Initial import of pam-mysql 0.5 from pkgsrc-wip, originally packaged

by David Ferlier with minor changes by me.

This is a module that allows people to login to PAM aware applications
by authenticating to a MySQL db. Now configurable in terms of which
host the database reside upon, which table and username and password
column to interrogate.

5 files changed, 141 insertions, 0 deletions

diff --git a/security/pam-mysql/DESCR b/security/pam-mysql/DESCR
new file mode 100644
index 00000000000..153667f6e8c
--- /dev/null
+++ b/security/pam-mysql/DESCR
@@ -0,0 +1,4 @@
+This is a module that allows people to login to PAM aware applications
+by authenticating to a MySQL db. Now configurable in terms of which
+host the database reside upon, which table and username and password
+column to interrogate.
diff --git a/security/pam-mysql/Makefile b/security/pam-mysql/Makefile
new file mode 100644
index 00000000000..e1ef9c88be1
--- /dev/null
+++ b/security/pam-mysql/Makefile
@@ -0,0 +1,32 @@
+# $NetBSD: Makefile,v 1.1.1.1 2005/05/05 20:16:42 xtraeme Exp $
+
+DISTNAME=	pam_mysql-0.5
+PKGNAME=	${DISTNAME:S/_/-/}
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=pam-mysql/}
+
+MAINTAINER=	tech-pkg@NetBSD.org
+HOMEPAGE=	http://pam-mysql.sourceforge.net/
+COMMENT=	PAM module for authenticating with MySQL
+
+WRKSRC=		${WRKDIR}/pam_mysql
+DOCDIR=		${PREFIX}/share/doc/pam-mysql
+
+do-build:
+	${CC} -fpic -DPIC -Wall -I${LOCALBASE}/include \
+		-c ${WRKSRC}/pam_mysql.c -o ${WRKSRC}/pam_mysql.o
+	${LD} -x --shared -o ${WRKSRC}/pam_mysql.so ${WRKSRC}/pam_mysql.o \
+		-lpam -lcrypt -L${LOCALBASE}/lib/mysql \
+		${COMPILER_RPATH_FLAG}${LOCALBASE}/lib/mysql -lmysqlclient \
+		-L${LOCALBASE}/lib ${COMPILER_RPATH_FLAG}${LOCALBASE}/lib
+
+do-install:
+	${INSTALL_LIB} ${WRKSRC}/pam_mysql.so ${PREFIX}/lib
+	${INSTALL_DATA_DIR} ${DOCDIR}
+	${INSTALL_DATA} ${WRKSRC}/Changelog ${DOCDIR}
+	${INSTALL_DATA} ${WRKSRC}/CREDITS ${DOCDIR}
+	${INSTALL_DATA} ${WRKSRC}/Readme ${DOCDIR}
+
+.include "../../mk/mysql.buildlink3.mk"
+.include "../../mk/pam.buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/pam-mysql/PLIST b/security/pam-mysql/PLIST
new file mode 100644
index 00000000000..a7c2ec3b1c5
--- /dev/null
+++ b/security/pam-mysql/PLIST
@@ -0,0 +1,6 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2005/05/05 20:16:42 xtraeme Exp $
+lib/pam_mysql.so
+share/doc/pam-mysql/CREDITS
+share/doc/pam-mysql/Changelog
+share/doc/pam-mysql/Readme
+@dirrm share/doc/pam-mysql
diff --git a/security/pam-mysql/distinfo b/security/pam-mysql/distinfo
new file mode 100644
index 00000000000..71ed4e3b134
--- /dev/null
+++ b/security/pam-mysql/distinfo
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1.1.1 2005/05/05 20:16:42 xtraeme Exp $
+
+SHA1 (pam_mysql-0.5.tar.gz) = 6e974a3ee78a968b0069c4abbd1d8602c145e177
+RMD160 (pam_mysql-0.5.tar.gz) = 788246f050ce0b531799af3e8d816248b974638f
+Size (pam_mysql-0.5.tar.gz) = 11587 bytes
+SHA1 (patch-aa) = 05300eb46da816015567195dc755f39522d1f5d8
diff --git a/security/pam-mysql/patches/patch-aa b/security/pam-mysql/patches/patch-aa
new file mode 100644
index 00000000000..49a87441465
--- /dev/null
+++ b/security/pam-mysql/patches/patch-aa
@@ -0,0 +1,93 @@
+$NetBSD: patch-aa,v 1.1.1.1 2005/05/05 20:16:42 xtraeme Exp $
+
+--- pam_mysql.c.orig	Sun Sep 15 10:28:58 2002
++++ pam_mysql.c	Thu Feb 13 14:58:21 2003
+@@ -23,6 +23,7 @@
+ #include <sys/socket.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
++#include <time.h>
+ 
+ 
+ /* AFAIK, only FreeBSD has MD5Data() defined in md5.h
+@@ -54,7 +55,53 @@
+ #define DEBUG 
+ 
+ #include <security/pam_modules.h>
++#ifdef _OPENPAM
++#include <security/pam_appl.h>
++#else
+ #include <security/pam_misc.h>
++#endif
++
++#ifdef _OPENPAM
++/* some macros not defined in OpenPAM */
++
++/* Good policy to strike out passwords with some characters not just
++   free the memory */
++
++#define _pam_overwrite(x)        \
++do {                             \
++     register char *__xx__;      \
++     if ((__xx__=(x)))           \
++          while (*__xx__)        \
++               *__xx__++ = '\0'; \
++} while (0)
++
++/*
++ * Don't just free it, forget it too.
++ */
++
++#define _pam_drop(X) \
++do {                 \
++    if (X) {         \
++        free(X);     \
++        X=NULL;      \
++    }                \
++} while (0)
++
++#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
++do {                                              \
++    int reply_i;                                  \
++                                                  \
++    for (reply_i=0; reply_i<replies; ++reply_i) { \
++	if (reply[reply_i].resp) {                \
++	    _pam_overwrite(reply[reply_i].resp);  \
++	    free(reply[reply_i].resp);            \
++	}                                         \
++    }                                             \
++    if (reply)                                    \
++	free(reply);                              \
++} while (0)
++
++#endif
+ 
+ struct optionstruct {
+ 	char host[257];
+@@ -620,7 +667,11 @@
+ 		retval = conv->conv(nargs,
+ 		                    (const struct pam_message **) message,
+ 		                    response, conv->appdata_ptr);
+-		if ((retval != PAM_SUCCESS) && (retval != PAM_CONV_AGAIN))
++		if ((retval != PAM_SUCCESS)
++#ifndef _OPENPAM
++			&& (retval != PAM_CONV_AGAIN)
++#endif
++		   )
+ 			syslog(LOG_DEBUG, "pam_mysql: conversation failure [%s]",
+ 			       pam_strerror(pamh, retval));
+ 	} else {
+@@ -827,8 +878,12 @@
+ 	if (retval != PAM_SUCCESS) {
+ 		if (resp != NULL)
+ 			_pam_drop_reply(resp,i);
++#ifndef _OPENPAM
+ 		return ((retval == PAM_CONV_AGAIN)
+ 		        ? PAM_INCOMPLETE : PAM_AUTHINFO_UNAVAIL);
++#else
++		return PAM_AUTHINFO_UNAVAIL;
++#endif
+ 	}
+ 
+ 	/* we have a password so set AUTHTOK
+