pam patch
I think this makes pam buildable under the Hurd. I do not know if I did
something stupid and I do not use the affected modules myself.
Could anybody look at it or even test it?
Thanks
diff -uar pam-0.76.orig/Linux-PAM/Make.Rules.in pam-0.76/Linux-PAM/Make.Rules.in
--- pam-0.76.orig/Linux-PAM/Make.Rules.in 2002-10-14 13:53:56.000000000 +0200
+++ pam-0.76/Linux-PAM/Make.Rules.in 2002-10-14 17:13:12.000000000 +0200
@@ -88,6 +88,7 @@
SUPLEMENTED=@SUPLEMENTED@
INCLUDED=@INCLUDEDIR@/security
CRACKLIB_DICTPATH=@CRACKLIB_DICTPATH@
+DB_LIB=@DB_LIB@
# generic build setup
OS=@OS@
diff -uar pam-0.76.orig/Linux-PAM/configure.in pam-0.76/Linux-PAM/configure.in
--- pam-0.76.orig/Linux-PAM/configure.in 2002-10-14 13:53:58.000000000 +0200
+++ pam-0.76/Linux-PAM/configure.in 2002-10-14 17:12:34.000000000 +0200
@@ -208,12 +208,18 @@
AC_CHECK_LIB(ndbm, dbm_store, HAVE_LIBNDBM=yes ; AC_DEFINE(HAVE_LIBNDBM),
HAVE_LIBNDBM=no)
AC_SUBST(HAVE_LIBNDBM)
-AC_CHECK_LIB(db3, main, HAVE_LIBDB=yes ; AC_DEFINE(HAVE_LIBDB),
+# I do not know why libdb passing does not work automagically..
+AC_CHECK_LIB(db-4.0, main, HAVE_LIBDB=yes ; DB_LIB=-4.0 ; AC_DEFINE(HAVE_LIBDB),
HAVE_LIBDB=no)
if test x$HAVE_LIBDB != xyes ; then
- AC_CHECK_LIB(db, db_create, HAVE_LIBDB=yes ; AC_DEFINE(HAVE_LIBDB),
+ AC_CHECK_LIB(db3, main, HAVE_LIBDB=yes ; DB_LIB=3 ; AC_DEFINE(HAVE_LIBDB),
HAVE_LIBDB=no)
fi
+if test x$HAVE_LIBDB != xyes ; then
+ AC_CHECK_LIB(db, db_create, HAVE_LIBDB=yes ; DB_LIB= ; AC_DEFINE(HAVE_LIBDB),
+ HAVE_LIBDB=no)
+fi
+AC_SUBST(DB_LIB)
AC_SUBST(HAVE_LIBDB)
AC_CHECK_LIB(fl, yylex, yyterminate, HAVE_LIBFL=yes ; AC_DEFINE(HAVE_LIBFL),
HAVE_LIBFL=no)
@@ -290,7 +296,7 @@
### May need per-OS attention
### Example: -D_POSIX_SOURCE: needed on Linux but harms Solaris.
case $OS in
- linux)
+ linux|gnu)
OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic"
LD_D="gcc -shared -Xlinker -x"
WARNINGS="$GCC_WARNINGS"
@@ -363,11 +369,11 @@
CC_STATIC=
else
echo "IRIX prior to 6.5 not allowed for"
- exit
+ exit 1
fi
;;
*) echo "Native compiler on $OS is not yet supported"
- exit
+ exit 1
;;
esac
fi
@@ -377,6 +383,7 @@
AC_SUBST(WARNINGS)
AC_SUBST(PIC)
AC_SUBST(LD)
+AC_SUBST(LIBS)
AC_SUBST(LD_D)
AC_SUBST(LD_L)
AC_SUBST(RANLIB)
diff -uar pam-0.76.orig/Linux-PAM/modules/pam_filter/pam_filter.c pam-0.76/Linux-PAM/modules/pam_filter/pam_filter.c
--- pam-0.76.orig/Linux-PAM/modules/pam_filter/pam_filter.c 2002-10-14 13:54:08.000000000 +0200
+++ pam-0.76/Linux-PAM/modules/pam_filter/pam_filter.c 2002-10-14 12:24:23.000000000 +0200
@@ -319,7 +319,11 @@
t_mode.c_oflag &= ~OPOST; /* no ouput post processing */
/* no signals, canonical input, echoing, upper/lower output */
+#ifdef XCASE
t_mode.c_lflag &= ~(ISIG|ICANON|ECHO|XCASE);
+#else
+ t_mode.c_lflag &= ~(ISIG|ICANON|ECHO);
+#endif
t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */
t_mode.c_cflag |= CS8; /* 8 bit chars */
diff -uar pam-0.76.orig/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c pam-0.76/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c
--- pam-0.76.orig/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c 2002-09-15 22:08:52.000000000 +0200
+++ pam-0.76/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c 2002-10-14 15:59:42.000000000 +0200
@@ -217,7 +217,15 @@
int DestFd;
int Res;
struct stat St;
+#ifndef PATH_MAX
+ char *newsource=NULL, *newdest=NULL;
+ /* track length of buffers */
+ int nslen=0, ndlen=0,
+ slen=strlen(source), dlen=strlen(dest);
+ /* XXX should I check for strlen, sprintf, malloc ? */
+#else
char newsource[PATH_MAX], newdest[PATH_MAX];
+#endif
/* Skip some files.. */
if (strcmp(Dir->d_name,".") == 0 ||
@@ -225,37 +233,103 @@
continue;
/* Determine what kind of file it is. */
+#ifndef PATH_MAX
+ nslen=slen+strlen(Dir->d_name)+2;
+ if((newsource=malloc(nslen))==NULL){
+ return PAM_BUF_ERR;
+ }
+ sprintf(newsource,"%s/%s",source,Dir->d_name);
+#else
snprintf(newsource,sizeof(newsource),"%s/%s",source,Dir->d_name);
+#endif
if (lstat(newsource,&St) != 0)
+#ifndef PATH_MAX
+ {
+ free(newsource);newsource=NULL;
+ continue;
+ }
+#else
continue;
+#endif
+
/* We'll need the new file's name. */
+#ifndef PATH_MAX
+ ndlen=dlen+strlen(Dir->d_name)+2;
+ if((newdest=malloc(ndlen))==NULL){
+ free(newsource);
+ return PAM_BUF_ERR;
+ }
+ sprintf(newdest,"%s/%s",dest,Dir->d_name);
+#else
snprintf(newdest,sizeof(newdest),"%s/%s",dest,Dir->d_name);
+#endif
/* If it's a directory, recurse. */
if (S_ISDIR(St.st_mode))
{
create_homedir(pamh, ctrl, pwd, newsource, newdest);
+#ifndef PATH_MAX
+ free(newsource);newsource=NULL;
+ free(newdest);newdest=NULL;
+#endif
continue;
}
/* If it's a symlink, create a new link. */
if (S_ISLNK(St.st_mode))
{
+ int pointedlen;
+#ifndef PATH_MAX
+ char *pointed=NULL;
+ {
+ int size = 100;
+
+ while (1)
+ {
+ pointed = (char *) malloc (size);
+ if(!pointed){
+ free(newsource); free(newdest);
+ return PAM_BUF_ERR;
+ }
+ pointedlen = readlink (newsource, pointed, size);
+ if (pointedlen < 0) break;
+ if (pointedlen < size) break;
+ free (pointed);
+ size *= 2;
+ }
+ }
+ if(pointedlen<0)
+ free(pointed);
+ else
+ pointed[pointedlen]=0;
+#else
char pointed[PATH_MAX];
memset(pointed, 0, sizeof(pointed));
- if(readlink(newsource, pointed, sizeof(pointed) - 1) != -1)
- {
+ pointedlen=readlink(newsource, pointed, sizeof(pointed) - 1);
+#endif
+ if(pointedlen>=0) {
if(symlink(pointed, newdest) == 0)
{
if (lchown(newdest,pwd->pw_uid,pwd->pw_gid) != 0)
{
- _log_err(LOG_DEBUG, "unable to chang perms on link %s",
+ _log_err(LOG_DEBUG, "unable to change perms on link %s",
newdest);
+#ifndef PATH_MAX
+ free(pointed);
+ free(newsource); free(newdest);
+#endif
return PAM_PERM_DENIED;
}
}
+#ifndef PATH_MAX
+ free(pointed);
+#endif
}
+#ifndef PATH_MAX
+ free(newsource);newsource=NULL;
+ free(newdest);newdest=NULL;
+#endif
continue;
}
@@ -263,6 +337,10 @@
* the new device node, FIFO, or whatever it is. */
if (!S_ISREG(St.st_mode))
{
+#ifndef PATH_MAX
+ free(newsource);newsource=NULL;
+ free(newdest);newdest=NULL;
+#endif
continue;
}
@@ -270,6 +348,9 @@
if ((SrcFd = open(newsource,O_RDONLY)) < 0 || fstat(SrcFd,&St) != 0)
{
_log_err(LOG_DEBUG, "unable to open src file %s",newsource);
+#ifndef PATH_MAX
+ free(newsource); free(newdest);
+#endif
return PAM_PERM_DENIED;
}
stat(newsource,&St);
@@ -279,6 +360,9 @@
{
close(SrcFd);
_log_err(LOG_DEBUG, "unable to open dest file %s",newdest);
+#ifndef PATH_MAX
+ free(newsource); free(newdest);
+#endif
return PAM_PERM_DENIED;
}
@@ -291,6 +375,9 @@
close(SrcFd);
close(DestFd);
_log_err(LOG_DEBUG, "unable to chang perms on copy %s",newdest);
+#ifndef PATH_MAX
+ free(newsource); free(newdest);
+#endif
return PAM_PERM_DENIED;
}
@@ -303,12 +390,19 @@
close(SrcFd);
close(DestFd);
_log_err(LOG_DEBUG, "unable to perform IO");
+#ifndef PATH_MAX
+ free(newsource); free(newdest);
+#endif
return PAM_PERM_DENIED;
}
}
while (Res != 0);
close(SrcFd);
close(DestFd);
+#ifndef PATH_MAX
+ free(newsource);newsource=NULL;
+ free(newdest);newdest=NULL;
+#endif
}
return PAM_SUCCESS;
diff -uar pam-0.76.orig/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c pam-0.76/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c
--- pam-0.76.orig/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c 2002-10-14 13:54:10.000000000 +0200
+++ pam-0.76/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c 2002-10-14 16:50:24.000000000 +0200
@@ -380,11 +380,18 @@
register const char *user;
register char *p;
int hcheck, ucheck;
+#ifndef MAXHOSTNAMELEN
+ char *buf=NULL;
+ int buflen=0;
+ /* XXX definitely should check for getline if should be portable */
+ while (getline(&buf,&buflen,hostf)) {
+#else
char buf[MAXHOSTNAMELEN + 128]; /* host + login */
buf[sizeof (buf)-1] = '\0'; /* terminate line */
while (fgets(buf, sizeof(buf), hostf) != NULL) { /* hostf file line */
+#endif
p = buf; /* from beginning of file.. */
/* Skip empty or comment lines */
@@ -432,8 +439,12 @@
/* First check host part */
hcheck=__icheckhost(pamh, opts, raddr, buf, rhost);
- if (hcheck<0)
+ if (hcheck<0){
+#ifndef MAXHOSTNAMELEN
+ free(buf);
+#endif
return(1);
+ }
if (hcheck) {
/* Then check user part */
@@ -443,16 +454,27 @@
ucheck=__icheckuser(pamh, opts, user, ruser, rhost);
/* Positive 'host user' match? */
- if (ucheck>0)
+ if (ucheck>0){
+#ifndef MAXHOSTNAMELEN
+ free(buf);
+#endif
return(0);
+ }
/* Negative 'host -user' match? */
- if (ucheck<0)
+ if (ucheck<0){
+#ifndef MAXHOSTNAMELEN
+ free(buf);
+#endif
return(1);
+ }
/* Neither, go on looking for match */
}
}
+#ifndef MAXHOSTNAMELEN
+ if(buf)free(buf);
+#endif
return (1);
}
@@ -478,7 +500,12 @@
FILE *hostf;
uid_t uid;
int answer;
+#ifndef MAXPATHELN
+ char *pbuf=NULL;
+ int pblen;
+#else
char pbuf[MAXPATHLEN]; /* potential buffer overrun */
+#endif
if ((!superuser||opts->opt_hosts_equiv_rootok) && !opts->opt_no_hosts_equiv ) {
@@ -512,12 +539,21 @@
return(1);
}
+#ifndef MAXPATHLEN
+ pblen=strlen(pwd->pw_dir) + sizeof(USER_RHOSTS_FILE) + 2;
+ if(!(pbuf=malloc(pblen))){
+ answer=PAM_BUF_ERR;
+ opts->last_error="Memory allocation failed.";
+ goto exit_function;
+ }
+#else
/* check for buffer overrun */
if (strlen(pwd->pw_dir) + sizeof(USER_RHOSTS_FILE) + 2 >= MAXPATHLEN) {
if (opts->opt_debug)
_pam_log(LOG_DEBUG,"home directory for `%s' is too long", luser);
return 1; /* to dangerous to try */
}
+#endif
(void) strcpy(pbuf, pwd->pw_dir);
(void) strcat(pbuf, USER_RHOSTS_FILE);
@@ -604,6 +640,9 @@
* Go here to exit after the fsuid/euid has been adjusted so that
* they are reset before we exit.
*/
+#ifndef MAXPATHLEN
+ if(pbuf)free(pbuf);
+#endif
#ifdef linux
setfsuid(uid);
diff -uar pam-0.76.orig/Linux-PAM/modules/pam_userdb/Makefile pam-0.76/Linux-PAM/modules/pam_userdb/Makefile
--- pam-0.76.orig/Linux-PAM/modules/pam_userdb/Makefile 2002-10-14 13:54:15.000000000 +0200
+++ pam-0.76/Linux-PAM/modules/pam_userdb/Makefile 2002-10-14 17:16:03.000000000 +0200
@@ -18,7 +18,7 @@
else
ifeq ($(HAVE_LIBDB),yes)
WHICH_DB=db
- MODULE_SIMPLE_EXTRALIBS = -ldb3
+ MODULE_SIMPLE_EXTRALIBS = -ldb$(DB_LIB)
else
WHICH_DB=none
endif
diff -uar pam-0.76.orig/debian/control pam-0.76/debian/control
--- pam-0.76.orig/debian/control 2002-10-14 13:54:16.000000000 +0200
+++ pam-0.76/debian/control 2002-10-14 12:24:23.000000000 +0200
@@ -3,7 +3,8 @@
Priority: optional
Maintainer: Sam Hartman <hartmans@debian.org>
Standards-Version: 3.2.1.0
-Build-Depends: cracklib2-dev, bzip2, debhelper, patch, libdb3-dev, libcap-dev [!hurd-i386], sgml-tools, latex2html, tetex-extra, groff, opensp
+Build-Depends: cracklib2-dev, bzip2, debhelper, patch, libdb3-dev|libdb4.0-dev, libcap-dev [!hurd-i386]
+Build-Depends-Indep: sgml-tools, latex2html, tetex-extra, groff, opensp
Package: libpam0g
Priority: required
--
Michal Suchanek
hramrach@centrum.cz
Reply to:
- Follow-Ups:
- Re: pam patch
- From: PUYDT Julien <julien.puydt@club-internet.fr>
- Re: pam patch
- From: James Morrison <rocketmail_com@rocketmail.com>