The code to verify user and password provided in

daemon/verify-{crypt,shadow}.c prints out the user name in various
places, where daemon/verify-pam.c code does not. Get out of sync with
the login dialog, and you'll have your password logged.

Adapt patches from the gdm 2.20 branch for
(1) not logging the user name in any syslog error messages
(2) not localizing the log messages.

Fixes PR 31417.

3 files changed, 203 insertions, 1 deletions

diff --git a/x11/gdm/distinfo b/x11/gdm/distinfo
index d7afa14a6ab..4c8a0dee066 100644
--- a/x11/gdm/distinfo
+++ b/x11/gdm/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.50 2007/08/09 19:39:16 drochner Exp $
+$NetBSD: distinfo,v 1.51 2007/10/11 09:36:06 hauke Exp $
 
 SHA1 (gdm-2.18.4.tar.bz2) = 8bf2c8745d7c38f5f08641abed4ca103cad0ecb8
 RMD160 (gdm-2.18.4.tar.bz2) = 4922af1321f707279c1eb6354d1c56cc39bce20e
@@ -9,3 +9,5 @@ SHA1 (patch-ac) = 69b3539e50af0b32207b9ffeb7cb01645c9ece3c
 SHA1 (patch-ae) = c95265b55c968a0466e1ae50bbe58c121f05b027
 SHA1 (patch-ak) = e3eaf2dfa1e393f9808d22fe4384710a46a83afc
 SHA1 (patch-al) = 3b66dd3f4cdea6a3af5cbd0ff65eb02ccdead483
+SHA1 (patch-am) = 12db3ab28d530096d03575a92c5493d6149c39ed
+SHA1 (patch-an) = 45a9d4a8b5c8fa6014664525ae3e27fe3ad15208
diff --git a/x11/gdm/patches/patch-am b/x11/gdm/patches/patch-am
new file mode 100644
index 00000000000..80d4cb263cb
--- /dev/null
+++ b/x11/gdm/patches/patch-am
@@ -0,0 +1,100 @@
+$NetBSD: patch-am,v 1.3 2007/10/11 09:35:11 hauke Exp $
+
+--- daemon/verify-shadow.c.orig	2007-07-30 22:06:56.000000000 +0200
++++ daemon/verify-shadow.c
+@@ -199,7 +199,7 @@ authenticate_again:
+ 
+     if (pwent == NULL) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -213,7 +213,7 @@ authenticate_again:
+     if (ppasswd == NULL || (ppasswd[0] != '\0' &&
+ 			    strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -226,7 +226,7 @@ authenticate_again:
+     if ( ( ! gdm_get_value_bool (GDM_KEY_ALLOW_ROOT)||
+ 	  ( ! gdm_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! local) ) &&
+ 	pwent->pw_uid == 0) {
+-	    gdm_error (_("Root login disallowed on display '%s'"), display);
++	    gdm_error ("Root login disallowed on display '%s'", display);
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("The system administrator "
+ 					    "is not allowed to login "
+@@ -244,7 +244,7 @@ authenticate_again:
+     /* Check with the 'loginrestrictions' function
+        if the user has been disallowed */
+     if (loginrestrictions (login, 0, NULL, &message) != 0) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -268,7 +268,7 @@ authenticate_again:
+ 	(strcmp (pwent->pw_shell, "/sbin/nologin") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/true") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/false") == 0)) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -293,7 +293,7 @@ authenticate_again:
+     }
+ 
+     if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-	    gdm_error (_("Cannot set user group for %s"), login);
++	    gdm_error ("Cannot set user group");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nCannot set your user group; "
+ 					    "you will not be able to log in. "
+@@ -306,7 +306,7 @@ authenticate_again:
+ 
+     switch (passwdexpired (login, &info_msg)) {
+     case 1 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("You are required to change your password.\n"
+ 			     "Please choose a new one."));
+@@ -380,7 +380,7 @@ authenticate_again:
+ 	    break;
+ 
+     case 2 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("Your password has expired.\n"
+ 			     "Only a system administrator can now change it"));
+@@ -389,7 +389,7 @@ authenticate_again:
+ 	    break;    
+ 
+     case -1 :
+-	    gdm_error (_("Internal error on passwdexpired"));
++	    gdm_error ("Internal error on passwdexpired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("An internal error occurred. You will not be able to log in.\n"
+ 			     "Please try again later or contact your system administrator."));
+@@ -426,12 +426,12 @@ gdm_verify_setup_user (GdmDisplay *d, co
+ 
+ 	pwent = getpwnam (login);
+ 	if (pwent == NULL) {
+-		gdm_error (_("Cannot get passwd structure for %s"), login);
++		gdm_error ("Cannot get passwd structure for user");
+ 		return FALSE;
+ 	}
+ 
+ 	if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-		gdm_error (_("Cannot set user group for %s"), login);
++		gdm_error ("Cannot set user group");
+ 		gdm_error_box (d,
+ 			       GTK_MESSAGE_ERROR,
+ 			       _("\nCannot set your user group; "
diff --git a/x11/gdm/patches/patch-an b/x11/gdm/patches/patch-an
new file mode 100644
index 00000000000..19655b8f9ec
--- /dev/null
+++ b/x11/gdm/patches/patch-an
@@ -0,0 +1,100 @@
+$NetBSD: patch-an,v 1.1 2007/10/11 09:35:11 hauke Exp $
+
+--- daemon/verify-crypt.c.orig	2007-07-30 22:06:56.000000000 +0200
++++ daemon/verify-crypt.c
+@@ -178,7 +178,7 @@ authenticate_again:
+ 
+     if (pwent == NULL) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -192,7 +192,7 @@ authenticate_again:
+     if (ppasswd == NULL || (ppasswd[0] != '\0' &&
+ 			    strcmp (crypt (passwd, ppasswd), ppasswd) != 0)) {
+ 	    gdm_sleep_no_signal (gdm_get_value_int (GDM_KEY_RETRY_DELAY));
+-	    gdm_error (_("Couldn't authenticate user \"%s\""), login);
++	    gdm_error ("Couldn't authenticate user");
+ 
+ 	    print_cant_auth_errbox ();
+ 
+@@ -205,7 +205,7 @@ authenticate_again:
+     if ( ( ! gdm_get_value_bool (GDM_KEY_ALLOW_ROOT)||
+ 	  ( ! gdm_get_value_bool (GDM_KEY_ALLOW_REMOTE_ROOT) && ! local) ) &&
+ 	pwent->pw_uid == 0) {
+-	    gdm_error (_("Root login disallowed on display '%s'"), display);
++	    gdm_error ("Root login disallowed on display '%s'", display);
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("The system administrator "
+ 					    "is not allowed to login "
+@@ -223,7 +223,7 @@ authenticate_again:
+     /* Check with the 'loginrestrictions' function
+        if the user has been disallowed */
+     if (loginrestrictions (login, 0, NULL, &message) != 0) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -247,7 +247,7 @@ authenticate_again:
+ 	(strcmp (pwent->pw_shell, "/sbin/nologin") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/true") == 0 ||
+ 	 strcmp (pwent->pw_shell, "/bin/false") == 0)) {
+-	    gdm_error (_("User %s not allowed to log in"), login);
++	    gdm_error ("User not allowed to log in");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nThe system administrator "
+ 					    "has disabled your "
+@@ -272,7 +272,7 @@ authenticate_again:
+     }
+ 
+     if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-	    gdm_error (_("Cannot set user group for %s"), login);
++	    gdm_error ("Cannot set user group");
+ 	    gdm_slave_greeter_ctl_no_ret (GDM_ERRBOX,
+ 					  _("\nCannot set your user group; "
+ 					    "you will not be able to log in. "
+@@ -285,7 +285,7 @@ authenticate_again:
+ 
+     switch (passwdexpired (login, &info_msg)) {
+     case 1 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("You are required to change your password.\n"
+ 			     "Please choose a new one."));
+@@ -358,7 +358,7 @@ authenticate_again:
+ 	    break;
+ 
+     case 2 :
+-	    gdm_error (_("Password of %s has expired"), login);
++	    gdm_error ("User password has expired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("Your password has expired.\n"
+ 			     "Only a system administrator can now change it"));
+@@ -367,7 +367,7 @@ authenticate_again:
+ 	    break;    
+ 
+     case -1 :
+-	    gdm_error (_("Internal error on passwdexpired"));
++	    gdm_error ("Internal error on passwdexpired");
+ 	    gdm_error_box (d, GTK_MESSAGE_ERROR,
+ 			   _("An internal error occurred. You will not be able to log in.\n"
+ 			     "Please try again later or contact your system administrator."));
+@@ -405,12 +405,12 @@ gdm_verify_setup_user (GdmDisplay *d,
+ 
+ 	pwent = getpwnam (login);
+ 	if (pwent == NULL) {
+-		gdm_error (_("Cannot get passwd structure for %s"), login);
++		gdm_error ("Cannot get passwd structure for %s", login);
+ 		return FALSE;
+ 	}
+ 
+ 	if ( ! gdm_setup_gids (login, pwent->pw_gid)) {
+-		gdm_error (_("Cannot set user group for %s"), login);
++		gdm_error ("Cannot set user group");
+ 		gdm_error_box (d,
+ 			       GTK_MESSAGE_ERROR,
+ 			       _("\nCannot set your user group; "