}/man8/pam_sepermit.8%{?ext_man}
+%{_mandir}/man8/pam_setquota.8%{?ext_man}
+%{_mandir}/man8/pam_shells.8%{?ext_man}
+%{_mandir}/man8/pam_succeed_if.8%{?ext_man}
+%{_mandir}/man8/pam_time.8%{?ext_man}
+%{_mandir}/man8/pam_timestamp.8%{?ext_man}
+%{_mandir}/man8/pam_timestamp_check.8%{?ext_man}
+%{_mandir}/man8/pam_tty_audit.8%{?ext_man}
+%{_mandir}/man8/pam_umask.8%{?ext_man}
+%{_mandir}/man8/pam_unix.8%{?ext_man}
+%{_mandir}/man8/pam_usertype.8%{?ext_man}
+%{_mandir}/man8/pam_warn.8%{?ext_man}
+%{_mandir}/man8/pam_wheel.8%{?ext_man}
+%{_mandir}/man8/pam_xauth.8%{?ext_man}
+%{_mandir}/man8/unix2_chkpwd.8%{?ext_man}
+%{_mandir}/man8/unix_chkpwd.8%{?ext_man}
+%{_mandir}/man8/unix_update.8%{?ext_man}
/%{_lib}/libpam.so.0
/%{_lib}/libpam.so.%{libpam_so_version}
/%{_lib}/libpamc.so.0
@@ -328,13 +332,13 @@
/%{_lib}/libpam_misc.so.%{libpam_misc_so_version}
%dir /%{_lib}/security
/%{_lib}/security/pam_access.so
-/%{_lib}/security/pam_cracklib.so
/%{_lib}/security/pam_debug.so
/%{_lib}/security/pam_deny.so
/%{_lib}/security/pam_echo.so
/%{_lib}/security/pam_env.so
/%{_lib}/security/pam_exec.so
/%{_lib}/security/pam_faildelay.so
+#/%{_lib}/security/pam_faillock.so
/%{_lib}/security/pam_filter.so
%dir /%{_lib}/security/pam_filter
/%{_lib}/security//pam_filter/upperLOWER
@@ -361,10 +365,10 @@
/%{_lib}/security/pam_selinux.so
/%{_lib}/security/pam_sepermit.so
%endif
+/%{_lib}/security/pam_setquota.so
/%{_lib}/security/pam_shells.so
/%{_lib}/security/pam_stress.so
/%{_lib}/security/pam_succeed_if.so
-/%{_lib}/security/pam_tally2.so
/%{_lib}/security/pam_time.so
/%{_lib}/security/pam_timestamp.so
/%{_lib}/security/pam_tty_audit.so
@@ -374,20 +378,31 @@
/%{_lib}/security/pam_unix_auth.so
/%{_lib}/security/pam_unix_passwd.so
/%{_lib}/security/pam_unix_session.so
+/%{_lib}/security/pam_usertype.so
/%{_lib}/security/pam_warn.so
/%{_lib}/security/pam_wheel.so
/%{_lib}/security/pam_xauth.so
+/sbin/faillock
/sbin/mkhomedir_helper
-/sbin/pam_tally2
+/sbin/pam_namespace_helper
/sbin/pam_timestamp_check
%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd
%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd
%attr(0700,root,root) /sbin/unix_update
+%{_unitdir}/pam_namespace.service
%files extra
%defattr(-,root,root,755)
-%attr(755,root,root) /%{_lib}/security/pam_userdb.so
-%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz
+/%{_lib}/security/pam_userdb.so
+%{_mandir}/man8/pam_userdb.8%{?ext_man}
+
+%files deprecated
+%defattr(-,root,root,755)
+/%{_lib}/security/pam_cracklib.so
+/%{_lib}/security/pam_tally2.so
+/sbin/pam_tally2
+%{_mandir}/man8/pam_cracklib.8%{?ext_man}
+%{_mandir}/man8/pam_tally2.8%{?ext_man}
%files doc
%defattr(644,root,root,755)
++++++ Linux-PAM-1.3.1-docs.tar.xz -> Linux-PAM-1.4.0-docs.tar.xz ++++++
++++ 2876 lines of diff (skipped)
++++++ Linux-PAM-1.3.1-docs.tar.xz -> Linux-PAM-1.4.0.tar.xz ++++++
++++ 316426 lines of diff (skipped)
++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.YMQap2/_old 2020-06-14 18:13:17.906438491 +0200
+++ /var/tmp/diff_new_pack.YMQap2/_new 2020-06-14 18:13:17.910438504 +0200
@@ -1,2 +1,4 @@
pam
+pam-extra
+pam-deprecated
pam-devel
++++++ common-password.pamd ++++++
--- /var/tmp/diff_new_pack.YMQap2/_old 2020-06-14 18:13:17.942438612 +0200
+++ /var/tmp/diff_new_pack.YMQap2/_new 2020-06-14 18:13:17.942438612 +0200
@@ -8,5 +8,4 @@
# The "nullok" option allows users to change an empty password, else
# empty passwords are treated as locked accounts.
#
-password requisite pam_cracklib.so
-password required pam_unix.so use_authtok nullok
try_first_pass
+password required pam_unix.so nullok
++++++ pam-hostnames-in-access_conf.patch ++++++
--- /var/tmp/diff_new_pack.YMQap2/_old 2020-06-14 18:13:17.966438693 +0200
+++ /var/tmp/diff_new_pack.YMQap2/_new 2020-06-14 18:13:17.966438693 +0200
@@ -1,8 +1,8 @@
-Index: modules/pam_access/pam_access.c
+Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c
===================================================================
---- modules/pam_access/pam_access.c.orig
-+++ modules/pam_access/pam_access.c
-@@ -692,10 +692,10 @@ string_match (pam_handle_t *pamh, const
+--- Linux-PAM-1.3.91.orig/modules/pam_access/pam_access.c
++++ Linux-PAM-1.3.91/modules/pam_access/pam_access.c
+@@ -699,10 +699,10 @@ string_match (pam_handle_t *pamh, const
return (NO);
}
@@ -15,7 +15,7 @@
*/
static int
network_netmask_match (pam_handle_t *pamh,
-@@ -704,10 +704,14 @@ network_netmask_match (pam_handle_t *pam
+@@ -711,10 +711,14 @@ network_netmask_match (pam_handle_t *pam
char *netmask_ptr;
char netmask_string[MAXHOSTNAMELEN + 1];
int addr_type;
@@ -31,7 +31,7 @@
/* OK, check if tok is of type addr/mask */
if ((netmask_ptr = strchr(tok, '/')) != NULL)
{
-@@ -717,7 +721,7 @@ network_netmask_match (pam_handle_t *pam
+@@ -724,7 +728,7 @@ network_netmask_match (pam_handle_t *pam
*netmask_ptr = 0;
netmask_ptr++;
@@ -40,7 +40,7 @@
{ /* no netaddr */
return NO;
}
-@@ -739,19 +743,47 @@ network_netmask_match (pam_handle_t *pam
+@@ -748,19 +752,47 @@ network_netmask_match (pam_handle_t *pam
netmask_ptr = number_to_netmask(netmask, addr_type,
netmask_string, MAXHOSTNAMELEN);
}
@@ -93,7 +93,7 @@
memset (&hint, '\0', sizeof (hint));
hint.ai_flags = AI_CANONNAME;
hint.ai_family = AF_UNSPEC;
-@@ -764,27 +796,52 @@ network_netmask_match (pam_handle_t *pam
+@@ -773,29 +805,54 @@ network_netmask_match (pam_handle_t *pam
else
{
struct addrinfo *runp = item->res;
@@ -103,29 +103,31 @@
{
char buf[INET6_ADDRSTRLEN];
+ DIAG_PUSH_IGNORE_CAST_ALIGN;
- inet_ntop (runp->ai_family,
- runp->ai_family == AF_INET
- ? (void *) &((struct sockaddr_in *)
runp->ai_addr)->sin_addr
- : (void *) &((struct sockaddr_in6 *)
runp->ai_addr)->sin6_addr,
- buf, sizeof (buf));
+ (void) getnameinfo (runp->ai_addr, runp->ai_addrlen, buf,
sizeof (buf), NULL, 0, NI_NUMERICHOST);
+ DIAG_POP_IGNORE_CAST_ALIGN;
- if (are_addresses_equal(buf, tok, netmask_ptr))
+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
{
- return YES;
-+ char buf1[INET6_ADDRSTRLEN];
++ char buf1[INET6_ADDRSTRLEN];
+
-+ if (runp->ai_family != runp1->ai_family)
-+ continue;
++ if (runp->ai_family != runp1->ai_family)
++ continue;
+
-+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen,
buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen,
buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST);
+
-+ if (are_addresses_equal (buf, buf1, netmask_ptr))
-+ {
-+ freeaddrinfo(ai);
-+ return YES;
-+ }
++ if (are_addresses_equal (buf, buf1, netmask_ptr))
++ {
++ freeaddrinfo(ai);
++ return YES;
++ }
}
runp = runp->ai_next;
}
@@ -134,20 +136,20 @@
else
- return (are_addresses_equal(string, tok, netmask_ptr));
+ {
-+ struct addrinfo *runp1;
++ struct addrinfo *runp1;
+
-+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
-+ {
-+ char buf1[INET6_ADDRSTRLEN];
-+
-+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof
(buf1), NULL, 0, NI_NUMERICHOST);
-+
-+ if (are_addresses_equal(string, buf1, netmask_ptr))
-+ {
-+ freeaddrinfo(ai);
-+ return YES;
-+ }
-+ }
++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next)
++ {
++ char buf1[INET6_ADDRSTRLEN];
++
++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1,
sizeof (buf1), NULL, 0, NI_NUMERICHOST);
++
++ if (are_addresses_equal(string, buf1, netmask_ptr))
++ {
++ freeaddrinfo(ai);
++ return YES;
++ }
++ }
+ }
+
+ freeaddrinfo(ai);
