Second shot at PAM
Ok, I took took heed of the comments that I recieved and I updated
the patch. So here it is, less __GNU__ and more common sense. The patch
should work for Linux and Hurd so it can be incorporated into the debian
package right away, whether it should be submitted to the upstream maintainers
should most probably be at the discretion of the debian maintainer.
There might still be some problems during the build that have to do with
build scripts and not the source, so someone else should try it out and see
if there are any problems. Just d/l the pam source package and copy the patch
into the debian/patches directory.
Igor
diff -ru Linux-PAM-0.72.orig/modules/pam_filter/pam_filter.c Linux-PAM-0.72/modules/pam_filter/pam_filter.c
--- Linux-PAM-0.72.orig/modules/pam_filter/pam_filter.c Tue Oct 24 23:23:01 2000
+++ Linux-PAM-0.72/modules/pam_filter/pam_filter.c Tue Oct 24 23:28:23 2000
@@ -19,7 +19,7 @@
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
-#include <termio.h>
+#include <termios.h>
#include <signal.h>
@@ -276,7 +276,7 @@
{
int status=-1;
char terminal[TERMINAL_LEN];
- struct termio stored_mode; /* initial terminal mode settings */
+ struct termios stored_mode; /* initial terminal mode settings */
int fd[2], child=0, child2=0, aterminal;
if (filtername == NULL || *filtername != '/') {
@@ -305,13 +305,13 @@
/* this is termio terminal handling... */
- if (ioctl(STDIN_FILENO, TCGETA, (char *) &stored_mode ) < 0) {
+ if (tcgetattr(STDIN_FILENO, &stored_mode) < 0) {
/* in trouble, so close down */
close(fd[0]);
_pam_log(LOG_CRIT, "couldn't copy terminal mode");
return PAM_ABORT;
} else {
- struct termio t_mode = stored_mode;
+ struct termios t_mode = stored_mode;
t_mode.c_iflag = 0; /* no input control */
t_mode.c_oflag &= ~OPOST; /* no ouput post processing */
@@ -324,7 +324,7 @@
t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */
t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */
- if (ioctl(STDIN_FILENO, TCSETA, (char *) &t_mode) < 0) {
+ if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0) {
close(fd[0]);
_pam_log(LOG_WARNING, "couldn't put terminal in RAW mode");
return PAM_ABORT;
@@ -354,7 +354,7 @@
_pam_log(LOG_WARNING,"first fork failed");
if (aterminal) {
- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode);
+ (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode);
}
return PAM_AUTH_ERR;
@@ -396,7 +396,7 @@
/* initialize the child's terminal to be the way the
parent's was before we set it into RAW mode */
- if (ioctl(fd[1], TCSETA, (char *) &stored_mode) < 0) {
+ if (tcsetattr(fd[1], TCSANOW, &stored_mode) < 0) {
_pam_log(LOG_WARNING,"cannot set slave terminal mode; %s"
,terminal);
close(fd[1]);
@@ -570,7 +570,7 @@
if (aterminal) {
/* reset to initial terminal mode */
- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode);
+ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode);
}
if (ctrl & FILTER_DEBUG) {
diff -ru Linux-PAM-0.72.orig/modules/pam_limits/pam_limits.c Linux-PAM-0.72/modules/pam_limits/pam_limits.c
--- Linux-PAM-0.72.orig/modules/pam_limits/pam_limits.c Tue Oct 24 23:23:01 2000
+++ Linux-PAM-0.72/modules/pam_limits/pam_limits.c Tue Oct 24 23:31:11 2000
@@ -289,8 +289,10 @@
limit_item = RLIMIT_NOFILE;
else if (strcmp(lim_item, "memlock") == 0)
limit_item = RLIMIT_MEMLOCK;
+#ifdef RLIMIT_AS
else if (strcmp(lim_item, "as") == 0)
limit_item = RLIMIT_AS;
+#endif
else if (strcmp(lim_item, "maxlogins") == 0) {
limit_item = LIMIT_LOGIN;
flag_numsyslogins = 0;
@@ -343,7 +345,9 @@
case RLIMIT_CORE:
case RLIMIT_RSS:
case RLIMIT_MEMLOCK:
+#ifdef RLIMIT_AS
case RLIMIT_AS:
+#endif
limit_value *= 1024;
break;
}
diff -ru Linux-PAM-0.72.orig/modules/pam_rhosts/pam_rhosts_auth.c Linux-PAM-0.72/modules/pam_rhosts/pam_rhosts_auth.c
--- Linux-PAM-0.72.orig/modules/pam_rhosts/pam_rhosts_auth.c Tue Oct 24 23:23:01 2000
+++ Linux-PAM-0.72/modules/pam_rhosts/pam_rhosts_auth.c Wed Oct 25 00:32:39 2000
@@ -64,14 +64,18 @@
#include <sys/time.h>
#include <arpa/inet.h>
+#ifndef __GNU__ /* MAX* type macros don't make sense on Hurd */
#ifndef MAXDNAME
#define MAXDNAME 256
#endif
+#endif
#include <stdarg.h>
#include <ctype.h>
+#ifndef __GNU__ /* Hurd does not have MAXHOSTNAMELEN */
#include <net/if.h>
+#endif
#ifdef HAVE_SYS_FSUID_H
#include <sys/fsuid.h>
#endif
@@ -359,11 +363,26 @@
register const char *user;
register char *p;
int hcheck, ucheck;
+#ifndef __GNU__
char buf[MAXHOSTNAMELEN + 128]; /* host + login */
+#else
+ char *buf = 0, *old_buf = 0;
+ size_t buf_len = 0;
+#endif
+#ifndef __GNU__
buf[sizeof (buf)-1] = '\0'; /* terminate line */
- while (fgets(buf, sizeof(buf), hostf) != NULL) { /* hostf file line */
+ while (fgets(buf, sizeof(buf), hostf) != NULL) /* hostf file line */
+#else
+ while (getline(&buf, &buf_len, hostf) > 0)
+#endif
+ {
+#ifdef __GNU__
+ if (!buf)
+ free(old_buf);
+ old_buf = buf;
+#endif
p = buf; /* from beginning of file.. */
/* Skip empty or comment lines */
@@ -371,6 +390,7 @@
continue;
}
+#ifndef __GNU__ /* not an issue on Hurd */
/* Skip lines that are too long. */
if (strchr(p, '\n') == NULL) {
int ch = getc(hostf);
@@ -379,6 +399,7 @@
ch = getc(hostf);
continue;
}
+#endif
/*
* If there is a hostname at the start of the line. Set it to
@@ -432,6 +453,9 @@
/* Neither, go on looking for match */
}
}
+#ifdef __GNU__
+ free(buf);
+#endif
return (1);
}
@@ -457,7 +481,11 @@
FILE *hostf;
uid_t uid;
int answer;
+#ifndef __GNU__
char pbuf[MAXPATHLEN]; /* potential buffer overrun */
+#else
+ char *pbuf = 0;
+#endif
if ((!superuser||opts->opt_hosts_equiv_rootok) && !opts->opt_no_hosts_equiv ) {
@@ -491,6 +519,7 @@
return(1);
}
+#ifndef __GNU__
/* check for buffer overrun */
if (strlen(pwd->pw_dir) + sizeof(USER_RHOSTS_FILE) + 2 >= MAXPATHLEN) {
if (opts->opt_debug)
@@ -500,6 +529,15 @@
(void) strcpy(pbuf, pwd->pw_dir);
(void) strcat(pbuf, USER_RHOSTS_FILE);
+#else
+ asprintf(&pbuf, "%s%s", pwd->pw_dir, USER_RHOSTS_FILE);
+ if (!pbuf) {
+ if (opts->opt_debug)
+ _pam_log(LOG_DEBUG,
+ "not enough memory to store home directory for `%s'", luser);
+ return 1;
+ }
+#endif
/*
* Change effective uid while _reading_ .rhosts. (not just
@@ -593,6 +631,9 @@
if (hostf != NULL)
(void) fclose(hostf);
+#ifdef __GNU__
+ free(pbuf);
+#endif
return answer;
}
diff -ru Linux-PAM-0.72.orig/modules/pam_unix/unix_chkpwd.c Linux-PAM-0.72/modules/pam_unix/unix_chkpwd.c
--- Linux-PAM-0.72.orig/modules/pam_unix/unix_chkpwd.c Tue Oct 24 23:23:01 2000
+++ Linux-PAM-0.72/modules/pam_unix/unix_chkpwd.c Wed Oct 25 00:37:59 2000
@@ -51,6 +51,11 @@
static void su_sighandler(int sig)
{
+#ifdef __GNU__
+ /* emulate the behavior of the SA_RESETHAND flag */
+ if (sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig == SIGSEGV)
+ signal(sig, SIG_DFL);
+#endif
if (sig > 0) {
_log_err(LOG_NOTICE, "caught signal %d.", sig);
exit(sig);
@@ -66,7 +71,9 @@
*/
(void) memset((void *) &action, 0, sizeof(action));
action.sa_handler = su_sighandler;
+#ifndef __GNU__
action.sa_flags = SA_RESETHAND;
+#endif
(void) sigaction(SIGILL, &action, NULL);
(void) sigaction(SIGTRAP, &action, NULL);
(void) sigaction(SIGBUS, &action, NULL);
@@ -130,9 +137,9 @@
/* Hack off SysVR4 password aging */
{
- char tmp;
+ char *tmp;
- if (tmp == strrchr(p, ',') != NULL) tmp = '\0';
+ if ((tmp = strrchr(p, ',')) != NULL) *tmp = '\0';
}
/* the moment of truth -- do we agree with the password? */
Reply to: