From 9781bbac76546ce3f7e39098c868cad91da4b7a1 Mon Sep 17 00:00:00 2001 From: Ade Lovett Date: Fri, 13 Oct 2000 20:18:33 +0000 Subject: Update to 0.4.7 Use strlcpy rather than strncpy etc. PR: 21511 Submitted by: maintainer --- security/pam-mysql/Makefile | 2 +- security/pam-mysql/distinfo | 2 +- security/pam-mysql/files/patch-aa | 160 +++++++++++++------------------------- 3 files changed, 57 insertions(+), 107 deletions(-) (limited to 'security/pam-mysql') diff --git a/security/pam-mysql/Makefile b/security/pam-mysql/Makefile index d51d4d948fbc..4ea31410813d 100644 --- a/security/pam-mysql/Makefile +++ b/security/pam-mysql/Makefile @@ -6,7 +6,7 @@ # PORTNAME= pam_mysql -PORTVERSION= 0.4 +PORTVERSION= 0.4.7 CATEGORIES= security databases MASTER_SITES= http://download.sourceforge.net/pam-mysql/ \ http://www.freenix.no/~anders/ diff --git a/security/pam-mysql/distinfo b/security/pam-mysql/distinfo index 0e71567ccb42..d1dc96c9c5a3 100644 --- a/security/pam-mysql/distinfo +++ b/security/pam-mysql/distinfo @@ -1 +1 @@ -MD5 (pam_mysql-0.4.tar.gz) = ae30788ac9c5d02fa1045d3403d48f2f +MD5 (pam_mysql-0.4.7.tar.gz) = 8442ec07c3de929720bbb8783750a1ff diff --git a/security/pam-mysql/files/patch-aa b/security/pam-mysql/files/patch-aa index 404eb8cbda02..6de3b98a6fdc 100644 --- a/security/pam-mysql/files/patch-aa +++ b/security/pam-mysql/files/patch-aa @@ -1,5 +1,5 @@ ---- pam_mysql.c.old Tue Aug 29 03:31:46 2000 -+++ pam_mysql.c Tue Aug 29 03:31:37 2000 +--- pam_mysql.c.old Sun Sep 24 02:26:17 2000 ++++ pam_mysql.c Sun Sep 24 02:42:23 2000 @@ -14,7 +14,6 @@ #include #include @@ -8,106 +8,56 @@ #include #include -@@ -79,7 +78,6 @@ - - int db_connect (MYSQL * auth_sql_server); - void db_close( void ); --static void _pam_log (int err, const char *format,...); - int askForPassword(pam_handle_t *pamh); - - void db_close ( void ) -@@ -114,7 +112,7 @@ - } - if ( retvalue != PAM_SUCCESS ) - { -- _pam_log(LOG_INFO, "MySQL err %s\n", mysql_error(auth_sql_server)); -+ syslog(LOG_INFO, "MySQL err %s", mysql_error(auth_sql_server)); - } - - D (("returning.")); -@@ -149,13 +147,13 @@ - { - sprintf(sql, "%s and %s", sql, options.where); - } -- _pam_log(LOG_ERR,sql); -+ syslog(LOG_ERR,sql); - D ((sql)); - mysql_query (auth_sql_server, sql); - free (sql); - result = mysql_store_result (auth_sql_server); - if (!result) { -- _pam_log(LOG_ERR, mysql_error (auth_sql_server)); -+ syslog(LOG_ERR, mysql_error(auth_sql_server)); - D (("returning.")); - return PAM_AUTH_ERR; - } -@@ -191,17 +189,6 @@ - - /* Global PAM functions stolen from other modules */ - --static void _pam_log (int err, const char *format,...) --{ -- va_list args; -- -- va_start (args, format); -- openlog (PAM_MODULE_NAME, LOG_PID, LOG_AUTH); -- vsyslog (err, format, args); -- va_end (args); -- closelog (); --} -- - int converse(pam_handle_t *pamh, int nargs - , struct pam_message **message - , struct pam_response **response) -@@ -216,14 +203,12 @@ - , response, conv->appdata_ptr); - if ((retval != PAM_SUCCESS) && (retval != PAM_CONV_AGAIN)) - { -- _pam_log(LOG_DEBUG, "conversation failure [%s]" -- , pam_strerror(pamh, retval)); -+ syslog(LOG_DEBUG, "conversation failure [%s]", pam_strerror(pamh, retval)); - } - } - else - { -- _pam_log(LOG_ERR, "couldn't obtain coversation function [%s]" -- , pam_strerror(pamh, retval)); -+ syslog(LOG_ERR, "couldn't obtain coversation function [%s]", pam_strerror(pamh, retval)); - } - return retval; /* propagate error status */ - } -@@ -239,7 +224,7 @@ - prompt = malloc(strlen(PLEASE_ENTER_PASSWORD)); - if (prompt == NULL) - { -- _pam_log(LOG_ERR,"pam_mysql: askForPassword(), out of memory!?"); -+ syslog(LOG_ERR,"pam_mysql: askForPassword(), out of memory!?"); - return PAM_BUF_ERR; - } - else -@@ -251,7 +236,6 @@ - mesg[i] = &msg[i]; - - retval = converse(pamh, ++i, mesg, &resp); --/* _pam_log(LOG_ERR, "retval == %d\n", retval); */ - if (prompt) - { - _pam_overwrite(prompt); -@@ -361,7 +345,7 @@ - - retval = pam_get_user (pamh, &user, NULL); - if (retval != PAM_SUCCESS || user == NULL) { -- _pam_log (LOG_ERR, "no user specified"); -+ syslog(LOG_ERR, "no user specified"); - D (("returning.")); - return PAM_USER_UNKNOWN; - } -@@ -398,7 +382,7 @@ - ,const char **argv) - { - -- _pam_log (LOG_INFO, "acct_mgmt \n"); -+ syslog(LOG_INFO, "acct_mgmt \n"); - return PAM_SUCCESS; - } - +@@ -332,40 +331,40 @@ + } + strcpy (junk, argv[i]); + if ((strchr (junk, (int) '=') != NULL)) { +- strncpy (mybuf, strtok (junk, "="), 255); +- strncpy (myval, strtok (NULL, "="), 255); ++ strlcpy (mybuf, strtok (junk, "="), 255); ++ strlcpy (myval, strtok (NULL, "="), 255); + free (junk); + if (!strcasecmp ("host", mybuf)) { +- strncpy (options.host, myval, 255); ++ strlcpy (options.host, myval, 255); + D (("host changed.")); + } else if (!strcasecmp ("where", mybuf)) { + while ( (mj = strtok(NULL,"=")) != NULL ) + { +- strcat(myval, "="); +- strcat(myval, mj); ++ strlcat(myval, "=", 255); ++ strlcat(myval, mj, 255); + } +- strncpy (options.where, myval, 256); ++ strlcpy (options.where, myval, 256); + D (("where changed.")); + #ifdef DEBUG + syslog(LOG_ERR, "pam_mysql: where now is %s", options.where); + #endif + } else if (!strcasecmp ("db", mybuf)) { +- strncpy (options.database, myval, 16); ++ strlcpy (options.database, myval, 16); + D (("database changed.")); + } else if (!strcasecmp ("user", mybuf)) { +- strncpy (options.dbuser, myval, 16); ++ strlcpy (options.dbuser, myval, 16); + D (("dbuser changed.")); + } else if (!strcasecmp ("passwd", mybuf)) { +- strncpy (options.dbpasswd, myval, 16); ++ strlcpy (options.dbpasswd, myval, 16); + D (("dbpasswd changed.")); + } else if (!strcasecmp ("table", mybuf)) { +- strncpy (options.table, myval, 16); ++ strlcpy (options.table, myval, 16); + D (("table changed.")); + } else if (!strcasecmp ("usercolumn", mybuf)) { +- strncpy (options.usercolumn, myval, 16); ++ strlcpy (options.usercolumn, myval, 16); + D (("usercolumn changed.")); + } else if (!strcasecmp ("passwdcolumn", mybuf)) { +- strncpy (options.passwdcolumn, myval, 16); ++ strlcpy (options.passwdcolumn, myval, 16); + D (("passwdcolumn changed.")); + } else if (!strcasecmp ("crypt", mybuf)) { + if ((!strcmp (myval, "1")) || -- cgit v1.2.3