diff options
| author | Sergey Matveychuk <sem@FreeBSD.org> | 2005-08-18 19:38:29 +0000 |
|---|---|---|
| committer | Sergey Matveychuk <sem@FreeBSD.org> | 2005-08-18 19:38:29 +0000 |
| commit | e69c4117d841f445e20acd619b6421cabf368671 (patch) | |
| tree | 3bfc97c26576fe7107219ce6583337a513a0ca57 /security/pam-pgsql/files | |
| parent | This issue was researched by glebius, and this patch was (diff) | |
- Update to 0.6.1.
- Unbreak.
Approved by: portmgr (krion)
Notes
Notes:
svn path=/head/; revision=140920
Diffstat (limited to 'security/pam-pgsql/files')
| -rw-r--r-- | security/pam-pgsql/files/Makefile.bsd | 15 | ||||
| -rw-r--r-- | security/pam-pgsql/files/patch-Makefile.in | 11 | ||||
| -rw-r--r-- | security/pam-pgsql/files/patch-md5 | 97 | ||||
| -rw-r--r-- | security/pam-pgsql/files/patch-pam_get_pass.c | 97 | ||||
| -rw-r--r-- | security/pam-pgsql/files/patch-pam_pgsql.c | 299 |
5 files changed, 39 insertions, 480 deletions
diff --git a/security/pam-pgsql/files/Makefile.bsd b/security/pam-pgsql/files/Makefile.bsd deleted file mode 100644 index 410e5e0aef1a..000000000000 --- a/security/pam-pgsql/files/Makefile.bsd +++ /dev/null @@ -1,15 +0,0 @@ -# This makefile is inspired by those in /usr/src/lib/libpam/modules :-) - -.PATH: ${FILESDIR} - -SRCS= pam_pgsql.c pam_get_pass.c -SHLIB_NAME= pam_pgsql.so - -LDADD= -lpam -L${LOCALBASE}/lib -lpq -lmd -CFLAGS+= -Wall -D_GNU_SOURCE -I${LOCALBASE}/include \ - -I${LOCALBASE}/include/pgsql - -# Uncomment if you think, the lib should NOT go into /usr/lib directly: -# LIBDIR= ${LOCALBASE}/lib - -.include <bsd.lib.mk> diff --git a/security/pam-pgsql/files/patch-Makefile.in b/security/pam-pgsql/files/patch-Makefile.in new file mode 100644 index 000000000000..56b834bfafd1 --- /dev/null +++ b/security/pam-pgsql/files/patch-Makefile.in @@ -0,0 +1,11 @@ +--- Makefile.in.orig Wed May 25 21:02:56 2005 ++++ Makefile.in Thu Aug 18 21:30:07 2005 +@@ -9,7 +9,7 @@ + LDLIBS= ${LINK} -lpam -lpq @PAM_MISC_LD@ @MHASH_LD@ + INCLUDE= @PGSQL_INC@ @MHASH_INC@ + DEBUG= @DEBUG@ +-CFLAGS= -O2 -frename-registers -fstrict-aliasing -fPIC -DPIC -Wall -W -Wdisabled-optimization -Wredundant-decls -Wmissing-format-attribute -Wmissing-noreturn -D_GNU_SOURCE ${INCLUDE} ${DEBUG} ++CFLAGS= @CFLAGS@ -fPIC -DPIC -D_GNU_SOURCE ${INCLUDE} ${DEBUG} + + + all: ${LIBLIB} diff --git a/security/pam-pgsql/files/patch-md5 b/security/pam-pgsql/files/patch-md5 deleted file mode 100644 index 177c2696cd2b..000000000000 --- a/security/pam-pgsql/files/patch-md5 +++ /dev/null @@ -1,97 +0,0 @@ -This patch replaces calls to mhash library with direct calls into -lmd, -greatly simplifying things... - ---- pam_pgsql.c Wed Apr 18 16:47:57 2001 -+++ pam_pgsql.c Wed Jan 9 14:46:01 2002 -@@ -14,6 +14,7 @@ - #include <syslog.h> - #include <ctype.h> --#include <mhash.h> -+#include <sys/types.h> -+#include <unistd.h> -+#include <md5.h> - #include <time.h> - #include <libpq-fe.h> --#include <crypt.h> -@@ -336,32 +336,7 @@ - s = strdup(crypt(pass, crypt_make_salt())); - break; -- case PW_MD5: { -- char *buf; -- int buf_size; -- MHASH handle; -- unsigned char *hash; -- -- handle = mhash_init(MHASH_MD5); -- -- if(handle == MHASH_FAILED) { -- SYSLOG("could not initialize mhash library!"); -- } else { -- int i; -- -- mhash(handle, pass, strlen(pass)); -- hash = mhash_end(handle); -- -- buf_size = (mhash_get_block_size(MHASH_MD5) * 2)+1; -- buf = (char *)malloc(buf_size); -- bzero(buf, buf_size); -- -- for(i = 0; i < mhash_get_block_size(MHASH_MD5); i++) { -- /* should be safe */ -- sprintf(&buf[i * 2], "%.2x", hash[i]); -- } -- s = buf; -- } -- } -- break; -+ case PW_MD5: -+ s = MD5Data(pass, strlen(pass), NULL); -+ break; - case PW_CLEAR: - default: -@@ -416,34 +391,15 @@ - } - break; -- case PW_MD5: { -- char *buf; -- int buf_size; -- MHASH handle; -- unsigned char *hash; -- -- handle = mhash_init(MHASH_MD5); -- -- if(handle == MHASH_FAILED) { -- SYSLOG("could not initialize mhash library!"); -- } else { -- int i; -- -- mhash(handle, passwd, strlen(passwd)); -- hash = mhash_end(handle); -- -- buf_size = (mhash_get_block_size(MHASH_MD5) * 2)+1; -- buf = (char *)malloc(buf_size); -- bzero(buf, buf_size); -- -- for(i = 0; i < mhash_get_block_size(MHASH_MD5); i++) { -- sprintf(&buf[i * 2], "%.2x", hash[i]); -- } -- -- if(strcmp(buf, stored_pw) == 0) -- rc = PAM_SUCCESS; -- free(buf); -- } -- } -- break; -+ case PW_MD5: -+ if(strlen(stored_pw) != 32) { -+ SYSLOG("stored password has invalid length."); -+ } else { -+ char *hash; -+ hash = MD5Data(passwd, strlen(passwd), NULL); -+ if(strcmp(hash, stored_pw) == 0) -+ rc = PAM_SUCCESS; -+ free(hash); -+ } -+ break; - } - } diff --git a/security/pam-pgsql/files/patch-pam_get_pass.c b/security/pam-pgsql/files/patch-pam_get_pass.c index a98bf1b80eb6..103509d63314 100644 --- a/security/pam-pgsql/files/patch-pam_get_pass.c +++ b/security/pam-pgsql/files/patch-pam_get_pass.c @@ -1,86 +1,19 @@ ---- pam_get_pass.c.orig Mon Jan 14 17:45:55 2002 -+++ pam_get_pass.c Sat Nov 23 20:26:10 2002 -@@ -34,68 +34,5 @@ +--- pam_get_pass.c.orig Wed May 25 21:02:56 2005 ++++ pam_get_pass.c Thu Aug 18 21:25:11 2005 +@@ -34,7 +34,16 @@ #include <stdlib.h> + #include <string.h> #include <security/pam_modules.h> --#include "pam_mod_misc.h" -- --static int pam_conv_pass(pam_handle_t *, const char *, int); -- --static int --pam_conv_pass(pam_handle_t *pamh, const char *prompt, int options) --{ -- int retval; -- const void *item; -- const struct pam_conv *conv; -- struct pam_message msg; -- const struct pam_message *msgs[1]; -- struct pam_response *resp; -- -- if ((retval = pam_get_item(pamh, PAM_CONV, &item)) != -- PAM_SUCCESS) -- return retval; -- conv = (const struct pam_conv *)item; -- msg.msg_style = options & PAM_OPT_ECHO_PASS ? -- PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; -- msg.msg = prompt; -- msgs[0] = &msg; -- if ((retval = conv->conv(1, msgs, &resp, conv->appdata_ptr)) != -- PAM_SUCCESS) -- return retval; -- if ((retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp)) != -- PAM_SUCCESS) -- return retval; -- memset(resp[0].resp, 0, strlen(resp[0].resp)); -- free(resp[0].resp); -- free(resp); -- return PAM_SUCCESS; --} -- --int --pam_get_pass(pam_handle_t *pamh, const char **passp, const char *prompt, -- int options) --{ -- int retval; -- const void *item = NULL; -- -- /* -- * Grab the already-entered password if we might want to use it. -- */ -- if (options & (PAM_OPT_TRY_FIRST_PASS | PAM_OPT_USE_FIRST_PASS)) { -- if ((retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) != -- PAM_SUCCESS) -- return retval; -- } -- -- if (item == NULL) { -- /* The user hasn't entered a password yet. */ -- if (options & PAM_OPT_USE_FIRST_PASS) -- return PAM_AUTH_ERR; -- /* Use the conversation function to get a password. */ -- if ((retval = pam_conv_pass(pamh, prompt, options)) != -- PAM_SUCCESS || -- (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) != -- PAM_SUCCESS) -- return retval; -- } -- *passp = (const char *)item; -- return PAM_SUCCESS; --} -+#include <security/pam_mod_misc.h> - - int -@@ -125,8 +62,11 @@ - return retval; - -+#ifdef PAM_AUTHTOK_RECOVER_ERR -+#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR ++#include <security/pam_appl.h> + #include "pam_mod_misc.h" ++ ++#ifdef __FreeBSD__ ++#include <sys/param.h> ++#endif ++ ++#if (defined(__FreeBSD__) && __FreeBSD_version > 500000) ++#define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR +#endif - if(!resp) -- return PAM_AUTHTOK_RECOVER_ERR; -+ return PAM_AUTHTOK_RECOVERY_ERR; - if(strcmp(resp[0].resp, resp[1].resp) != 0) -- return PAM_AUTHTOK_RECOVER_ERR; -+ return PAM_AUTHTOK_RECOVERY_ERR; - retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp); + static int + pam_conv_pass(pam_handle_t *pamh, int pam_item, const char *prompt, int options) diff --git a/security/pam-pgsql/files/patch-pam_pgsql.c b/security/pam-pgsql/files/patch-pam_pgsql.c index a85c00f28617..72488a1cb003 100644 --- a/security/pam-pgsql/files/patch-pam_pgsql.c +++ b/security/pam-pgsql/files/patch-pam_pgsql.c @@ -1,287 +1,14 @@ ---- pam_pgsql.c.orig Tue Aug 13 18:31:40 2002 -+++ pam_pgsql.c Tue Aug 13 18:33:05 2002 -@@ -23,7 +23,7 @@ +--- pam_pgsql.c.orig Wed Aug 17 00:05:28 2005 ++++ pam_pgsql.c Wed Aug 17 00:06:51 2005 +@@ -17,10 +17,10 @@ + #include <time.h> + #include <sys/time.h> + #include <libpq-fe.h> +-#include <crypt.h> + #include <sys/types.h> + #include <unistd.h> + #include <netdb.h> ++#include <security/pam_appl.h> + + #define PAM_SM_AUTH #define PAM_SM_ACCOUNT - #define PAM_SM_PASSWORD - #include <security/pam_modules.h> --#include "pam_mod_misc.h" -+#include <security/pam_mod_misc.h> - - #define PASSWORD_PROMPT "Password: " - #define PASSWORD_PROMPT_NEW "New password: " -@@ -31,16 +31,15 @@ - #define CONF "/etc/pam_pgsql.conf" - - #define DBGLOG(x...) if(options->debug) { \ -- openlog("PAM_pgsql", LOG_PID, LOG_AUTH); \ - syslog(LOG_DEBUG, ##x); \ -- closelog(); \ - } - #define SYSLOG(x...) do { \ -- openlog("PAM_pgsql", LOG_PID, LOG_AUTH); \ - syslog(LOG_INFO, ##x); \ -- closelog(); \ - } while(0); - -+int pam_get_confirm_pass(pam_handle_t *, const char **, const char *, const char *, int); -+ -+ - typedef enum { - PW_CLEAR = 1, - PW_MD5, -@@ -61,32 +60,36 @@ - int debug; - }; - --/* private: parse and set the specified string option */ --static void --set_module_option(const char *option, struct module_options *options) --{ -- char *buf, *eq; -- char *val, *end; -- -- if(!option || !*option) -- return; -+enum { -+ PAM_DATABASE = PAM_OPT_STD_MAX, -+ PAM_TABLE, -+ PAM_DB_HOST, -+ PAM_DB_USER, -+ PAM_DB_PASSWORD, -+ PAM_USER_COLUMN, -+ PAM_PWD_COLUMN, -+ PAM_EXPIRED_COLUMN, -+ PAM_NEWTOK_COLUMN, -+ PAM_PW_TYPE -+}; - -- buf = strdup(option); -+static struct opttab other_options[] = { -+ {"database", PAM_DATABASE}, -+ {"table", PAM_TABLE}, -+ {"host", PAM_DB_HOST}, -+ {"user", PAM_DB_USER}, -+ {"password", PAM_DB_PASSWORD}, -+ {"user_column", PAM_USER_COLUMN}, -+ {"pwd_column", PAM_PWD_COLUMN}, -+ {"expired_column", PAM_EXPIRED_COLUMN}, -+ {"newtok_column", PAM_NEWTOK_COLUMN}, -+ {"pw_type", PAM_PW_TYPE}, -+ {NULL, 0} -+}; - -- if((eq = strchr(buf, '='))) { -- end = eq - 1; -- val = eq + 1; -- if(end <= buf || !*val) -- return; -- while(end > buf && isspace(*end)) -- end--; -- end++; -- *end = '\0'; -- while(*val && isspace(*val)) -- val++; -- } else { -- val = NULL; -- } -+/* set the specified string option */ -+static void -+set_option_val(struct module_options * options, const char * buf, char * val) { - - DBGLOG("setting option: %s=>%s\n", buf, val); - -@@ -118,17 +121,48 @@ - } else if(!strcmp(buf, "debug")) { - options->debug = 1; - } -+} -+ -+/* private: parse the specified string option */ -+static void -+set_module_option(const char *option, struct module_options *options) -+{ -+ char *buf, *eq; -+ char *val, *end; -+ -+ if(!option || !*option) -+ return; -+ -+ buf = strdup(option); -+ -+ if((eq = strchr(buf, '='))) { -+ end = eq - 1; -+ val = eq + 1; -+ if(end <= buf || !*val) -+ return; -+ while(end > buf && isspace(*end)) -+ end--; -+ end++; -+ *end = '\0'; -+ while(*val && isspace(*val)) -+ val++; -+ } else { -+ val = NULL; -+ } -+ -+ set_option_val(options, buf, val); - - free(buf); - } - - /* private: read module options from file or commandline */ - static int --get_module_options(int argc, const char **argv, struct module_options **options) -+get_module_options(int argc, const char **argv, struct module_options **options, struct options * pam_options) - { - int i, rc; - FILE *fp; - struct module_options *opts; -+ char *c; - - opts = (struct module_options *)malloc(sizeof *opts); - bzero(opts, sizeof(*opts)); -@@ -154,11 +188,11 @@ - fclose(fp); - } - -- for(i = 0; i < argc; i++) { -- if(pam_std_option(&rc, argv[i]) == 0) -- continue; -- set_module_option(argv[i], opts); -+ for(i = PAM_OPT_STD_MAX; i <= PAM_PW_TYPE; i++) { -+ if (pam_test_option(pam_options, i, &c)) -+ set_option_val(opts, other_options[i - PAM_OPT_STD_MAX].name, c); - } -+ - *options = opts; - - return rc; -@@ -257,7 +291,7 @@ - free(conn_str); - - if(PQstatus(conn) != CONNECTION_OK) { -- SYSLOG("PostgreSQL connection failed: '%s'", PQerrorMessage(conn)); -+ SYSLOG("PostgreSQL connection failed: '%s' '%s'", PQerrorMessage(conn), conn_str); - return NULL; - } - -@@ -412,7 +446,6 @@ - user_s = malloc(ulen); - - sqlescape(user, user_s, strlen(user)); --DBGLOG(user_s); - - DBGLOG("query: SELECT %s FROM %s WHERE %s='%s'", options->pwd_column, options->table, options->user_column, user); - if(pg_exec(options, conn, &res, "SELECT %s FROM %s WHERE %s='%s'", -@@ -463,13 +496,17 @@ - pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - struct module_options *options; -+ struct options pam_options; - const char *user, *password; - int rc, std_flags; - - if((rc = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) - return rc; - -- std_flags = get_module_options(argc, argv, &options); -+ pam_std_option(&pam_options, other_options, argc, argv); -+ -+ std_flags = get_module_options(argc, argv, &options, &pam_options); -+ - if(options_valid(options) != 0) { - free_module_options(options); - return PAM_AUTH_ERR; -@@ -477,18 +514,19 @@ - - DBGLOG("attempting to authenticate: %s", user); - -- if((rc = pam_get_pass(pamh, &password, PASSWORD_PROMPT, std_flags) -+ if((rc = pam_get_pass(pamh, &password, PASSWORD_PROMPT, &pam_options) - != PAM_SUCCESS)) { - free_module_options(options); - return rc; - } -+ DBGLOG("received : user: '%s', pass: '%s'", user, password); - - if((rc = auth_verify_password(user, password, options)) != PAM_SUCCESS) { - free_module_options(options); - return rc; - } - -- SYSLOG("(%s) user %s authenticated.", pam_get_service(pamh), user); -+ SYSLOG("user %s authenticated.", user); - free_module_options(options); - - return PAM_SUCCESS; -@@ -500,13 +538,16 @@ - const char **argv) - { - struct module_options *options; -+ struct options pam_options; - const char *user; - char *user_s; - int rc, ulen; - PGconn *conn; - PGresult *res; - -- get_module_options(argc, argv, &options); -+ pam_std_option(&pam_options, other_options, argc, argv); -+ -+ get_module_options(argc, argv, &options, &pam_options); - if(options_valid(options) != 0) { - free_module_options(options); - return PAM_AUTH_ERR; -@@ -590,13 +631,16 @@ - pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - struct module_options *options; -+ struct options pam_options; - int rc, std_flags, ulen; - const char *user, *pass, *newpass; - char *newpass_crypt, *user_s; - PGconn *conn; - PGresult *res; - -- std_flags = get_module_options(argc, argv, &options); -+ pam_std_option(&pam_options, other_options, argc, argv); -+ -+ std_flags = get_module_options(argc, argv, &options, &pam_options); - if(options_valid(options) != 0) { - free_module_options(options); - return PAM_AUTH_ERR; -@@ -614,7 +658,7 @@ - - if(flags & PAM_PRELIM_CHECK) { - /* at this point, this is the first time we get called */ -- if((rc = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, std_flags)) == PAM_SUCCESS) { -+ if((rc = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, &pam_options)) == PAM_SUCCESS) { - if((rc = auth_verify_password(user, pass, options)) == PAM_SUCCESS) { - rc = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *)pass); - if(rc != PAM_SUCCESS) { -@@ -640,7 +684,7 @@ - } - rc = auth_verify_password(user, pass, options); - if(rc != PAM_SUCCESS) { -- SYSLOG("(%s) user '%s' not authenticated.", pam_get_service(pamh), user); -+ SYSLOG("user '%s' not authenticated.", user); - free_module_options(options); - return rc; - } -@@ -698,7 +742,7 @@ - - free_module_options(options); - free(user_s); -- SYSLOG("(%s) password for '%s' was changed.", pam_get_service(pamh), user); -+ SYSLOG("password for '%s' was changed.", user); - return PAM_SUCCESS; - } - -@@ -707,4 +751,6 @@ - pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return PAM_SUCCESS; --} -+} -+ -+PAM_MODULE_ENTRY("pam_pgsql"); |