Re: PAM
On Sun, Feb 24, 2002 at 04:46:22AM -0500, utsl@quic.net wrote:
> I'd be interested in looking at that patch for PAM. I started on it, but
> got sidetracked.
Ok. I've managed to get it to work with the Debian 0.72 package. Stick
this in debian/patches and build and it ought to work.
--
Matthew Garrett | mjg59@srcf.ucam.org
diff -urN Linux-PAM-0.72/Makefile Linux-PAM-0.72.new/Makefile
--- Linux-PAM-0.72/Makefile Sun Feb 24 15:05:03 2002
+++ Linux-PAM-0.72.new/Makefile Sun Feb 24 14:14:49 2002
@@ -126,7 +126,7 @@
# build composite defines
#
-LOADLIBES = $(PAMLIB) $(RDYNAMIC) $(PAMMISCLIB) $(LIBDL) $(ULIBS)
+LOADLIBES = $(PAMLIB) $(RDYNAMIC) $(PAMMISCLIB) $(ULIBS)
CFLAGS += $(EXTRAS) $(MEMORY_DEBUG) $(WARNINGS) $(INCLUDEDIR) $(PIC)
ifneq ($(strip $(OS)),)
diff -urN Linux-PAM-0.72/defs/debian.defs Linux-PAM-0.72.new/defs/debian.defs
--- Linux-PAM-0.72/defs/debian.defs Sun Feb 24 15:05:13 2002
+++ Linux-PAM-0.72.new/defs/debian.defs Sun Feb 24 13:13:39 2002
@@ -7,12 +7,12 @@
# installed files on the system.
##
-CFLAGS := -O2 -D_GNU_SOURCE -D_REENTRANT
+CFLAGS := -O2 -D_GNU_SOURCE -D_REENTRANT -DHAVE_UTMP_H
ifneq (,$(findstring $(DEB_BUILD_OPTIONS),debug DEBUG Debug))
CFLAGS += -g
endif
-OS := $(shell dpkg-architecture -qDEB_BUILD_GNU_SYSTEM)
+OS := NetBSD
ARCH := $(shell dpkg-architecture -qDEB_BUILD_GNU_CPU)
CC := gcc
INSTALL := install
@@ -36,5 +36,5 @@
INCLUDED := /usr/include/security
CONFIGED := /etc
SCONFIGED := /etc/security
-EXTRALS := -lnsl -lcrypt
+EXTRALS := -lcrypt
WARNINGS := -Wall
diff -urN Linux-PAM-0.72/libpam/Makefile Linux-PAM-0.72.new/libpam/Makefile
--- Linux-PAM-0.72/libpam/Makefile Sun Feb 24 15:05:14 2002
+++ Linux-PAM-0.72.new/libpam/Makefile Sun Feb 24 13:07:20 2002
@@ -22,7 +22,7 @@
#MOREFLAGS += -D"UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT"
# libpam.so needs -ldl, too.
-LINKLIBS += $(LIBDL)
+# LINKLIBS += $(LIBDL)
ifeq ($(DEBUG_REL),yes)
LIBNAME=libpamd
@@ -103,7 +103,7 @@
$(LIBPAM): $(DLIBOBJECTS)
ifdef DYNAMIC_LIBPAM
ifeq ($(USESONAME),yes)
- $(LD_L) $(SOSWITCH)$(LIBPAMNAME) -o $@ $(DLIBOBJECTS) $(LINKLIBS) -ldl -lcrypt
+ $(LD_L) $(SOSWITCH)$(LIBPAMNAME) -o $@ $(DLIBOBJECTS) $(LINKLIBS) -lcrypt
else
$(LD_L) -o $@ $(DLIBOBJECTS) $(MODULES)
endif
Binary files Linux-PAM-0.72/libpam/libpam.a and Linux-PAM-0.72.new/libpam/libpam.a differ
Binary files Linux-PAM-0.72/libpam/libpam.so and Linux-PAM-0.72.new/libpam/libpam.so differ
Binary files Linux-PAM-0.72/libpam_misc/help_env.o and Linux-PAM-0.72.new/libpam_misc/help_env.o differ
Binary files Linux-PAM-0.72/libpam_misc/misc_conv.o and Linux-PAM-0.72.new/libpam_misc/misc_conv.o differ
diff -urN Linux-PAM-0.72/libpamc/Makefile Linux-PAM-0.72.new/libpamc/Makefile
--- Linux-PAM-0.72/libpamc/Makefile Sun Feb 24 15:05:13 2002
+++ Linux-PAM-0.72.new/libpamc/Makefile Sun Feb 24 13:06:00 2002
@@ -64,7 +64,7 @@
$(LIBPAMC): $(DLIBOBJECTS)
ifdef DYNAMIC_LIBPAM
ifeq ($(USESONAME),yes)
- $(LD_L) $(SOSWITCH)$(LIBPAMCNAME) -o $@ $(DLIBOBJECTS) $(LINKLIBS) -ldl -lcrypt
+ $(LD_L) $(SOSWITCH)$(LIBPAMCNAME) -o $@ $(DLIBOBJECTS) $(LINKLIBS) -lcrypt
else
$(LD_L) -o $@ $(DLIBOBJECTS)
endif
Binary files Linux-PAM-0.72/libpamc/libpamc.a and Linux-PAM-0.72.new/libpamc/libpamc.a differ
Binary files Linux-PAM-0.72/libpamc/libpamc.so and Linux-PAM-0.72.new/libpamc/libpamc.so differ
diff -urN Linux-PAM-0.72/modules/pam_access/Makefile Linux-PAM-0.72.new/modules/pam_access/Makefile
--- Linux-PAM-0.72/modules/pam_access/Makefile Sun Feb 24 15:05:13 2002
+++ Linux-PAM-0.72.new/modules/pam_access/Makefile Sun Feb 24 13:08:17 2002
@@ -73,7 +73,7 @@
$(LIBOBJD): $(LIBSRC)
$(LIBSHARED): $(LIBOBJD)
- $(LD_D) -o $@ $(LIBOBJD) $(LINKLIBS) -lpam -lnsl
+ $(LD_D) -o $@ $(LIBOBJD) $(LINKLIBS) -lpam
endif
ifdef STATIC
Binary files Linux-PAM-0.72/modules/pam_access/libpam_access.o and Linux-PAM-0.72.new/modules/pam_access/libpam_access.o differ
Binary files Linux-PAM-0.72/modules/pam_access/pam_access.so and Linux-PAM-0.72.new/modules/pam_access/pam_access.so differ
Binary files Linux-PAM-0.72/modules/pam_deny/libpam_deny.o and Linux-PAM-0.72.new/modules/pam_deny/libpam_deny.o differ
Binary files Linux-PAM-0.72/modules/pam_deny/pam_deny.so and Linux-PAM-0.72.new/modules/pam_deny/pam_deny.so differ
Binary files Linux-PAM-0.72/modules/pam_env/libpam_env.o and Linux-PAM-0.72.new/modules/pam_env/libpam_env.o differ
Binary files Linux-PAM-0.72/modules/pam_env/pam_env.so and Linux-PAM-0.72.new/modules/pam_env/pam_env.so differ
diff -urN Linux-PAM-0.72/modules/pam_filter/include/pam_filter.h Linux-PAM-0.72.new/modules/pam_filter/include/pam_filter.h
--- Linux-PAM-0.72/modules/pam_filter/include/pam_filter.h Sat Oct 9 05:09:30 1999
+++ Linux-PAM-0.72.new/modules/pam_filter/include/pam_filter.h Thu Jan 1 00:00:00 1970
@@ -1,32 +0,0 @@
-/*
- * $Id: pam_filter.h,v 1.2 1999/10/09 05:09:30 morgan Exp $
- *
- * this file is associated with the Linux-PAM filter module.
- * it was written by Andrew G. Morgan <morgan@linux.kernel.org>
- *
- */
-
-#ifndef PAM_FILTER_H
-#define PAM_FILTER_H
-
-#include <sys/file.h>
-
-/*
- * this will fail if there is some problem with these file descriptors
- * being allocated by the pam_filter Linux-PAM module. The numbers
- * here are thought safe, but the filter developer should use the
- * macros, as these numbers are subject to change.
- *
- * The APPXXX_FILENO file descriptors are the STDIN/OUT/ERR_FILENO of the
- * application. The filter uses the STDIN/OUT/ERR_FILENO's to converse
- * with the user, passes (modified) user input to the application via
- * APPIN_FILENO, and receives application output from APPOUT_FILENO/ERR.
- */
-
-#define APPIN_FILENO 3 /* write here to give application input */
-#define APPOUT_FILENO 4 /* read here to get application output */
-#define APPERR_FILENO 5 /* read here to get application errors */
-
-#define APPTOP_FILE 6 /* used by select */
-
-#endif
Binary files Linux-PAM-0.72/modules/pam_filter/libpam_filter.o and Linux-PAM-0.72.new/modules/pam_filter/libpam_filter.o differ
Binary files Linux-PAM-0.72/modules/pam_ftp/libpam_ftp.o and Linux-PAM-0.72.new/modules/pam_ftp/libpam_ftp.o differ
Binary files Linux-PAM-0.72/modules/pam_ftp/pam_ftp.so and Linux-PAM-0.72.new/modules/pam_ftp/pam_ftp.so differ
Binary files Linux-PAM-0.72/modules/pam_group/libpam_group.o and Linux-PAM-0.72.new/modules/pam_group/libpam_group.o differ
Binary files Linux-PAM-0.72/modules/pam_group/pam_group.so and Linux-PAM-0.72.new/modules/pam_group/pam_group.so differ
Binary files Linux-PAM-0.72/modules/pam_issue/libpam_issue.o and Linux-PAM-0.72.new/modules/pam_issue/libpam_issue.o differ
diff -urN Linux-PAM-0.72/modules/pam_issue/pam_issue.c Linux-PAM-0.72.new/modules/pam_issue/pam_issue.c
--- Linux-PAM-0.72/modules/pam_issue/pam_issue.c Sun Feb 24 15:05:15 2002
+++ Linux-PAM-0.72.new/modules/pam_issue/pam_issue.c Sun Feb 24 12:57:29 2002
@@ -18,6 +18,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
+#include <sys/param.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
@@ -212,12 +213,24 @@
case 'U':
{
int users = 0;
+#if (defined(BSD) && BSD >= 199306)
+ struct utmp ut;
+ FILE *uf;
+
+ if ((uf == fopen(_PATH_UTMP, "r")) != NULL) {
+ while (fread(&ut, sizeof(ut), 1, uf) > 0)
+ if (ut.ut_name[0] != '\0')
+ ++users;
+ (void) fclose(uf);
+ }
+#else
struct utmp *ut;
setutent();
while ((ut = getutent()))
if (ut->ut_type == USER_PROCESS)
users++;
endutent();
+#endif
printf ("%d ", users);
if (c == 'U')
snprintf (buf, 1024, "%s", (users == 1) ?
Binary files Linux-PAM-0.72/modules/pam_issue/pam_issue.so and Linux-PAM-0.72.new/modules/pam_issue/pam_issue.so differ
Binary files Linux-PAM-0.72/modules/pam_lastlog/libpam_lastlog.o and Linux-PAM-0.72.new/modules/pam_lastlog/libpam_lastlog.o differ
Binary files Linux-PAM-0.72/modules/pam_lastlog/pam_lastlog.so and Linux-PAM-0.72.new/modules/pam_lastlog/pam_lastlog.so differ
Binary files Linux-PAM-0.72/modules/pam_listfile/libpam_listfile.o and Linux-PAM-0.72.new/modules/pam_listfile/libpam_listfile.o differ
Binary files Linux-PAM-0.72/modules/pam_listfile/pam_listfile.so and Linux-PAM-0.72.new/modules/pam_listfile/pam_listfile.so differ
Binary files Linux-PAM-0.72/modules/pam_mail/libpam_mail.o and Linux-PAM-0.72.new/modules/pam_mail/libpam_mail.o differ
Binary files Linux-PAM-0.72/modules/pam_mail/pam_mail.so and Linux-PAM-0.72.new/modules/pam_mail/pam_mail.so differ
Binary files Linux-PAM-0.72/modules/pam_mkhomedir/libpam_mkhomedir.o and Linux-PAM-0.72.new/modules/pam_mkhomedir/libpam_mkhomedir.o differ
Binary files Linux-PAM-0.72/modules/pam_mkhomedir/pam_mkhomedir.so and Linux-PAM-0.72.new/modules/pam_mkhomedir/pam_mkhomedir.so differ
Binary files Linux-PAM-0.72/modules/pam_motd/libpam_motd.o and Linux-PAM-0.72.new/modules/pam_motd/libpam_motd.o differ
Binary files Linux-PAM-0.72/modules/pam_motd/pam_motd.so and Linux-PAM-0.72.new/modules/pam_motd/pam_motd.so differ
Binary files Linux-PAM-0.72/modules/pam_nologin/libpam_nologin.o and Linux-PAM-0.72.new/modules/pam_nologin/libpam_nologin.o differ
Binary files Linux-PAM-0.72/modules/pam_nologin/pam_nologin.so and Linux-PAM-0.72.new/modules/pam_nologin/pam_nologin.so differ
Binary files Linux-PAM-0.72/modules/pam_permit/libpam_permit.o and Linux-PAM-0.72.new/modules/pam_permit/libpam_permit.o differ
Binary files Linux-PAM-0.72/modules/pam_permit/pam_permit.so and Linux-PAM-0.72.new/modules/pam_permit/pam_permit.so differ
Binary files Linux-PAM-0.72/modules/pam_rhosts/libpam_rhosts.o and Linux-PAM-0.72.new/modules/pam_rhosts/libpam_rhosts.o differ
diff -urN Linux-PAM-0.72/modules/pam_rhosts/pam_rhosts_auth.c Linux-PAM-0.72.new/modules/pam_rhosts/pam_rhosts_auth.c
--- Linux-PAM-0.72/modules/pam_rhosts/pam_rhosts_auth.c Sun Feb 24 15:05:13 2002
+++ Linux-PAM-0.72.new/modules/pam_rhosts/pam_rhosts_auth.c Sun Feb 24 13:56:11 2002
@@ -48,10 +48,6 @@
#include <sys/fsuid.h>
#endif
-#ifdef HAVE_NET_IF_H
-#include <net/if.h>
-#endif
-
#include <sys/types.h>
#include <sys/uio.h>
#include <string.h>
@@ -59,6 +55,11 @@
#include <stdlib.h>
#include <sys/param.h>
#include <sys/socket.h>
+
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+
#include <netinet/in.h>
#include <netdb.h> /* This is supposed(?) to contain the following */
int innetgr(const char *, const char *, const char *,const char *);
Binary files Linux-PAM-0.72/modules/pam_rhosts/pam_rhosts_auth.so and Linux-PAM-0.72.new/modules/pam_rhosts/pam_rhosts_auth.so differ
Binary files Linux-PAM-0.72/modules/pam_rootok/libpam_rootok.o and Linux-PAM-0.72.new/modules/pam_rootok/libpam_rootok.o differ
Binary files Linux-PAM-0.72/modules/pam_rootok/pam_rootok.so and Linux-PAM-0.72.new/modules/pam_rootok/pam_rootok.so differ
Binary files Linux-PAM-0.72/modules/pam_securetty/libpam_securetty.o and Linux-PAM-0.72.new/modules/pam_securetty/libpam_securetty.o differ
Binary files Linux-PAM-0.72/modules/pam_securetty/pam_securetty.so and Linux-PAM-0.72.new/modules/pam_securetty/pam_securetty.so differ
Binary files Linux-PAM-0.72/modules/pam_shells/libpam_shells.o and Linux-PAM-0.72.new/modules/pam_shells/libpam_shells.o differ
Binary files Linux-PAM-0.72/modules/pam_shells/pam_shells.so and Linux-PAM-0.72.new/modules/pam_shells/pam_shells.so differ
Binary files Linux-PAM-0.72/modules/pam_stress/libpam_stress.o and Linux-PAM-0.72.new/modules/pam_stress/libpam_stress.o differ
Binary files Linux-PAM-0.72/modules/pam_stress/pam_stress.so and Linux-PAM-0.72.new/modules/pam_stress/pam_stress.so differ
Binary files Linux-PAM-0.72/modules/pam_tally/libpam_tally.o and Linux-PAM-0.72.new/modules/pam_tally/libpam_tally.o differ
Binary files Linux-PAM-0.72/modules/pam_tally/pam_tally and Linux-PAM-0.72.new/modules/pam_tally/pam_tally differ
Binary files Linux-PAM-0.72/modules/pam_tally/pam_tally.so and Linux-PAM-0.72.new/modules/pam_tally/pam_tally.so differ
Binary files Linux-PAM-0.72/modules/pam_time/libpam_time.o and Linux-PAM-0.72.new/modules/pam_time/libpam_time.o differ
Binary files Linux-PAM-0.72/modules/pam_time/pam_time.so and Linux-PAM-0.72.new/modules/pam_time/pam_time.so differ
diff -urN Linux-PAM-0.72/modules/pam_unix/Makefile Linux-PAM-0.72.new/modules/pam_unix/Makefile
--- Linux-PAM-0.72/modules/pam_unix/Makefile Sun Feb 24 15:05:14 2002
+++ Linux-PAM-0.72.new/modules/pam_unix/Makefile Sun Feb 24 14:44:37 2002
@@ -12,7 +12,7 @@
USE_LCKPWDF=-D"USE_LCKPWDF"
# do you need to include the locking functions in the source?
-#NEED_LCKPWDF=-D"NEED_LCKPWDF"
+NEED_LCKPWDF=-D"NEED_LCKPWDF"
ifeq ($(shell ./need_nsl.sh),yes)
LIBNSL = -lnsl
@@ -25,7 +25,7 @@
########################################################################
CFLAGS += $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS)
-LDLIBS = $(EXTRALS)
+LDLIBS = $(EXTRALS) -lcrypt
LIBOBJ = pam_unix_auth.o pam_unix_acct.o pam_unix_sess.o pam_unix_passwd.o \
support.o
diff -urN Linux-PAM-0.72/modules/pam_unix/md5.h Linux-PAM-0.72.new/modules/pam_unix/md5.h
--- Linux-PAM-0.72/modules/pam_unix/md5.h Sun Feb 24 15:05:19 2002
+++ Linux-PAM-0.72.new/modules/pam_unix/md5.h Sun Feb 24 14:18:37 2002
@@ -1,7 +1,7 @@
#ifndef MD5_H
#define MD5_H
-#include <stdint.h>
+#include <inttypes.h>
typedef uint32_t uint32;
diff -urN Linux-PAM-0.72/modules/pam_unix/pam_unix_acct.c Linux-PAM-0.72.new/modules/pam_unix/pam_unix_acct.c
--- Linux-PAM-0.72/modules/pam_unix/pam_unix_acct.c Sun Feb 24 15:05:10 2002
+++ Linux-PAM-0.72.new/modules/pam_unix/pam_unix_acct.c Sun Feb 24 14:52:05 2002
@@ -39,9 +39,12 @@
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
+#include <sys/param.h>
#include <syslog.h>
#include <pwd.h>
+#ifndef BSD
#include <shadow.h>
+#endif
#include <time.h> /* for time() */
@@ -71,7 +74,7 @@
const char *uname;
int retval, daysleft;
time_t curdays;
- struct spwd *spent;
+ struct spwd *spent = NULL;
struct passwd *pwent;
char buf[80];
@@ -112,6 +115,9 @@
return PAM_CRED_INSUFFICIENT;
}
}
+#ifdef BSD
+ spent = NULL;
+#else
spent = getspnam( uname );
if (save_uid == pwent->pw_uid)
setreuid( save_uid, save_euid );
@@ -120,15 +126,49 @@
setreuid( save_uid, -1 );
setreuid( -1, save_euid );
}
-
+#endif
} else if (!strcmp( pwent->pw_passwd, "x" )) {
+#ifdef BSD
+ spent = NULL;
+#else
spent = getspnam(uname);
- } else if ((spent = getspnam(uname)) == NULL) {
+#endif
+#if (defined(BSD) && BSD >= 199306)
+ } else {
+ time_t now = time(NULL);
+ if (pwent->pw_expire==0) {
+ return PAM_SUCCESS;
+ }
+ if (now > pwent->pw_expire) {
+ _log_err(LOG_NOTICE
+ ,"account %s has expired (account expired)"
+ ,uname);
+ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
+ "Your account has expired; please contact your system administrator");
+ D(("account expired"));
+ return PAM_ACCT_EXPIRED;
+ }
+ else if (now + _PASSWORD_WARNDAYS * 86400 > pwent->pw_expire) {
+ daysleft = (pwent->pw_expire - now) / 86400;
+ _log_err(LOG_DEBUG
+ ,"password for user %s will expire in %d days"
+ ,uname, daysleft);
+ snprintf(buf, 80, "Warning: your password will expire in %d day%.2s",
+ daysleft, daysleft == 1 ? "" : "s");
+ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
+ }
return PAM_SUCCESS;
}
if (!spent)
return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */
+#else
+ } else if ((spent = getspnam(uname)) == NULL) {
+ return PAM_SUCCESS;
+ }
+
+ if (!spent)
+ return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */
curdays = time(NULL) / (60 * 60 * 24);
D(("today is %d, last change %d", curdays, spent->sp_lstchg));
@@ -184,9 +224,8 @@
daysleft, daysleft == 1 ? "" : "s");
_make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
}
-
D(("all done"));
-
+#endif
return PAM_SUCCESS;
}
diff -urN Linux-PAM-0.72/modules/pam_unix/pam_unix_passwd.c Linux-PAM-0.72.new/modules/pam_unix/pam_unix_passwd.c
--- Linux-PAM-0.72/modules/pam_unix/pam_unix_passwd.c Sun Feb 24 15:05:19 2002
+++ Linux-PAM-0.72.new/modules/pam_unix/pam_unix_passwd.c Sun Feb 24 12:57:29 2002
@@ -44,7 +44,10 @@
#include <errno.h>
#include <pwd.h>
#include <syslog.h>
+#include <sys/param.h>
+#ifndef BSD
#include <shadow.h>
+#endif
#include <time.h> /* for time() */
#include <fcntl.h>
#include <ctype.h>
@@ -75,7 +78,7 @@
#include "md5.h"
#include "support.h"
-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
+#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
extern int getrpcport(const char *host, unsigned long prognum,
unsigned long versnum, unsigned int proto);
#endif /* GNU libc 2.1 */
@@ -329,6 +332,9 @@
static int _update_passwd(const char *forwho, char *towhat)
{
+#ifdef BSD
+ return PAM_AUTHTOK_ERR;
+#else
struct passwd *tmpent = NULL;
FILE *pwfile, *opwfile;
int retval = 0;
@@ -371,10 +377,14 @@
unlink(PW_TMPFILE);
return retval;
+#endif
}
static int _update_shadow(const char *forwho, char *towhat)
{
+#ifdef BSD
+ return PAM_AUTHTOK_ERR;
+#else
struct spwd *spwdent = NULL, *stmpent = NULL;
FILE *pwfile, *opwfile;
int retval = 0;
@@ -425,6 +435,7 @@
unlink(SH_TMPFILE);
return retval;
+#endif
}
static int _do_setpass(const char *forwho, char *fromwhat, char *towhat,
@@ -537,15 +548,18 @@
return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */
if (strcmp(pwd->pw_passwd, "x") == 0) {
+#ifndef BSD
/* ...and shadow password file entry for this user, if shadowing
is enabled */
setspent();
spwdent = getspnam(user);
endspent();
+#endif
if (spwdent == NULL)
return PAM_AUTHINFO_UNAVAIL;
} else {
+#ifndef BSD
if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */
uid_t save_uid;
@@ -558,8 +572,15 @@
return PAM_AUTHINFO_UNAVAIL;
} else
spwdent = NULL;
+#endif
}
+#ifdef BSD
+ if (off(UNIX__IAMROOT, ctrl)) {
+ if (time(NULL) > pwd->pw_expire)
+ retval = PAM_ACCT_EXPIRED;
+ }
+#else
if (spwdent != NULL) {
/* We have the user's information, now let's check if their account
has expired (60 * 60 * 24 = number of seconds in a day) */
@@ -585,6 +606,7 @@
retval = PAM_ACCT_EXPIRED;
}
}
+#endif
return retval;
}
diff -urN Linux-PAM-0.72/modules/pam_unix/support.c Linux-PAM-0.72.new/modules/pam_unix/support.c
--- Linux-PAM-0.72/modules/pam_unix/support.c Sun Feb 24 15:05:19 2002
+++ Linux-PAM-0.72.new/modules/pam_unix/support.c Sun Feb 24 12:57:30 2002
@@ -10,7 +10,10 @@
#include <string.h>
#include <malloc.h>
#include <pwd.h>
+#include <sys/param.h>
+#ifndef BSD
#include <shadow.h>
+#endif
#include <limits.h>
#include <utmp.h>
@@ -100,6 +103,9 @@
*/
char *PAM_getlogin(void)
{
+#ifdef BSD
+ return getlogin();
+#else
struct utmp *ut, line;
char *curr_tty, *retval;
static char curr_user[UT_NAMESIZE + 4];
@@ -121,6 +127,7 @@
D(("PAM_getlogin retval: %s", retval));
return retval;
+#endif
}
/*
@@ -308,6 +315,7 @@
pwd = getpwnam(name); /* Get password file entry... */
if (pwd != NULL) {
+#ifndef BSD
if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
{ /* NIS+ */
uid_t save_euid, save_uid;
@@ -345,6 +353,7 @@
if (spwdent)
salt = x_strdup(spwdent->sp_pwdp);
else
+#endif
salt = x_strdup(pwd->pw_passwd);
}
/* Does this user have a password? */
@@ -465,6 +474,7 @@
pwd = getpwnam(name); /* Get password file entry... */
if (pwd != NULL) {
+#ifndef BSD
if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
{ /* NIS+ */
uid_t save_euid, save_uid;
@@ -482,7 +492,7 @@
return PAM_CRED_INSUFFICIENT;
}
}
-
+
spwdent = getspnam( name );
if (save_uid == pwd->pw_uid)
setreuid( save_uid, save_euid );
@@ -501,6 +511,7 @@
if (spwdent)
salt = x_strdup(spwdent->sp_pwdp);
else
+#endif
salt = x_strdup(pwd->pw_passwd);
}
diff -urN Linux-PAM-0.72/modules/pam_unix/unix_chkpwd.c Linux-PAM-0.72.new/modules/pam_unix/unix_chkpwd.c
--- Linux-PAM-0.72/modules/pam_unix/unix_chkpwd.c Sun Feb 24 15:05:19 2002
+++ Linux-PAM-0.72.new/modules/pam_unix/unix_chkpwd.c Sun Feb 24 12:57:30 2002
@@ -20,8 +20,11 @@
#include <syslog.h>
#include <unistd.h>
#include <sys/types.h>
+#include <sys/param.h>
#include <pwd.h>
+#ifndef BSD
#include <shadow.h>
+#endif
#include <signal.h>
#define MAXPASS 200 /* the maximum length of a password */
@@ -99,6 +102,9 @@
pwd = getpwnam(name); /* Get password file entry... */
endpwent();
if (pwd != NULL) {
+#ifdef BSD
+ salt = x_strdup(pwd->pw_passwd);
+#else
if (strcmp(pwd->pw_passwd, "x") == 0) {
/*
* ...and shadow password file entry for this user,
@@ -125,6 +131,7 @@
salt = x_strdup(pwd->pw_passwd);
}
}
+#endif
}
if (pwd == NULL || salt == NULL) {
_log_err(LOG_WARNING, "check pass; user unknown");
diff -urN Linux-PAM-0.72/modules/pam_userdb/Makefile Linux-PAM-0.72.new/modules/pam_userdb/Makefile
--- Linux-PAM-0.72/modules/pam_userdb/Makefile Sun Feb 24 15:05:18 2002
+++ Linux-PAM-0.72.new/modules/pam_userdb/Makefile Sun Feb 24 14:25:16 2002
@@ -13,7 +13,7 @@
LIBOBJD = $(addprefix dynamic/,$(LIBOBJ))
#LIBOBJS = $(addprefix static/,$(LIBOBJ))
-EXTRALS += -ldb3
+EXTRALS += -ldb
dynamic/%.o : %.c
$(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@
Binary files Linux-PAM-0.72/modules/pam_warn/libpam_warn.o and Linux-PAM-0.72.new/modules/pam_warn/libpam_warn.o differ
Binary files Linux-PAM-0.72/modules/pam_warn/pam_warn.so and Linux-PAM-0.72.new/modules/pam_warn/pam_warn.so differ
Reply to:
- References:
- PAM
- From: Matthew Garrett <mjg59@srcf.ucam.org>
- Re: PAM