Oops,

author: Jacques Vidrine <nectar@FreeBSD.org> 2000-11-06 19:56:21 +0000
committer: Jacques Vidrine <nectar@FreeBSD.org> 2000-11-06 19:56:21 +0000
commit: 85af8c73f277f581d6ebdcd05bbf87d51067374c (patch)
tree: 22aace39a302410175f4609c9f822c7c5782cafd /security/pam_krb5
parent: Use the correct pthread.h when compiling liblgcc_r. Allow thread stacks (diff)
6 files changed, 399 insertions, 115 deletions
diff --git a/security/pam_krb5/files/patch-aa b/security/pam_krb5/files/patch-aa
index 879bc993df0b..f79c0814c905 100644
--- a/security/pam_krb5/files/patch-aa
+++ b/security/pam_krb5/files/patch-aa
@@ -1,6 +1,6 @@
 --- Makefile.orig	Tue Jan  4 19:08:51 2000
-+++ Makefile	Mon Nov  6 10:59:16 2000
-@@ -1,48 +1,51 @@
++++ Makefile	Mon Nov  6 13:44:54 2000
+@@ -1,46 +1,49 @@
  #
  # Makefile for pam_krb5
  #
@@ -68,22 +68,17 @@
 -	rm -f *.so.1 *.o
 +	rm -f *.so *.o
  
--pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h
-+pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h krb5compat.h
+ pam_krb5_auth.o: pam_krb5_auth.c pam_krb5.h
  	$(CC) -c $(CFLAGS) $(INC) $<
- 
- pam_krb5_pass.o: pam_krb5_pass.c pam_krb5.h
-@@ -54,6 +57,12 @@
- pam_krb5_sess.o: pam_krb5_sess.c pam_krb5.h
+@@ -55,5 +58,11 @@
  	$(CC) -c $(CFLAGS) $(INC) $<
  
--support.o: support.c pam_krb5.h
-+support.o: support.c pam_krb5.h krb5compat.h
+ support.o: support.c pam_krb5.h
 +	$(CC) -c $(CFLAGS) $(INC) $<
 +
-+compat_heimdal.o: compat_heimdal.c krb5compat.h
++compat_heimdal.o: compat_heimdal.c
 +	$(CC) -c $(CFLAGS) $(INC) $<
 +
-+compat_mit.o: compat_mit.c krb5compat.h
++compat_mit.o: compat_mit.c
  	$(CC) -c $(CFLAGS) $(INC) $<
  
diff --git a/security/pam_krb5/files/patch-ab b/security/pam_krb5/files/patch-ab
index 8e35ac8f6486..29f2cac50699 100644
--- a/security/pam_krb5/files/patch-ab
+++ b/security/pam_krb5/files/patch-ab
@@ -1,10 +1,23 @@
 --- pam_krb5.h.orig	Tue Jan  4 19:08:51 2000
-+++ pam_krb5.h	Mon Nov  6 10:21:49 2000
-@@ -6,6 +6,6 @@
++++ pam_krb5.h	Mon Nov  6 13:42:22 2000
+@@ -5,7 +5,18 @@
+  */
  
  int get_user_info(pam_handle_t *, char *, int, char **);
- krb5_error_code pam_prompter(krb5_context, void *, const char *,
+-krb5_error_code pam_prompter(krb5_context, void *, const char *,
 -			     const char *, int, krb5_prompt[]);
-+			     int, krb5_prompt[]);
  int verify_krb_v5_tgt(krb5_context, krb5_ccache, int);
  void cleanup_cache(pam_handle_t *, void *, int);
++
++krb5_prompter_fct pam_prompter;
++
++const char	*compat_princ_component(krb5_context, krb5_principal, int);
++void		 compat_free_data_contents(krb5_context, krb5_data *);
++krb5_error_code	 compat_cc_next_cred(krb5_context, const krb5_ccache, 
++				     krb5_cc_cursor *, krb5_creds *);
++
++#ifndef ENCTYPE_DES_CBC_MD5
++#define ENCTYPE_DES_CBC_MD5	ETYPE_DES_CBC_MD5
++#endif
++
++
diff --git a/security/pam_krb5/files/patch-ad b/security/pam_krb5/files/patch-ad
index ee2624929723..ee54cfe5b873 100644
--- a/security/pam_krb5/files/patch-ad
+++ b/security/pam_krb5/files/patch-ad
@@ -1,5 +1,5 @@
 --- pam_krb5_auth.c.orig	Tue Jan  4 19:08:51 2000
-+++ pam_krb5_auth.c	Mon Nov  6 10:46:08 2000
++++ pam_krb5_auth.c	Mon Nov  6 13:45:48 2000
 @@ -7,9 +7,11 @@
  
  static const char rcsid[] = "$Id: pam_krb5_auth.c,v 1.18 2000/01/04 08:44:08 fcusack Exp $";
@@ -12,17 +12,15 @@
  #include <strings.h>	/* strchr */
  #include <syslog.h>	/* syslog */
  #include <unistd.h>	/* chown */
-@@ -19,7 +21,9 @@
+@@ -19,6 +21,7 @@
  #include <security/pam_modules.h>
  
  #include <krb5.h>
 +#include <com_err.h>
  #include "pam_krb5.h"
-+#include "krb5compat.h"
  
  extern krb5_cc_ops krb5_mcc_ops;
- 
-@@ -42,7 +46,7 @@
+@@ -42,7 +45,7 @@
      krb5_get_init_creds_opt opts;
  
      int			pamret, i;
@@ -31,7 +29,7 @@
      char		*princ_name = NULL;
      char		*pass = NULL, *service = NULL;
      char		*prompt = NULL;
-@@ -74,13 +78,13 @@
+@@ -74,13 +77,13 @@
      }
  
      /* Get service name */
@@ -47,7 +45,7 @@
  	DLOG("krb5_init_context()", error_message(krbret));
  	return PAM_SERVICE_ERR;
      }
-@@ -93,7 +97,7 @@
+@@ -93,7 +96,7 @@
  	krb5_get_init_creds_opt_set_forwardable(&opts, 1);
  
      /* For CNS */
@@ -56,7 +54,7 @@
  	/* Solaris dtlogin doesn't call pam_end() on failure */
  	if (krbret != KRB5_CC_TYPE_EXISTS) {
  	    DLOG("krb5_cc_register()", error_message(krbret));
-@@ -103,14 +107,14 @@
+@@ -103,14 +106,14 @@
      }
  
      /* Get principal name */
@@ -73,7 +71,7 @@
  	DLOG("krb5_unparse_name()", error_message(krbret));
  	pamret = PAM_SERVICE_ERR;
  	goto cleanup2;
-@@ -126,18 +130,19 @@
+@@ -126,18 +129,19 @@
      (void) sprintf(prompt, "Password for %s: ", princ_name);
  
      if (try_first_pass || use_first_pass)
@@ -96,7 +94,7 @@
  	    DLOG("pam_set_item()", pam_strerror(pamh, pamret));
  	    free(pass);
  	    pamret = PAM_SERVICE_ERR;
-@@ -145,25 +150,26 @@
+@@ -145,25 +149,26 @@
  	}
  	free(pass);
  	/* Now we get it back from the library. */
@@ -128,7 +126,7 @@
  	    DLOG("pam_get_item()", pam_strerror(pamh, pamret));
  	    pamret = PAM_SERVICE_ERR;
  	    goto cleanup2;
-@@ -177,9 +183,8 @@
+@@ -177,9 +182,8 @@
      }
  
      /* Get a TGT */
@@ -140,7 +138,7 @@
  	DLOG("krb5_get_init_creds_password()", error_message(krbret));
  	if (try_first_pass && krbret == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
  	    pass = NULL;
-@@ -193,17 +198,17 @@
+@@ -193,17 +197,17 @@
      strcpy(cache_name, "MEMORY:");
      (void) tmpnam(&cache_name[7]);
  
@@ -161,7 +159,7 @@
  	DLOG("krb5_cc_store_cred()", error_message(krbret));
  	(void) krb5_cc_destroy(pam_context, ccache);
  	pamret = PAM_SERVICE_ERR;
-@@ -224,7 +229,7 @@
+@@ -224,7 +228,7 @@
  	pamret = PAM_AUTH_ERR;
  	goto cleanup;
      }
@@ -170,7 +168,7 @@
  	DLOG("pam_set_data()", pam_strerror(pamh, pamret));
  	(void) krb5_cc_destroy(pam_context, ccache);
  	pamret = PAM_SERVICE_ERR;
-@@ -288,22 +293,22 @@
+@@ -288,22 +292,22 @@
  	else if (strcmp(argv[i], "no_ccache") == 0)
  	    return PAM_SUCCESS;
  	else if (strstr(argv[i], "ccache=") == argv[i])
@@ -197,7 +195,7 @@
  	DLOG("krb5_init_context()", error_message(krbret));
  	return PAM_SERVICE_ERR;
      }
-@@ -311,7 +316,8 @@
+@@ -311,7 +315,8 @@
      euid = geteuid(); /* Usually 0 */
  
      /* Retrieve the cache name */
@@ -207,7 +205,7 @@
  	DLOG("pam_get_data()", pam_strerror(pamh, pamret));
  	pamret = PAM_CRED_UNAVAIL;
  	goto cleanup3;
-@@ -340,7 +346,7 @@
+@@ -340,7 +345,7 @@
  	    pamret = PAM_BUF_ERR;
  	    goto cleanup3;
  	}
@@ -216,7 +214,7 @@
      } else {
  	/* cache_name was supplied */
  	char *p = calloc(PATH_MAX + 10, 1); /* should be plenty */
-@@ -357,10 +363,10 @@
+@@ -357,10 +362,10 @@
  	    if (*q == '%') {
  		q++;
  		if (*q == 'u') {
@@ -229,7 +227,7 @@
  		    p += strlen(p);
  		} else {
  		    /* Not a special token */
-@@ -375,24 +381,27 @@
+@@ -375,24 +380,27 @@
      }
  
      /* Initialize the new ccache */
@@ -261,7 +259,7 @@
  	DLOG("krb5_cc_start_seq_get()", error_message(krbret));
  	(void) krb5_cc_destroy(pam_context, ccache_perm);
  	pamret = PAM_SERVICE_ERR;
-@@ -400,9 +409,10 @@
+@@ -400,9 +408,10 @@
      }
  
      /* Copy the creds (should be two of them) */
@@ -275,7 +273,7 @@
  	    DLOG("krb5_cc_store_cred()", error_message(krbret));
  	    (void) krb5_cc_destroy(pam_context, ccache_perm);
  	    krb5_free_cred_contents(pam_context, &creds);
-@@ -432,7 +442,7 @@
+@@ -432,7 +441,7 @@
      }
  
      sprintf(cache_env_name, "KRB5CCNAME=%s", cache_name);
diff --git a/security/pam_krb5/files/patch-af b/security/pam_krb5/files/patch-af
index dd164e81bddd..26167b15def5 100644
--- a/security/pam_krb5/files/patch-af
+++ b/security/pam_krb5/files/patch-af
@@ -1,6 +1,6 @@
 --- support.c.orig	Tue Jan  4 19:08:51 2000
-+++ support.c	Mon Nov  6 11:55:47 2000
-@@ -6,12 +6,17 @@
++++ support.c	Mon Nov  6 13:36:39 2000
+@@ -6,11 +6,15 @@
  
  static const char rcsid[] = "$Id: support.c,v 1.8 2000/01/04 09:50:03 fcusack Exp $";
  
@@ -14,11 +14,9 @@
  #include <krb5.h>
 +#include <com_err.h>
  #include "pam_krb5.h"
-+#include "krb5compat.h"
  
  /*
-  * Get info from the user. Disallow null responses (regardless of flags).
-@@ -22,11 +27,12 @@
+@@ -22,11 +26,12 @@
  get_user_info(pam_handle_t *pamh, char *prompt, int type, char **response)
  {
      int pamret;
@@ -33,7 +31,7 @@
  	return pamret;
  
      /* set up conversation call */
-@@ -34,7 +40,7 @@
+@@ -34,7 +39,7 @@
      msg.msg_style = type;
      msg.msg = prompt;
  
@@ -42,35 +40,39 @@
  	return pamret;
  
      /* Caller should ignore errors for non-response conversations */
-@@ -53,8 +59,8 @@
+@@ -51,124 +56,6 @@
+     return pamret;
+ }
  
- 
- krb5_error_code
+-
+-krb5_error_code
 -pam_prompter(krb5_context context, void *data, const char *name,
 -	     const char *banner, int num_prompts, krb5_prompt prompts[])
-+pam_prompter(krb5_context context, void *data, const char *banner, int 
-+  num_prompts, krb5_prompt prompts[])
- {
-     int		pam_prompts = num_prompts;
-     int		pamret, i;
-@@ -64,12 +70,9 @@
-     struct pam_conv	*conv;
-     pam_handle_t	*pamh = (pam_handle_t *) data;
- 
+-{
+-    int		pam_prompts = num_prompts;
+-    int		pamret, i;
+-
+-    struct pam_message	*msg;
+-    struct pam_response	*resp = NULL;
+-    struct pam_conv	*conv;
+-    pam_handle_t	*pamh = (pam_handle_t *) data;
+-
 -    if (pamret = pam_get_item(pamh, PAM_CONV, (void **) &conv))
-+    if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
- 	return KRB5KRB_ERR_GENERIC;
- 
+-	return KRB5KRB_ERR_GENERIC;
+-
 -    if (name)
 -	pam_prompts++;
 -
-     if (banner)
- 	pam_prompts++;
- 
-@@ -80,21 +83,11 @@
-     /* Now use pam_prompts as an index */
-     pam_prompts = 0;
- 
+-    if (banner)
+-	pam_prompts++;
+-
+-    msg = calloc(sizeof(struct pam_message) * pam_prompts, 1);
+-    if (!msg)
+-	return ENOMEM;
+-
+-    /* Now use pam_prompts as an index */
+-    pam_prompts = 0;
+-
 -    /* Sigh. malloc all the prompts. */
 -    if (name) {
 -	msg[pam_prompts].msg = malloc(strlen(name) + 1);
@@ -81,51 +83,89 @@
 -	pam_prompts++;
 -    }
 -
-     if (banner) {
- 	msg[pam_prompts].msg = malloc(strlen(banner) + 1);
- 	if (!msg[pam_prompts].msg)
- 	    goto cleanup;
+-    if (banner) {
+-	msg[pam_prompts].msg = malloc(strlen(banner) + 1);
+-	if (!msg[pam_prompts].msg)
+-	    goto cleanup;
 -	strcpy(msg[pam_prompts].msg, banner);
-+	strcpy((char *) msg[pam_prompts].msg, banner);
- 	msg[pam_prompts].msg_style = PAM_TEXT_INFO;
- 	pam_prompts++;
-     }
-@@ -103,13 +96,14 @@
- 	msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
- 	if (!msg[pam_prompts].msg)
- 	    goto cleanup;
+-	msg[pam_prompts].msg_style = PAM_TEXT_INFO;
+-	pam_prompts++;
+-    }
+-
+-    for (i = 0; i < num_prompts; i++) {
+-	msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
+-	if (!msg[pam_prompts].msg)
+-	    goto cleanup;
 -	sprintf(msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
-+	sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
- 	msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
- 						       : PAM_PROMPT_ECHO_ON;
- 	pam_prompts++;
-     }
- 
+-	msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
+-						       : PAM_PROMPT_ECHO_ON;
+-	pam_prompts++;
+-    }
+-
 -    if (pamret = conv->conv(pam_prompts, &msg, &resp, conv->appdata_ptr))
-+    if ((pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg, 
-+      &resp, conv->appdata_ptr)) != 0) 
- 	goto cleanup;
- 
-     if (!resp)
-@@ -117,8 +111,6 @@
- 
-     /* Reuse pam_prompts as a starting index */
-     pam_prompts = 0;
+-	goto cleanup;
+-
+-    if (!resp)
+-	goto cleanup;
+-
+-    /* Reuse pam_prompts as a starting index */
+-    pam_prompts = 0;
 -    if (name)
 -	pam_prompts++;
-     if (banner)
- 	pam_prompts++;
- 
-@@ -142,7 +134,7 @@
- 
-     for (i = 0; i < pam_prompts; i++) {
- 	if (msg[i].msg)
+-    if (banner)
+-	pam_prompts++;
+-
+-    for (i = 0; i < num_prompts; i++, pam_prompts++) {
+-	register int len;
+-	if (!resp[pam_prompts].resp) {
+-	    pamret = PAM_AUTH_ERR;
+-	    goto cleanup;
+-	}
+-	len = strlen(resp[pam_prompts].resp); /* Help out the compiler */
+-	if (len > prompts[i].reply->length) {
+-	    pamret = PAM_AUTH_ERR;
+-	    goto cleanup;
+-	}
+-	memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len);
+-	prompts[i].reply->length = len;
+-    }
+-
+-cleanup:
+-    /* pam_prompts is correct at this point */
+-
+-    for (i = 0; i < pam_prompts; i++) {
+-	if (msg[i].msg)
 -	    free(msg[i].msg);
-+	    free((char *) msg[i].msg);
-     }
-     free(msg);
- 
-@@ -189,8 +181,6 @@
+-    }
+-    free(msg);
+-
+-    if (resp) {
+-	for (i = 0; i < pam_prompts; i++) {
+-	    /*
+-	     * Note that PAM is underspecified wrt free()'ing resp[i].resp.
+-	     * It's not clear if I should free it, or if the application
+-	     * has to. Therefore most (all?) apps won't free() it, and I
+-	     * can't either, as I am not sure it was malloc()'d. All PAM
+-	     * implementations I've seen leak memory here. Not so bad, IFF
+-	     * you fork/exec for each PAM authentication (as is typical).
+-	     */
+-#if 0
+-	    if (resp[i].resp)
+-		free(resp[i].resp);
+-#endif /* 0 */
+-	}
+-	/* This does not lose resp[i].resp if the application saved a copy. */
+-	free(resp);
+-    }
+-
+-    return (pamret ? KRB5KRB_ERR_GENERIC : 0);
+-}
+-
+-
+ /*
+  * This routine with some modification is from the MIT V5B6 appl/bsd/login.c
+  *
+@@ -189,8 +76,6 @@
      krb5_keyblock *	keyblock = 0;
      krb5_data		packet;
      krb5_auth_context	auth_context = NULL;
@@ -134,7 +174,7 @@
  
      packet.data = 0;
  
-@@ -198,8 +188,8 @@
+@@ -198,8 +83,8 @@
       * Get the server principal for the local host.
       * (Use defaults of "host" and canonicalized local name.)
       */
@@ -145,7 +185,7 @@
  	if (debug)
  	    syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s",
  		   "krb5_sname_to_principal()", error_message(retval));
-@@ -207,7 +197,7 @@
+@@ -207,7 +92,7 @@
      }
  
      /* Extract the name directly. */
@@ -154,7 +194,7 @@
      phost[BUFSIZ - 1] = '\0';
  
      /*
-@@ -215,8 +205,8 @@
+@@ -215,8 +100,8 @@
       * (use default/configured keytab, kvno IGNORE_VNO to get the
       * first match, and enctype is currently ignored anyhow.)
       */
@@ -165,7 +205,7 @@
  	/* Keytab or service key does not exist */
  	if (debug)
  	    syslog(LOG_DEBUG, "pam_krb5: verify_krb_v5_tgt(): %s: %s",
-@@ -256,7 +246,7 @@
+@@ -256,7 +141,7 @@
  
  cleanup:
      if (packet.data)
diff --git a/security/pam_krb5/files/patch-ah b/security/pam_krb5/files/patch-ah
index 8f62854e32d5..480089da1745 100644
--- a/security/pam_krb5/files/patch-ah
+++ b/security/pam_krb5/files/patch-ah
@@ -1,8 +1,15 @@
---- compat_heimdal.c.orig	Mon Nov  6 10:21:49 2000
-+++ compat_heimdal.c	Mon Nov  6 10:48:37 2000
-@@ -0,0 +1,21 @@
+--- compat_heimdal.c.orig	Mon Nov  6 13:27:02 2000
++++ compat_heimdal.c	Mon Nov  6 13:43:10 2000
+@@ -0,0 +1,133 @@
++#include <errno.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
 +#include <krb5.h>
-+#include "krb5compat.h"
++#include <security/pam_appl.h>
++#include <security/pam_modules.h>
++#include "pam_krb5.h"
 +
 +const char *
 +compat_princ_component(krb5_context context, krb5_principal princ, int n)
@@ -22,3 +29,108 @@
 +{
 +	return krb5_cc_next_cred(context, id, creds, cursor);
 +}
++
++
++static krb5_error_code
++heimdal_pam_prompter(krb5_context context, void *data, const char *banner, int 
++  num_prompts, krb5_prompt prompts[])
++{
++    int		pam_prompts = num_prompts;
++    int		pamret, i;
++
++    struct pam_message	*msg;
++    struct pam_response	*resp = NULL;
++    struct pam_conv	*conv;
++    pam_handle_t	*pamh = (pam_handle_t *) data;
++
++    if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
++	return KRB5KRB_ERR_GENERIC;
++
++    if (banner)
++	pam_prompts++;
++
++    msg = calloc(sizeof(struct pam_message) * pam_prompts, 1);
++    if (!msg)
++	return ENOMEM;
++
++    /* Now use pam_prompts as an index */
++    pam_prompts = 0;
++
++    if (banner) {
++	msg[pam_prompts].msg = malloc(strlen(banner) + 1);
++	if (!msg[pam_prompts].msg)
++	    goto cleanup;
++	strcpy((char *) msg[pam_prompts].msg, banner);
++	msg[pam_prompts].msg_style = PAM_TEXT_INFO;
++	pam_prompts++;
++    }
++
++    for (i = 0; i < num_prompts; i++) {
++	msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
++	if (!msg[pam_prompts].msg)
++	    goto cleanup;
++	sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
++	msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
++						       : PAM_PROMPT_ECHO_ON;
++	pam_prompts++;
++    }
++
++    if ((pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg, 
++      &resp, conv->appdata_ptr)) != 0) 
++	goto cleanup;
++
++    if (!resp)
++	goto cleanup;
++
++    /* Reuse pam_prompts as a starting index */
++    pam_prompts = 0;
++    if (banner)
++	pam_prompts++;
++
++    for (i = 0; i < num_prompts; i++, pam_prompts++) {
++	register int len;
++	if (!resp[pam_prompts].resp) {
++	    pamret = PAM_AUTH_ERR;
++	    goto cleanup;
++	}
++	len = strlen(resp[pam_prompts].resp); /* Help out the compiler */
++	if (len > prompts[i].reply->length) {
++	    pamret = PAM_AUTH_ERR;
++	    goto cleanup;
++	}
++	memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len);
++	prompts[i].reply->length = len;
++    }
++
++cleanup:
++    /* pam_prompts is correct at this point */
++
++    for (i = 0; i < pam_prompts; i++) {
++	if (msg[i].msg)
++	    free((char *) msg[i].msg);
++    }
++    free(msg);
++
++    if (resp) {
++	for (i = 0; i < pam_prompts; i++) {
++	    /*
++	     * Note that PAM is underspecified wrt free()'ing resp[i].resp.
++	     * It's not clear if I should free it, or if the application
++	     * has to. Therefore most (all?) apps won't free() it, and I
++	     * can't either, as I am not sure it was malloc()'d. All PAM
++	     * implementations I've seen leak memory here. Not so bad, IFF
++	     * you fork/exec for each PAM authentication (as is typical).
++	     */
++#if 0
++	    if (resp[i].resp)
++		free(resp[i].resp);
++#endif /* 0 */
++	}
++	/* This does not lose resp[i].resp if the application saved a copy. */
++	free(resp);
++    }
++
++    return (pamret ? KRB5KRB_ERR_GENERIC : 0);
++}
++
++krb5_prompter_fct pam_prompter = heimdal_pam_prompter;
diff --git a/security/pam_krb5/files/patch-ai b/security/pam_krb5/files/patch-ai
index df90dd56633e..879febd2c8f3 100644
--- a/security/pam_krb5/files/patch-ai
+++ b/security/pam_krb5/files/patch-ai
@@ -1,8 +1,15 @@
---- compat_mit.c.orig	Mon Nov  6 10:21:49 2000
-+++ compat_mit.c	Mon Nov  6 10:49:14 2000
-@@ -0,0 +1,21 @@
+--- compat_mit.c.orig	Mon Nov  6 13:48:30 2000
++++ compat_mit.c	Mon Nov  6 13:52:48 2000
+@@ -0,0 +1,147 @@
++#include <errno.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++
 +#include <krb5.h>
-+#include "krb5compat.h"
++#include <security/pam_appl.h>
++#include <security/pam_modules.h>
++#include "pam_krb5.h"
 +
 +const char *
 +compat_princ_component(krb5_context context, krb5_principal princ, int n)
@@ -22,3 +29,122 @@
 +{
 +	return krb5_cc_next_cred(context, id, cursor, creds);
 +}
++
++static krb5_error_code
++mit_pam_prompter(krb5_context context, void *data, const char *name,
++	     const char *banner, int num_prompts, krb5_prompt prompts[])
++{
++    int		pam_prompts = num_prompts;
++    int		pamret, i;
++
++    struct pam_message	*msg;
++    struct pam_response	*resp = NULL;
++    struct pam_conv	*conv;
++    pam_handle_t	*pamh = (pam_handle_t *) data;
++
++    if ((pamret = pam_get_item(pamh, PAM_CONV, (const void **) &conv)) != 0)
++	return KRB5KRB_ERR_GENERIC;
++
++    if (name)
++	pam_prompts++;
++
++    if (banner)
++	pam_prompts++;
++
++    msg = calloc(sizeof(struct pam_message) * pam_prompts, 1);
++    if (!msg)
++	return ENOMEM;
++
++    /* Now use pam_prompts as an index */
++    pam_prompts = 0;
++
++    /* Sigh. malloc all the prompts. */
++    if (name) {
++	msg[pam_prompts].msg = malloc(strlen(name) + 1);
++	if (!msg[pam_prompts].msg)
++	    goto cleanup;
++	strcpy((char *) msg[pam_prompts].msg, name);
++	msg[pam_prompts].msg_style = PAM_TEXT_INFO;
++	pam_prompts++;
++    }
++
++    if (banner) {
++	msg[pam_prompts].msg = malloc(strlen(banner) + 1);
++	if (!msg[pam_prompts].msg)
++	    goto cleanup;
++	strcpy((char *) msg[pam_prompts].msg, banner);
++	msg[pam_prompts].msg_style = PAM_TEXT_INFO;
++	pam_prompts++;
++    }
++
++    for (i = 0; i < num_prompts; i++) {
++	msg[pam_prompts].msg = malloc(strlen(prompts[i].prompt) + 3);
++	if (!msg[pam_prompts].msg)
++	    goto cleanup;
++	sprintf((char *) msg[pam_prompts].msg, "%s: ", prompts[i].prompt);
++	msg[pam_prompts].msg_style = prompts[i].hidden ? PAM_PROMPT_ECHO_OFF
++						       : PAM_PROMPT_ECHO_ON;
++	pam_prompts++;
++    }
++
++    if ((pamret = conv->conv(pam_prompts, (const struct pam_message **) &msg, 
++      &resp, conv->appdata_ptr)) != 0)
++	goto cleanup;
++
++    if (!resp)
++	goto cleanup;
++
++    /* Reuse pam_prompts as a starting index */
++    pam_prompts = 0;
++    if (name)
++	pam_prompts++;
++    if (banner)
++	pam_prompts++;
++
++    for (i = 0; i < num_prompts; i++, pam_prompts++) {
++	register int len;
++	if (!resp[pam_prompts].resp) {
++	    pamret = PAM_AUTH_ERR;
++	    goto cleanup;
++	}
++	len = strlen(resp[pam_prompts].resp); /* Help out the compiler */
++	if (len > prompts[i].reply->length) {
++	    pamret = PAM_AUTH_ERR;
++	    goto cleanup;
++	}
++	memcpy(prompts[i].reply->data, resp[pam_prompts].resp, len);
++	prompts[i].reply->length = len;
++    }
++
++cleanup:
++    /* pam_prompts is correct at this point */
++
++    for (i = 0; i < pam_prompts; i++) {
++	if (msg[i].msg)
++	    free((char *) msg[i].msg);
++    }
++    free(msg);
++
++    if (resp) {
++	for (i = 0; i < pam_prompts; i++) {
++	    /*
++	     * Note that PAM is underspecified wrt free()'ing resp[i].resp.
++	     * It's not clear if I should free it, or if the application
++	     * has to. Therefore most (all?) apps won't free() it, and I
++	     * can't either, as I am not sure it was malloc()'d. All PAM
++	     * implementations I've seen leak memory here. Not so bad, IFF
++	     * you fork/exec for each PAM authentication (as is typical).
++	     */
++#if 0
++	    if (resp[i].resp)
++		free(resp[i].resp);
++#endif /* 0 */
++	}
++	/* This does not lose resp[i].resp if the application saved a copy. */
++	free(resp);
++    }
++
++    return (pamret ? KRB5KRB_ERR_GENERIC : 0);
++}
++
++krb5_prompter_fct pam_prompter = mit_pam_prompter;
author	Jacques Vidrine <nectar@FreeBSD.org>	2000-11-06 19:56:21 +0000
committer	Jacques Vidrine <nectar@FreeBSD.org>	2000-11-06 19:56:21 +0000
commit	85af8c73f277f581d6ebdcd05bbf87d51067374c (patch)
tree	22aace39a302410175f4609c9f822c7c5782cafd /security/pam_krb5
parent	Use the correct pthread.h when compiling liblgcc_r. Allow thread stacks (diff)