tell user how to make PAM work, copied from xscreensaver

in response to PR pkg/46271 by John D. Baker

4 files changed, 46 insertions, 2 deletions

diff --git a/x11/xlockmore/MESSAGE b/x11/xlockmore/MESSAGE
new file mode 100644
index 00000000000..89cffe636b7
--- /dev/null
+++ b/x11/xlockmore/MESSAGE
@@ -0,0 +1,18 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2012/03/28 20:21:46 drochner Exp $
+
+If xlockmore is built with the "pam" option:
+In order to make unlocking work, you need to add an
+xlock file to your pam configuration directory (usually
+/etc/pam.d).  You can find a sample file in:
+	${EGDIR}/pam.d/xlock-NetBSD
+On  NetBSD, the "pam_pwauth_suid.so" module can be used to authenticate
+against a shadow password database. Note that use of this module might
+allow programs with your privileges to get a copy of your plaintext
+password as typed in for unlocking. The advantage is that with that
+module, the suid bit of the
+	${PREFIX}/bin/xlock
+executable can be removed.
+Per default, xlockmore is installed setuid root. Since this is a
+relatively complex program, there is the risk of other exploits.
+===========================================================================
diff --git a/x11/xlockmore/Makefile.common b/x11/xlockmore/Makefile.common
index 5cc8416a1ff..daa70332e1c 100644
--- a/x11/xlockmore/Makefile.common
+++ b/x11/xlockmore/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.63 2012/03/11 03:22:09 markd Exp $
+# $NetBSD: Makefile.common,v 1.64 2012/03/28 20:21:46 drochner Exp $
 #
 # This Makefile.common is included by:
 #
@@ -22,6 +22,8 @@ CONFLICTS+=	xlockmore-[0-9]* xlockmore-lite-[0-9]*
 DISTINFO_FILE?=		${.CURDIR}/../xlockmore/distinfo
 PATCHDIR?=		${.CURDIR}/../xlockmore/patches
 PLIST_SRC?=		${.CURDIR}/../xlockmore/PLIST
+FILESDIR?=		${.CURDIR}/../xlockmore/files
+MESSAGE_SRC?=		${.CURDIR}/../xlockmore/MESSAGE
 
 PKG_DESTDIR_SUPPORT=	user-destdir
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
@@ -98,6 +100,10 @@ SPECIAL_PERMS+=	bin/xlock ${SETUID_ROOT_PERMS}
 SPECIAL_PERMS+=	bin/xlock ${REAL_ROOT_USER} shadow 2511
 .endif
 
+EGDIR=			${PREFIX}/share/examples/xlock
+MESSAGE_SUBST+=		EGDIR=${EGDIR:Q}
+INSTALLATION_DIRS+=	${EGDIR}/pam.d
+
 # XXX framework bug: while we don't need it, this would kill
 # the inherited full dependency
 #BUILDLINK_DEPMETHOD.libXt?=	build
@@ -137,3 +143,5 @@ post-install:
 	for file in *.au; do						\
 		${INSTALL_DATA} $$file ${DESTDIR}${XLOCK_SOUNDDIR};	\
 	done
+	${INSTALL_DATA} ${FILESDIR}/pam-xlock-NetBSD \
+	    ${DESTDIR}${EGDIR}/pam.d/xlock-NetBSD
diff --git a/x11/xlockmore/PLIST b/x11/xlockmore/PLIST
index 2c2e9282ff4..ba9b248d2b5 100644
--- a/x11/xlockmore/PLIST
+++ b/x11/xlockmore/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7 2009/06/14 18:25:17 joerg Exp $
+@comment $NetBSD: PLIST,v 1.8 2012/03/28 20:21:46 drochner Exp $
 ${LITE}bin/xglock
 bin/xlock
 lib/X11/app-defaults/XLock
@@ -7,4 +7,5 @@ lib/X11/xlock/sounds/identify-please.au
 lib/X11/xlock/sounds/not-programmed.au
 lib/X11/xlock/sounds/thank-you.au
 man/man1/xlock.1
+share/examples/xlock/pam.d/xlock-NetBSD
 ${LITE}share/xlock/xglockrc
diff --git a/x11/xlockmore/files/pam-xlock-NetBSD b/x11/xlockmore/files/pam-xlock-NetBSD
new file mode 100644
index 00000000000..ca110971447
--- /dev/null
+++ b/x11/xlockmore/files/pam-xlock-NetBSD
@@ -0,0 +1,17 @@
+# $NetBSD: pam-xlock-NetBSD,v 1.1 2012/03/28 20:21:46 drochner Exp $
+#
+# PAM configuration for the "xlock" service
+#
+
+# auth
+#auth		sufficient	pam_pwauth_suid.so
+auth		include		system
+
+# account
+account		include		system
+
+# session
+session		include		system
+
+# password
+password	include		system