security/pam-mysql/files/patch-aa


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

--- pam_mysql.c.orig	Sun Sep 15 10:28:58 2002
+++ pam_mysql.c	Thu Feb 13 14:58:21 2003
@@ -23,6 +23,7 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <time.h>
 
 
 /* AFAIK, only FreeBSD has MD5Data() defined in md5.h
@@ -54,7 +55,53 @@
 #define DEBUG 
 
 #include <security/pam_modules.h>
+#ifdef _OPENPAM
+#include <security/pam_appl.h>
+#else
 #include <security/pam_misc.h>
+#endif
+
+#ifdef _OPENPAM
+/* some macros not defined in OpenPAM */
+
+/* Good policy to strike out passwords with some characters not just
+   free the memory */
+
+#define _pam_overwrite(x)        \
+do {                             \
+     register char *__xx__;      \
+     if ((__xx__=(x)))           \
+          while (*__xx__)        \
+               *__xx__++ = '\0'; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) \
+do {                 \
+    if (X) {         \
+        free(X);     \
+        X=NULL;      \
+    }                \
+} while (0)
+
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do {                                              \
+    int reply_i;                                  \
+                                                  \
+    for (reply_i=0; reply_i<replies; ++reply_i) { \
+	if (reply[reply_i].resp) {                \
+	    _pam_overwrite(reply[reply_i].resp);  \
+	    free(reply[reply_i].resp);            \
+	}                                         \
+    }                                             \
+    if (reply)                                    \
+	free(reply);                              \
+} while (0)
+
+#endif
 
 struct optionstruct {
 	char host[257];
@@ -620,7 +667,11 @@
 		retval = conv->conv(nargs,
 		                    (const struct pam_message **) message,
 		                    response, conv->appdata_ptr);
-		if ((retval != PAM_SUCCESS) && (retval != PAM_CONV_AGAIN))
+		if ((retval != PAM_SUCCESS)
+#ifndef _OPENPAM
+			&& (retval != PAM_CONV_AGAIN)
+#endif
+		   )
 			syslog(LOG_DEBUG, "pam_mysql: conversation failure [%s]",
 			       pam_strerror(pamh, retval));
 	} else {
@@ -827,8 +878,12 @@
 	if (retval != PAM_SUCCESS) {
 		if (resp != NULL)
 			_pam_drop_reply(resp,i);
+#ifndef _OPENPAM
 		return ((retval == PAM_CONV_AGAIN)
 		        ? PAM_INCOMPLETE : PAM_AUTHINFO_UNAVAIL);
+#else
+		return PAM_AUTHINFO_UNAVAIL;
+#endif
 	}
 
 	/* we have a password so set AUTHTOK