[oi-userland.git] / components / network / hpn-ssh / patches / 0017-Don-t-call-do_pam_setcred-twice.patch
| blob | 15b8ce7d5f4a1da3cc67676a2b2775f67664c70f |
1 # This issue has been raised with the upstream OpenSSH community:
2 #
3 # 2426 OpenSSH doesn't need the second call to do_pam_setcred() on non-Linux
4 # platforms
5 # https://bugzilla.mindrot.org/show_bug.cgi?id=2426
6 #
7 # The OpenSSH maintainers added a call to do_pam_setcred() in
8 # platform_setusercontext_post_groups() with no corresponding bugID along with
9 # a befuddling comment that initgroups(3C) wipes out supplementary groups:
10 #
11 #https://anongit.mindrot.org/openssh.git/commit/platform.c?id=cc12418e18242ce1f61d7035da4956274ba13a96
12 #
13 # This only applies in the Linux world if the LinuxPAM pam_group(8) module
14 # has been installed and configured which allows one to assign additional
15 # secondary groups to a user using /etc/security/group.conf in addition to
16 # /etc/group. To confuse things a bit more, there is an OpenPAM PAM module
17 # of the same name, pam_group(8), which has different functionality, it
18 # performs access control based on group membership.
19 #
20 # In short, this additional call to do_pam_setcred() is Linux-specific and
21 # shouldn't be called on Solaris.
22 #
23 --- hpn-ssh-hpn-18.4.2/platform.c.orig
24 +++ hpn-ssh-hpn-18.4.2/platform.c
25 @@ -146,7 +146,7 @@
26 void
27 platform_setusercontext_post_groups(struct passwd *pw)
28 {
29 -#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
30 +#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
31 /*
32 * PAM credentials may take the form of supplementary groups.
33 * These will have been wiped by the above initgroups() call.