diff options
30 files changed, 877 insertions, 748 deletions
diff --git a/doc/CHANGES b/doc/CHANGES index d584f8e2af1..ee37f95c0e1 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -1,4 +1,4 @@ -$NetBSD: CHANGES,v 1.887 2002/12/23 20:42:42 wiz Exp $ +$NetBSD: CHANGES,v 1.888 2002/12/23 21:24:32 jlam Exp $ Changes to the packages collection and infrastructure in 2002: @@ -4075,3 +4075,4 @@ Changes to the packages collection and infrastructure in 2002: Updated createbuildlink to 2.3 [wiz 2002-12-23] Updated m4 to 1.4nb1 [wiz 2002-12-23] Updated gmake to 3.80nb1 [wiz 2002-12-23] + Updated PAM to 0.77 [jlam 2002-12-23] diff --git a/security/PAM/Makefile b/security/PAM/Makefile index 0e1ceb41828..199e4b0389a 100644 --- a/security/PAM/Makefile +++ b/security/PAM/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.11 2002/08/25 18:39:48 jlam Exp $ +# $NetBSD: Makefile,v 1.12 2002/12/23 21:23:56 jlam Exp $ # DISTNAME= Linux-${PKGNAME} -PKGNAME= PAM-0.75 +PKGNAME= PAM-0.77 CATEGORIES= security MASTER_SITES= http://www.kernel.org/pub/linux/libs/pam/pre/library/ \ ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/ @@ -13,20 +13,29 @@ COMMENT= Pluggable Authentication Modules USE_BUILDLINK2= yes USE_GMAKE= yes +USE_DB185= yes GNU_CONFIGURE= yes +CONFIGURE_ARGS+= --enable-docdir=${PREFIX}/share/doc/PAM CONFIGURE_ARGS+= --enable-includedir=${PREFIX}/include +CONFIGURE_ARGS+= --enable-mandir=${PREFIX}/man CONFIGURE_ARGS+= --enable-sconfigdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --enable-static-libpam +CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2TXT=no +CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2HTML=no +CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2LATEX=no +CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2PS=no +CONFIGURE_ENV+= ac_cv_prog_HAVE_PS2PDF=no -CFLAGS+= -DHAVE_UTMP_H=1 -CFLAGS+= -fPIC +.include "../../mk/bsd.prefs.mk" + +.if !empty(OPSYS:M*BSD) +CFLAGS+= -DUSE_GETLOGIN=1 +.endif MAKE_FLAGS+= OS_CFLAGS="${CFLAGS}" PKG_SYSCONFSUBDIR?= pam EGDIR= ${PREFIX}/share/examples/${PKGBASE} -DOCDIR= ${PREFIX}/share/doc/${PKGBASE} -HTMLDIR= ${PREFIX}/share/doc/html/${PKGBASE} CFILES= access.conf pam_env.conf group.conf time.conf CONF_FILES= ${EGDIR}/pam.conf ${PKG_SYSCONFBASE}/pam.conf @@ -34,12 +43,6 @@ CONF_FILES= ${EGDIR}/pam.conf ${PKG_SYSCONFBASE}/pam.conf CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} .endfor -post-extract: - cd ${WRKSRC}/doc; \ - if [ -f ${DISTNAME}-docs.tar.gz ]; then \ - ${GZCAT} ${DISTNAME}-docs.tar.gz | ${GTAR} -xf -; \ - fi - post-install: ${INSTALL_DATA_DIR} ${EGDIR} ${INSTALL_DATA} ${WRKSRC}/conf/pam.conf ${EGDIR} @@ -49,14 +52,8 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/modules/pam_group/group.conf ${EGDIR} ${INSTALL_DATA} ${WRKSRC}/modules/pam_time/time.conf ${EGDIR} ${INSTALL_DATA_DIR} ${DOCDIR} - cd ${WRKSRC}/doc; for file in modules/*.sgml; do \ - ${INSTALL_DATA} $${file} ${DOCDIR}; \ - done - ${INSTALL_DATA_DIR} ${HTMLDIR} - cd ${WRKSRC}/doc; for file in html/*.html; do \ - ${INSTALL_DATA} $${file} ${HTMLDIR}; \ - done +.include "../../databases/db/buildlink2.mk" .include "../../security/libcrack/buildlink2.mk" .include "../../mk/bsd.pkg.install.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/PAM/PLIST b/security/PAM/PLIST index 932787e26db..8dbde7a8ca5 100644 --- a/security/PAM/PLIST +++ b/security/PAM/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.3 2002/01/29 21:08:48 jlam Exp $ +@comment $NetBSD: PLIST,v 1.4 2002/12/23 21:23:57 jlam Exp $ include/security/_pam_aconf.h include/security/_pam_compat.h include/security/_pam_macros.h @@ -11,20 +11,22 @@ include/security/pam_modules.h lib/libpam.a lib/libpam.so lib/libpam.so.0 -lib/libpam.so.0.75 +lib/libpam.so.0.77 lib/libpam_misc.a lib/libpam_misc.so lib/libpam_misc.so.0 -lib/libpam_misc.so.0.75 +lib/libpam_misc.so.0.77 lib/libpamc.a lib/libpamc.so lib/libpamc.so.0 -lib/libpamc.so.0.75 +lib/libpamc.so.0.77 lib/security/pam_access.so lib/security/pam_cracklib.so +lib/security/pam_debug.so lib/security/pam_deny.so lib/security/pam_env.so lib/security/pam_filter.so +lib/security/pam_filter/upperLOWER lib/security/pam_ftp.so lib/security/pam_group.so lib/security/pam_issue.so @@ -55,94 +57,23 @@ man/man3/pam_chauthtok.3 man/man3/pam_close_session.3 man/man3/pam_end.3 man/man3/pam_fail_delay.3 +man/man3/pam_get_item.3 man/man3/pam_open_session.3 +man/man3/pam_set_item.3 man/man3/pam_setcred.3 man/man3/pam_start.3 man/man3/pam_strerror.3 man/man8/pam.8 man/man8/pam.conf.8 man/man8/pam.d.8 -sbin/pam_filter/upperLOWER +sbin/pam_tally sbin/unix_chkpwd -share/doc/${PKGBASE}/pam_access.sgml -share/doc/${PKGBASE}/pam_chroot.sgml -share/doc/${PKGBASE}/pam_cracklib.sgml -share/doc/${PKGBASE}/pam_deny.sgml -share/doc/${PKGBASE}/pam_env.sgml -share/doc/${PKGBASE}/pam_filter.sgml -share/doc/${PKGBASE}/pam_ftp.sgml -share/doc/${PKGBASE}/pam_group.sgml -share/doc/${PKGBASE}/pam_issue.sgml -share/doc/${PKGBASE}/pam_krb4.sgml -share/doc/${PKGBASE}/pam_lastlog.sgml -share/doc/${PKGBASE}/pam_limits.sgml -share/doc/${PKGBASE}/pam_listfile.sgml -share/doc/${PKGBASE}/pam_mail.sgml -share/doc/${PKGBASE}/pam_mkhomedir.sgml -share/doc/${PKGBASE}/pam_motd.sgml -share/doc/${PKGBASE}/pam_nologin.sgml -share/doc/${PKGBASE}/pam_permit.sgml -share/doc/${PKGBASE}/pam_pwdb.sgml -share/doc/${PKGBASE}/pam_radius.sgml -share/doc/${PKGBASE}/pam_rhosts.sgml -share/doc/${PKGBASE}/pam_rootok.sgml -share/doc/${PKGBASE}/pam_securetty.sgml -share/doc/${PKGBASE}/pam_tally.sgml -share/doc/${PKGBASE}/pam_time.sgml -share/doc/${PKGBASE}/pam_unix.sgml -share/doc/${PKGBASE}/pam_userdb.sgml -share/doc/${PKGBASE}/pam_warn.sgml -share/doc/${PKGBASE}/pam_wheel.sgml -share/doc/html/${PKGBASE}/index.html -share/doc/html/${PKGBASE}/pam-1.html -share/doc/html/${PKGBASE}/pam-10.html -share/doc/html/${PKGBASE}/pam-11.html -share/doc/html/${PKGBASE}/pam-12.html -share/doc/html/${PKGBASE}/pam-2.html -share/doc/html/${PKGBASE}/pam-3.html -share/doc/html/${PKGBASE}/pam-4.html -share/doc/html/${PKGBASE}/pam-5.html -share/doc/html/${PKGBASE}/pam-6.html -share/doc/html/${PKGBASE}/pam-7.html -share/doc/html/${PKGBASE}/pam-8.html -share/doc/html/${PKGBASE}/pam-9.html -share/doc/html/${PKGBASE}/pam.html -share/doc/html/${PKGBASE}/pam_appl-1.html -share/doc/html/${PKGBASE}/pam_appl-10.html -share/doc/html/${PKGBASE}/pam_appl-11.html -share/doc/html/${PKGBASE}/pam_appl-12.html -share/doc/html/${PKGBASE}/pam_appl-13.html -share/doc/html/${PKGBASE}/pam_appl-14.html -share/doc/html/${PKGBASE}/pam_appl-2.html -share/doc/html/${PKGBASE}/pam_appl-3.html -share/doc/html/${PKGBASE}/pam_appl-4.html -share/doc/html/${PKGBASE}/pam_appl-5.html -share/doc/html/${PKGBASE}/pam_appl-6.html -share/doc/html/${PKGBASE}/pam_appl-7.html -share/doc/html/${PKGBASE}/pam_appl-8.html -share/doc/html/${PKGBASE}/pam_appl-9.html -share/doc/html/${PKGBASE}/pam_appl.html -share/doc/html/${PKGBASE}/pam_modules-1.html -share/doc/html/${PKGBASE}/pam_modules-10.html -share/doc/html/${PKGBASE}/pam_modules-11.html -share/doc/html/${PKGBASE}/pam_modules-12.html -share/doc/html/${PKGBASE}/pam_modules-2.html -share/doc/html/${PKGBASE}/pam_modules-3.html -share/doc/html/${PKGBASE}/pam_modules-4.html -share/doc/html/${PKGBASE}/pam_modules-5.html -share/doc/html/${PKGBASE}/pam_modules-6.html -share/doc/html/${PKGBASE}/pam_modules-7.html -share/doc/html/${PKGBASE}/pam_modules-8.html -share/doc/html/${PKGBASE}/pam_modules-9.html -share/doc/html/${PKGBASE}/pam_modules.html share/examples/${PKGBASE}/access.conf share/examples/${PKGBASE}/group.conf share/examples/${PKGBASE}/pam.conf share/examples/${PKGBASE}/pam_env.conf share/examples/${PKGBASE}/time.conf @dirrm share/examples/${PKGBASE} -@dirrm share/doc/html/${PKGBASE} -@dirrm share/doc/${PKGBASE} -@dirrm sbin/pam_filter +@dirrm lib/security/pam_filter @dirrm lib/security @dirrm include/security diff --git a/security/PAM/distinfo b/security/PAM/distinfo index 0d9601e2c70..3d05cf91a79 100644 --- a/security/PAM/distinfo +++ b/security/PAM/distinfo @@ -1,23 +1,23 @@ -$NetBSD: distinfo,v 1.4 2002/01/29 17:10:10 jlam Exp $ +$NetBSD: distinfo,v 1.5 2002/12/23 21:23:57 jlam Exp $ -SHA1 (Linux-PAM-0.75.tar.gz) = 5151e9f91e69c199988d1397a90d07b0c459896b -Size (Linux-PAM-0.75.tar.gz) = 874549 bytes -SHA1 (patch-aa) = 6d10ac69ffead0d4d78adb58081920d68922034a -SHA1 (patch-ac) = a1816f6d42fdd168c6e689a976cc4d27f72c3d32 -SHA1 (patch-aj) = cd8f889540d8d8794c7ea7d1e252d984509a9ad0 -SHA1 (patch-al) = 3a49be8ca4dcf47e2ba78107455d59c6cfa34889 -SHA1 (patch-an) = fdb8337a06abdfaf020639dec95df68b2a59496a -SHA1 (patch-ao) = c1fcc3ae3a8d9239dd06a5cf30f5bb52743770de -SHA1 (patch-ap) = 150bb938c25150a3913520401ec29b6797ede7e8 -SHA1 (patch-ar) = 1f904ee50c7710bd599ee4bed60a8eb5aa90986a -SHA1 (patch-au) = f339c50f765f8f86a00a6403e276719b035d7745 -SHA1 (patch-av) = d6b89d9d6c434c48fe54e556d150c7ff9ac7288c -SHA1 (patch-aw) = b4ee852cc4c13b668b5a613668f91c3a6a95b450 -SHA1 (patch-az) = b0caa87c0aeb131c941eeb6a994042ea7742afa4 -SHA1 (patch-ba) = c4dbd3af959222c990f3cd23af2861ec7f3b0701 -SHA1 (patch-bb) = 68e2149c0f1f8186199bfc3690feeb0e3394036c -SHA1 (patch-bc) = bcb321fa850b17ff7a7dc179c029ab33811cfe56 -SHA1 (patch-bd) = c42a7c8cc3a06648d07e0d1fa5a369e9a8224a75 -SHA1 (patch-be) = 80a993a93e1d786bc3c297227c128de084eba746 -SHA1 (patch-bf) = a5846710b69f36a02b585727abd7ecb22ecc9c81 -SHA1 (patch-bg) = 7f78998a103c344682c8f1d889162a4e219145c1 +SHA1 (Linux-PAM-0.77.tar.gz) = 58dff29aec3c0b6a9e9b53af6fb643056ce0f304 +Size (Linux-PAM-0.77.tar.gz) = 442569 bytes +SHA1 (patch-aa) = 99f4889c24ff71a9e40e0e913d6071b78a326877 +SHA1 (patch-ab) = c0257ace9538c4cf623a476e602eac30d42301d6 +SHA1 (patch-ac) = 9153b5aa54c68dc07deb6325a9ea03dbc28e1624 +SHA1 (patch-ad) = b3713e7150ecfa5dce47680b03c455317f1596de +SHA1 (patch-ae) = 7e42fcd8f1d3f621e6a3ff8ea46093a221eb2c6a +SHA1 (patch-af) = 966d42796a99d38dfa9bbdefb3daf7c48122fc88 +SHA1 (patch-ag) = f7673f80592466e1cdeb22645a620aaa3602903d +SHA1 (patch-ah) = 30e13e82faa3b8978e28725b7c8cd8577aab8beb +SHA1 (patch-ai) = 950c9e949c72eaf904452d8afefc0f994101e5a8 +SHA1 (patch-aj) = d47bc58c3dc810497290d6ec4a3646380b5fa4d7 +SHA1 (patch-ak) = 491aa837ee756269d57d642aeba999d1f8cc8187 +SHA1 (patch-al) = 29c9ca136655d49d739d3c4dc664af9f0b1a5fa8 +SHA1 (patch-am) = 9cf69342d0c6665ff6d9eebec35d6c3898854c8a +SHA1 (patch-an) = 46e85fc6db95eda99ed664e7d4282a49d95437c4 +SHA1 (patch-ao) = da8c42c2afa2c66fee4e8f453970d1a4b3a0f285 +SHA1 (patch-ap) = 0a923b67a909dde6f72129b0c853088f9d48bd91 +SHA1 (patch-aq) = 91587c5b9c6587221708247decb0e82f665ae2bf +SHA1 (patch-ar) = b7428fcc1f561892510acce57fc91e0dafb044fc +SHA1 (patch-as) = e4fdfef53c097985c2aa8ff8225fed1caa812c10 diff --git a/security/PAM/patches/patch-aa b/security/PAM/patches/patch-aa index d5ae2bb418f..dba0b5acc73 100644 --- a/security/PAM/patches/patch-aa +++ b/security/PAM/patches/patch-aa @@ -1,29 +1,21 @@ -$NetBSD: patch-aa,v 1.3 2002/01/29 17:10:10 jlam Exp $ +$NetBSD: patch-aa,v 1.4 2002/12/23 21:23:58 jlam Exp $ ---- Makefile.orig Sat Jan 20 17:29:47 2001 -+++ Makefile -@@ -58,20 +58,20 @@ - install: _pam_aconf.h prep - $(MKDIR) $(FAKEROOT)$(INCLUDED) - $(INSTALL) -m 444 security/_pam_aconf.h $(FAKEROOT)$(INCLUDED) -- for x in $(THINGSTOMAKE) ; do make -C $$x install ; done -+ for x in $(THINGSTOMAKE) ; do $(MAKE) -C $$x install ; done +--- _pam_aconf.h.in.orig Sun Nov 25 22:04:46 2001 ++++ _pam_aconf.h.in +@@ -28,6 +28,16 @@ + # include <features.h> + #endif /* HAVE_FEATURES_H */ - remove: - rm -f $(FAKEROOT)$(INCLUDED)/_pam_aconf.h -- for x in $(THINGSTOMAKE) ; do make -C $$x remove ; done -+ for x in $(THINGSTOMAKE) ; do $(MAKE) -C $$x remove ; done ++/* we have <utmp.h> */ ++#undef HAVE_UTMP_H ++ ++/* we have <termios.h> */ ++#undef HAVE_TERMIOS_H ++ ++/* we have Linux shadow passwords */ ++#undef HAVE_SHADOW_H ++#undef HAVE_GETSPNAM ++ + /* we have libcrack available */ + #undef HAVE_LIBCRACK - release: -- @if [ ! -f Make.Rules ]; then echo make Make.Rules first ; exit 1; fi -+ @if [ ! -f Make.Rules ]; then echo $(MAKE) Make.Rules first ; exit 1; fi - @if [ ! -L ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) ]; then \ - echo generating ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) link ; \ - ln -sf $(DISTNAME) ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) ; \ - echo to ../$(DISTNAME) . ; fi - @diff ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/Make.Rules Make.Rules -- make distclean -+ $(MAKE) distclean - cd .. ; tar zvfc $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL).tar.gz \ - --exclude CVS --exclude .cvsignore --exclude '.#*' \ - $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/* diff --git a/security/PAM/patches/patch-ab b/security/PAM/patches/patch-ab new file mode 100644 index 00000000000..c622a83c854 --- /dev/null +++ b/security/PAM/patches/patch-ab @@ -0,0 +1,55 @@ +$NetBSD: patch-ab,v 1.3 2002/12/23 21:23:58 jlam Exp $ + +--- configure.in.orig Tue Jul 9 02:17:13 2002 ++++ configure.in +@@ -199,7 +199,7 @@ AC_CHECK_LIB(crack, FascistCheck, HAVE_L + HAVE_LIBCRACK=no) + AC_SUBST(HAVE_LIBCRACK) + +-AC_CHECK_LIB(crypt, fcrypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT), ++AC_CHECK_LIB(crypt, crypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT), + HAVE_LIBCRYPT=no) + AC_SUBST(HAVE_LIBCRYPT) + AC_CHECK_LIB(util, logwtmp, HAVE_LIBUTIL=yes ; AC_DEFINE(HAVE_LIBUTIL), +@@ -240,6 +240,13 @@ AC_CHECK_HEADERS(fcntl.h limits.h malloc + dnl Linux wants features.h in some of the source files. + AC_CHECK_HEADERS(features.h) + ++dnl For module/pam_filter ++AC_CHECK_HEADERS(termios.h) ++ ++dnl For module/pam_unix ++AC_CHECK_HEADERS(shadow.h) ++AC_CHECK_FUNCS(getspnam) ++ + dnl For module/pam_cracklib + AC_CHECK_HEADERS(crypt.h) + +@@ -257,7 +264,7 @@ dnl being found. + + dnl Look for cracklib dictionary + AC_MSG_CHECKING(path to cracklib dictionary) +-DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \ ++DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \ + /usr/local/lib /usr/local/share/lib" + DICT_FILE_CANDIDATES="pw_dict cracklib_dict" + CRACKLIB_DICTPATH="" +@@ -305,6 +312,18 @@ if test "$GCC" = yes; then + case $OS in + linux) + OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic" ++ LD_D="gcc -shared -Xlinker -x" ++ WARNINGS="$GCC_WARNINGS" ++ PIC="-fPIC" ++ DYNTYPE=so ++ LD=ld ++ LD_L="$LD -x -shared" ++ RANLIB=ranlib ++ STRIP=strip ++ CC_STATIC="-Xlinker -export-dynamic" ++ ;; ++ netbsd) ++ OS_CFLAGS="" + LD_D="gcc -shared -Xlinker -x" + WARNINGS="$GCC_WARNINGS" + PIC="-fPIC" diff --git a/security/PAM/patches/patch-ac b/security/PAM/patches/patch-ac index f90b376e9cc..ec194130fc6 100644 --- a/security/PAM/patches/patch-ac +++ b/security/PAM/patches/patch-ac @@ -1,13 +1,222 @@ -$NetBSD: patch-ac,v 1.2 2002/01/29 17:10:10 jlam Exp $ +$NetBSD: patch-ac,v 1.3 2002/12/23 21:23:58 jlam Exp $ ---- modules/pam_access/Makefile.orig Mon Jan 28 17:28:23 2002 -+++ modules/pam_access/Makefile -@@ -14,8 +14,4 @@ - DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" - CFLAGS += $(DEFS) - --MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" --MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) --MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age -- - include ../Simple.Rules +--- configure.orig Tue Jul 9 02:17:13 2002 ++++ configure +@@ -1507,9 +1507,9 @@ fi + + + +-echo $ac_n "checking for fcrypt in -lcrypt""... $ac_c" 1>&6 +-echo "configure:1512: checking for fcrypt in -lcrypt" >&5 +-ac_lib_var=`echo crypt'_'fcrypt | sed 'y%./+-%__p_%'` ++echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 ++echo "configure:1512: checking for crypt in -lcrypt" >&5 ++ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1521,10 +1521,10 @@ cat > conftest.$ac_ext <<EOF + /* Override any gcc2 internal prototype to avoid an error. */ + /* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +-char fcrypt(); ++char crypt(); + + int main() { +-fcrypt() ++crypt() + ; return 0; } + EOF + if { (eval echo configure:1531: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +@@ -2312,7 +2312,7 @@ fi + done + + +-for ac_hdr in crypt.h ++for ac_hdr in termios.h + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +@@ -2353,7 +2353,7 @@ fi + done + + +-for ac_hdr in ndbm.h db.h ++for ac_hdr in shadow.h + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +@@ -2393,6 +2393,143 @@ else + fi + done + ++for ac_func in getspnam ++do ++echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 ++echo "configure:2400: checking for $ac_func" >&5 ++if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ cat > conftest.$ac_ext <<EOF ++#line 2405 "configure" ++#include "confdefs.h" ++/* System header to define __stub macros and hopefully few prototypes, ++ which can conflict with char $ac_func(); below. */ ++#include <assert.h> ++/* Override any gcc2 internal prototype to avoid an error. */ ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char $ac_func(); ++ ++int main() { ++ ++/* The GNU C library defines this for functions which it implements ++ to always fail with ENOSYS. Some functions are actually named ++ something starting with __ and the normal name is an alias. */ ++#if defined (__stub_$ac_func) || defined (__stub___$ac_func) ++choke me ++#else ++$ac_func(); ++#endif ++ ++; return 0; } ++EOF ++if { (eval echo configure:2428: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ eval "ac_cv_func_$ac_func=yes" ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_func_$ac_func=no" ++fi ++rm -f conftest* ++fi ++ ++if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` ++ cat >> confdefs.h <<EOF ++#define $ac_tr_func 1 ++EOF ++ ++else ++ echo "$ac_t""no" 1>&6 ++fi ++done ++ ++ ++for ac_hdr in crypt.h ++do ++ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` ++echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 ++echo "configure:2457: checking for $ac_hdr" >&5 ++if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ cat > conftest.$ac_ext <<EOF ++#line 2462 "configure" ++#include "confdefs.h" ++#include <$ac_hdr> ++EOF ++ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ++{ (eval echo configure:2467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` ++if test -z "$ac_err"; then ++ rm -rf conftest* ++ eval "ac_cv_header_$ac_safe=yes" ++else ++ echo "$ac_err" >&5 ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_header_$ac_safe=no" ++fi ++rm -f conftest* ++fi ++if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` ++ cat >> confdefs.h <<EOF ++#define $ac_tr_hdr 1 ++EOF ++ ++else ++ echo "$ac_t""no" 1>&6 ++fi ++done ++ ++ ++for ac_hdr in ndbm.h db.h ++do ++ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` ++echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 ++echo "configure:2498: checking for $ac_hdr" >&5 ++if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then ++ echo $ac_n "(cached) $ac_c" 1>&6 ++else ++ cat > conftest.$ac_ext <<EOF ++#line 2503 "configure" ++#include "confdefs.h" ++#include <$ac_hdr> ++EOF ++ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" ++{ (eval echo configure:2508: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` ++if test -z "$ac_err"; then ++ rm -rf conftest* ++ eval "ac_cv_header_$ac_safe=yes" ++else ++ echo "$ac_err" >&5 ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ eval "ac_cv_header_$ac_safe=no" ++fi ++rm -f conftest* ++fi ++if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then ++ echo "$ac_t""yes" 1>&6 ++ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` ++ cat >> confdefs.h <<EOF ++#define $ac_tr_hdr 1 ++EOF ++ ++else ++ echo "$ac_t""no" 1>&6 ++fi ++done ++ + HAVE_NDBM_H=$ac_cv_header_ndbm_h + + +@@ -2439,8 +2576,8 @@ done + + + echo $ac_n "checking path to cracklib dictionary""... $ac_c" 1>&6 +-echo "configure:2443: checking path to cracklib dictionary" >&5 +-DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \ ++echo "configure:2580: checking path to cracklib dictionary" >&5 ++DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \ + /usr/local/lib /usr/local/share/lib" + DICT_FILE_CANDIDATES="pw_dict cracklib_dict" + CRACKLIB_DICTPATH="" +@@ -2475,6 +2612,18 @@ if test "$GCC" = yes; then + case $OS in + linux) + OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic" ++ LD_D="gcc -shared -Xlinker -x" ++ WARNINGS="$GCC_WARNINGS" ++ PIC="-fPIC" ++ DYNTYPE=so ++ LD=ld ++ LD_L="$LD -x -shared" ++ RANLIB=ranlib ++ STRIP=strip ++ CC_STATIC="-Xlinker -export-dynamic" ++ ;; ++ netbsd) ++ OS_CFLAGS="" + LD_D="gcc -shared -Xlinker -x" + WARNINGS="$GCC_WARNINGS" + PIC="-fPIC" diff --git a/security/PAM/patches/patch-be b/security/PAM/patches/patch-ad index f177b68cd37..5e8986285d9 100644 --- a/security/PAM/patches/patch-be +++ b/security/PAM/patches/patch-ad @@ -1,8 +1,8 @@ -$NetBSD: patch-be,v 1.1 2002/01/29 17:10:12 jlam Exp $ +$NetBSD: patch-ad,v 1.3 2002/12/23 21:23:58 jlam Exp $ ---- libpam/Makefile.orig Mon Jan 28 19:00:46 2002 +--- libpam/Makefile.orig Sun Dec 9 16:44:58 2001 +++ libpam/Makefile -@@ -125,8 +125,9 @@ +@@ -125,8 +125,9 @@ ifeq ($(DYNAMIC_LIBPAM),yes) $(INSTALL) -m $(SHLIBMODE) $(LIBPAM) $(FAKEROOT)$(libdir)/$(LIBPAMFULL) $(LDCONFIG) ifneq ($(DYNTYPE),"sl") diff --git a/security/PAM/patches/patch-bf b/security/PAM/patches/patch-ae index ada9b4f5a2f..f21c9a72d03 100644 --- a/security/PAM/patches/patch-bf +++ b/security/PAM/patches/patch-ae @@ -1,8 +1,8 @@ -$NetBSD: patch-bf,v 1.1 2002/01/29 17:10:12 jlam Exp $ +$NetBSD: patch-ae,v 1.3 2002/12/23 21:23:58 jlam Exp $ ---- libpam_misc/Makefile.orig Mon Jan 28 19:00:46 2002 +--- libpam_misc/Makefile.orig Thu Jun 27 00:04:54 2002 +++ libpam_misc/Makefile -@@ -85,7 +85,7 @@ +@@ -86,7 +86,7 @@ ifeq ($(DYNAMIC_LIBPAM),yes) $(INSTALL) -m $(SHLIBMODE) $(LIBNAMED) $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL) $(LDCONFIG) ifneq ($(DYNTYPE),"sl") diff --git a/security/PAM/patches/patch-bg b/security/PAM/patches/patch-af index d0300df7d44..2a61cae0783 100644 --- a/security/PAM/patches/patch-bg +++ b/security/PAM/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-bg,v 1.1 2002/01/29 17:10:13 jlam Exp $ +$NetBSD: patch-af,v 1.3 2002/12/23 21:23:58 jlam Exp $ ---- libpamc/Makefile.orig Mon Jan 28 19:00:46 2002 +--- libpamc/Makefile.orig Sat Feb 10 02:17:53 2001 +++ libpamc/Makefile -@@ -85,7 +85,7 @@ +@@ -85,7 +85,7 @@ ifeq ($(DYNAMIC_LIBPAM),yes) $(INSTALL) -m $(SHLIBMODE) $(LIBNAMED) $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL) $(LDCONFIG) ifneq ($(DYNTYPE),"sl") diff --git a/security/PAM/patches/patch-ag b/security/PAM/patches/patch-ag new file mode 100644 index 00000000000..4de2339b78f --- /dev/null +++ b/security/PAM/patches/patch-ag @@ -0,0 +1,19 @@ +$NetBSD: patch-ag,v 1.3 2002/12/23 21:23:58 jlam Exp $ + +--- modules/Makefile.orig Sun Dec 9 17:15:11 2001 ++++ modules/Makefile +@@ -12,7 +12,7 @@ MODDIRS=$(shell /bin/ls -d pam_*) + + all: + @echo building the static modutil library +- make -C pammodutil all ++ $(MAKE) -C pammodutil all + @echo modules sources available are: + @ls -d $(MODDIRS) 2>/dev/null ; echo :-------- + @echo +@@ -55,4 +55,4 @@ clean: lclean + $(MAKE) -C $$i clean ; \ + } fi ; \ + done +- make -C pammodutil clean ++ $(MAKE) -C pammodutil clean diff --git a/security/PAM/patches/patch-ah b/security/PAM/patches/patch-ah new file mode 100644 index 00000000000..de584276bd5 --- /dev/null +++ b/security/PAM/patches/patch-ah @@ -0,0 +1,22 @@ +$NetBSD: patch-ah,v 1.4 2002/12/23 21:23:59 jlam Exp $ + +--- modules/Simple.Rules.orig Sun Dec 9 17:15:11 2001 ++++ modules/Simple.Rules +@@ -59,7 +59,7 @@ endif + + ifdef DYNAMIC + $(LIBSHARED): $(LIBOBJD) +- $(LD_D) -o $@ $(LIBOBJD) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C) $(LINK_PAMMODUTILS) ++ $(LD_D) $(LDFLAGS) -o $@ $(LIBOBJD) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C) $(LINK_PAMMODUTILS) + + endif + +@@ -69,7 +69,7 @@ endif + + ifdef STATIC + $(LIBSTATIC): $(LIBOBJS) +- $(LD) -r -o $@ $(LIBOBJS) $(MODULE_SIMPLE_EXTRALIBS) $(LINK_PAMMODUTILS) ++ $(LD) $(LDFLAGS) -r -o $@ $(LIBOBJS) $(MODULE_SIMPLE_EXTRALIBS) $(LINK_PAMMODUTILS) + endif + + install: all diff --git a/security/PAM/patches/patch-av b/security/PAM/patches/patch-ai index 89d19f1c359..bef7f8d3fcf 100644 --- a/security/PAM/patches/patch-av +++ b/security/PAM/patches/patch-ai @@ -1,8 +1,8 @@ -$NetBSD: patch-av,v 1.2 2002/01/29 17:10:12 jlam Exp $ +$NetBSD: patch-ai,v 1.3 2002/12/23 21:23:59 jlam Exp $ ---- modules/pam_env/Makefile.orig Mon Jan 28 17:28:23 2002 -+++ modules/pam_env/Makefile -@@ -15,8 +15,4 @@ +--- modules/pam_access/Makefile.orig Sun Nov 19 18:54:03 2000 ++++ modules/pam_access/Makefile +@@ -14,8 +14,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/access.con DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" CFLAGS += $(DEFS) diff --git a/security/PAM/patches/patch-aj b/security/PAM/patches/patch-aj index 573b2c75b66..083a122e1fa 100644 --- a/security/PAM/patches/patch-aj +++ b/security/PAM/patches/patch-aj @@ -1,86 +1,13 @@ -$NetBSD: patch-aj,v 1.2 2002/01/29 17:10:11 jlam Exp $ +$NetBSD: patch-aj,v 1.3 2002/12/23 21:23:59 jlam Exp $ ---- modules/pam_filter/pam_filter.c.orig Sun Nov 19 18:54:03 2000 -+++ modules/pam_filter/pam_filter.c -@@ -21,7 +21,7 @@ - #include <sys/stat.h> - #include <sys/socket.h> - #include <sys/ioctl.h> --#include <termio.h> -+#include <termios.h> - - #include <signal.h> - -@@ -278,7 +278,7 @@ - { - int status=-1; - char terminal[TERMINAL_LEN]; -- struct termio stored_mode; /* initial terminal mode settings */ -+ struct termios stored_mode; /* initial terminal mode settings */ - int fd[2], child=0, child2=0, aterminal; - - if (filtername == NULL || *filtername != '/') { -@@ -305,28 +305,32 @@ - /* set terminal into raw mode.. remember old mode so that we can - revert to it after the child has quit. */ - -- /* this is termio terminal handling... */ -+ /* this is termios terminal handling... */ - -- if (ioctl(STDIN_FILENO, TCGETA, (char *) &stored_mode ) < 0) { -+ if (tcgetattr(STDIN_FILENO, &stored_mode ) < 0) { - /* in trouble, so close down */ - close(fd[0]); - _pam_log(LOG_CRIT, "couldn't copy terminal mode"); - return PAM_ABORT; - } else { -- struct termio t_mode = stored_mode; -+ struct termios t_mode = stored_mode; - - t_mode.c_iflag = 0; /* no input control */ - t_mode.c_oflag &= ~OPOST; /* no ouput post processing */ - - /* no signals, canonical input, echoing, upper/lower output */ -+#ifdef XCASE - t_mode.c_lflag &= ~(ISIG|ICANON|ECHO|XCASE); -+#else -+ t_mode.c_lflag &= ~(ISIG|ICANON|ECHO); -+#endif - t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */ - t_mode.c_cflag |= CS8; /* 8 bit chars */ - - t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */ - t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */ - -- if (ioctl(STDIN_FILENO, TCSETA, (char *) &t_mode) < 0) { -+ if (tcsetattr(STDIN_FILENO, TCSANOW, &t_mode) < 0) { - close(fd[0]); - _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode"); - return PAM_ABORT; -@@ -356,7 +360,7 @@ - - _pam_log(LOG_WARNING,"first fork failed"); - if (aterminal) { -- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); -+ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode); - } - - return PAM_AUTH_ERR; -@@ -398,7 +402,7 @@ - /* initialize the child's terminal to be the way the - parent's was before we set it into RAW mode */ - -- if (ioctl(fd[1], TCSETA, (char *) &stored_mode) < 0) { -+ if (tcsetattr(fd[1], TCSANOW, &stored_mode) < 0) { - _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s" - ,terminal); - close(fd[1]); -@@ -572,7 +576,7 @@ - - if (aterminal) { - /* reset to initial terminal mode */ -- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); -+ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode); - } - - if (ctrl & FILTER_DEBUG) { +--- modules/pam_env/Makefile.orig Sun Nov 19 18:54:03 2000 ++++ modules/pam_env/Makefile +@@ -15,8 +15,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/pam_env.co + DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" + CFLAGS += $(DEFS) + +-MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" +-MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) +-MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age +- + include ../Simple.Rules diff --git a/security/PAM/patches/patch-ak b/security/PAM/patches/patch-ak new file mode 100644 index 00000000000..3c2b40bb254 --- /dev/null +++ b/security/PAM/patches/patch-ak @@ -0,0 +1,90 @@ +$NetBSD: patch-ak,v 1.3 2002/12/23 21:23:59 jlam Exp $ + +--- modules/pam_filter/pam_filter.c.orig Sun Nov 11 02:43:54 2001 ++++ modules/pam_filter/pam_filter.c +@@ -21,7 +21,17 @@ + #include <sys/stat.h> + #include <sys/socket.h> + #include <sys/ioctl.h> ++#ifdef HAVE_TERMIOS_H ++#include <termios.h> ++#define STRUCT_TERMIO struct termios ++#define TCGETATTR(fd, p_termio) tcgetattr(fd, p_termio) ++#define TCSETATTR(fd, p_termio) tcsetattr(fd, TCSANOW, p_termio) ++#else + #include <termio.h> ++#define STRUCT_TERMIO struct termio ++#define TCGETATTR(fd, p_termio) ioctl(fd, TCGETA, (char *) p_termio) ++#define TCSETATTR(fd, p_termio) ioctl(fd, TCSETA, (char *) p_termio) ++#endif + + #include <signal.h> + +@@ -278,7 +288,7 @@ static int set_filter(pam_handle_t *pamh + { + int status=-1; + char terminal[TERMINAL_LEN]; +- struct termio stored_mode; /* initial terminal mode settings */ ++ STRUCT_TERMIO stored_mode; /* initial terminal mode settings */ + int fd[2], child=0, child2=0, aterminal; + + if (filtername == NULL || *filtername != '/') { +@@ -307,17 +317,20 @@ static int set_filter(pam_handle_t *pamh + + /* this is termio terminal handling... */ + +- if (ioctl(STDIN_FILENO, TCGETA, (char *) &stored_mode ) < 0) { ++ if (TCGETATTR(STDIN_FILENO, &stored_mode ) < 0) { + /* in trouble, so close down */ + close(fd[0]); + _pam_log(LOG_CRIT, "couldn't copy terminal mode"); + return PAM_ABORT; + } else { +- struct termio t_mode = stored_mode; ++ STRUCT_TERMIO t_mode = stored_mode; + + t_mode.c_iflag = 0; /* no input control */ + t_mode.c_oflag &= ~OPOST; /* no ouput post processing */ + ++#ifndef XCASE ++#define XCASE 0 ++#endif + /* no signals, canonical input, echoing, upper/lower output */ + t_mode.c_lflag &= ~(ISIG|ICANON|ECHO|XCASE); + t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */ +@@ -326,7 +339,7 @@ static int set_filter(pam_handle_t *pamh + t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */ + t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */ + +- if (ioctl(STDIN_FILENO, TCSETA, (char *) &t_mode) < 0) { ++ if (TCSETATTR(STDIN_FILENO, &t_mode) < 0) { + close(fd[0]); + _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode"); + return PAM_ABORT; +@@ -356,7 +369,7 @@ static int set_filter(pam_handle_t *pamh + + _pam_log(LOG_WARNING,"first fork failed"); + if (aterminal) { +- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); ++ (void) TCSETATTR(STDIN_FILENO, &stored_mode); + } + + return PAM_AUTH_ERR; +@@ -398,7 +411,7 @@ static int set_filter(pam_handle_t *pamh + /* initialize the child's terminal to be the way the + parent's was before we set it into RAW mode */ + +- if (ioctl(fd[1], TCSETA, (char *) &stored_mode) < 0) { ++ if (TCSETATTR(fd[1], &stored_mode) < 0) { + _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s" + ,terminal); + close(fd[1]); +@@ -572,7 +585,7 @@ static int set_filter(pam_handle_t *pamh + + if (aterminal) { + /* reset to initial terminal mode */ +- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); ++ (void) TCSETATTR(STDIN_FILENO, &stored_mode); + } + + if (ctrl & FILTER_DEBUG) { diff --git a/security/PAM/patches/patch-al b/security/PAM/patches/patch-al index ab79d039881..917f0ba6c47 100644 --- a/security/PAM/patches/patch-al +++ b/security/PAM/patches/patch-al @@ -1,37 +1,13 @@ -$NetBSD: patch-al,v 1.2 2002/01/29 17:10:11 jlam Exp $ +$NetBSD: patch-al,v 1.3 2002/12/23 21:23:59 jlam Exp $ ---- modules/pam_issue/pam_issue.c.orig Wed Feb 21 23:49:45 2001 -+++ modules/pam_issue/pam_issue.c -@@ -21,6 +21,7 @@ - #include <stdio.h> - #include <stdlib.h> - #include <sys/types.h> -+#include <sys/param.h> - #include <sys/stat.h> - #include <time.h> - #include <fcntl.h> -@@ -215,12 +216,24 @@ - case 'U': - { - int users = 0; -+#if (defined(BSD) && BSD >= 199306) -+ struct utmp ut; -+ FILE *uf; -+ -+ if ((uf == fopen(_PATH_UTMP, "r")) != NULL) { -+ while (fread(&ut, sizeof(ut), 1, uf) > 0) -+ if (ut.ut_name[0] != '\0') -+ ++users; -+ (void) fclose(uf); -+ } -+#else - struct utmp *ut; - setutent(); - while ((ut = getutent())) - if (ut->ut_type == USER_PROCESS) - users++; - endutent(); -+#endif - printf ("%d ", users); - if (c == 'U') - snprintf (buf, 1024, "%s", (users == 1) ? +--- modules/pam_group/Makefile.orig Sun Nov 19 18:54:04 2000 ++++ modules/pam_group/Makefile +@@ -14,8 +14,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/group.conf + DEFS=-DDEFAULT_CONF_FILE=\"$(CONFILE)\" + CFLAGS += $(DEFS) + +-MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" +-MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) +-MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age +- + include ../Simple.Rules diff --git a/security/PAM/patches/patch-am b/security/PAM/patches/patch-am new file mode 100644 index 00000000000..2fb8cbf285a --- /dev/null +++ b/security/PAM/patches/patch-am @@ -0,0 +1,37 @@ +$NetBSD: patch-am,v 1.4 2002/12/23 21:23:59 jlam Exp $ + +--- modules/pam_issue/pam_issue.c.orig Sun Nov 11 21:23:29 2001 ++++ modules/pam_issue/pam_issue.c +@@ -21,6 +21,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <sys/types.h> ++#include <sys/param.h> + #include <sys/stat.h> + #include <fcntl.h> + #include <string.h> +@@ -244,12 +245,24 @@ char *do_prompt(FILE *fd) + case 'U': + { + int users = 0; ++#if (defined(BSD) && BSD >= 199306) ++ struct utmp ut; ++ FILE *uf; ++ ++ if ((uf == fopen(_PATH_UTMP, "r")) != NULL) { ++ while (fread(&ut, sizeof(ut), 1, uf) > 0) ++ if (ut.ut_name[0] != '\0') ++ ++users; ++ (void) fclose(uf); ++ } ++#else + struct utmp *ut; + setutent(); + while ((ut = getutent())) + if (ut->ut_type == USER_PROCESS) + users++; + endutent(); ++#endif + printf ("%d ", users); + if (c == 'U') + snprintf (buf, 1024, "%s", (users == 1) ? diff --git a/security/PAM/patches/patch-an b/security/PAM/patches/patch-an index 9720f36dfe0..95110d429cd 100644 --- a/security/PAM/patches/patch-an +++ b/security/PAM/patches/patch-an @@ -1,89 +1,12 @@ -$NetBSD: patch-an,v 1.2 2002/01/29 17:10:11 jlam Exp $ +$NetBSD: patch-an,v 1.3 2002/12/23 21:23:59 jlam Exp $ ---- modules/pam_unix/pam_unix_acct.c.orig Wed Dec 20 00:15:05 2000 -+++ modules/pam_unix/pam_unix_acct.c -@@ -41,9 +41,12 @@ - #include <string.h> +--- modules/pam_mkhomedir/pam_mkhomedir.c.orig Fri Feb 8 00:20:17 2002 ++++ modules/pam_mkhomedir/pam_mkhomedir.c +@@ -34,6 +34,7 @@ + #include <sys/stat.h> + #include <fcntl.h> #include <unistd.h> - #include <sys/types.h> -+#include <sys/param.h> - #include <syslog.h> ++#include <limits.h> #include <pwd.h> -+#ifndef BSD - #include <shadow.h> -+#endif - #include <time.h> /* for time() */ - - #include <security/_pam_macros.h> -@@ -72,7 +75,7 @@ - const char *uname; - int retval, daysleft; - time_t curdays; -- struct spwd *spent; -+ struct spwd *spent = NULL; - struct passwd *pwent; - char buf[80]; - -@@ -113,6 +116,9 @@ - return PAM_CRED_INSUFFICIENT; - } - } -+#ifdef BSD -+ spent = NULL; -+#else - spent = getspnam( uname ); - if (save_uid == pwent->pw_uid) - setreuid( save_uid, save_euid ); -@@ -121,16 +127,42 @@ - setreuid( save_uid, -1 ); - setreuid( -1, save_euid ); - } -- -+#endif - } else if (!strcmp( pwent->pw_passwd, "x" )) { -+#ifdef BSD -+ spent = NULL; -+#else - spent = getspnam(uname); -+#endif - } else { -+#if (defined(BSD) && BSD >= 199306) -+ time_t now = time(NULL); -+ if (now > pwent->pw_expire) { -+ _log_err(LOG_NOTICE -+ ,"account %s has expired (account expired)" -+ ,uname); -+ _make_remark(pamh, ctrl, PAM_ERROR_MSG, -+ "Your account has expired; please contact your system administrator"); -+ D(("account expired")); -+ return PAM_ACCT_EXPIRED; -+ } -+ else if (now + _PASSWORD_WARNDAYS * 86400 > pwent->pw_expire) { -+ daysleft = (pwent->pw_expire - now) / 86400; -+ _log_err(LOG_DEBUG -+ ,"password for user %s will expire in %d days" -+ ,uname, daysleft); -+ snprintf(buf, 80, "Warning: your password will expire in %d day%.2s", -+ daysleft, daysleft == 1 ? "" : "s"); -+ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); -+ } -+#endif - return PAM_SUCCESS; - } - - if (!spent) - return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */ - -+#ifndef BSD - curdays = time(NULL) / (60 * 60 * 24); - D(("today is %d, last change %d", curdays, spent->sp_lstchg)); - if ((curdays > spent->sp_expire) && (spent->sp_expire != -1) -@@ -183,7 +215,7 @@ - daysleft, daysleft == 1 ? "" : "s"); - _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); - } -- -+#endif - D(("all done")); - - return PAM_SUCCESS; + #include <stdlib.h> + #include <stdio.h> diff --git a/security/PAM/patches/patch-ao b/security/PAM/patches/patch-ao index 0771ddd3b6e..82cc4027224 100644 --- a/security/PAM/patches/patch-ao +++ b/security/PAM/patches/patch-ao @@ -1,100 +1,13 @@ -$NetBSD: patch-ao,v 1.2 2002/01/29 17:10:11 jlam Exp $ +$NetBSD: patch-ao,v 1.3 2002/12/23 21:23:59 jlam Exp $ ---- modules/pam_unix/pam_unix_passwd.c.orig Sun Feb 11 01:33:53 2001 -+++ modules/pam_unix/pam_unix_passwd.c -@@ -47,7 +47,10 @@ - #include <sys/types.h> - #include <pwd.h> - #include <syslog.h> -+#include <sys/param.h> -+#ifndef BSD - #include <shadow.h> -+#endif - #include <time.h> /* for time() */ - #include <fcntl.h> - #include <ctype.h> -@@ -77,7 +80,7 @@ - #include "md5.h" - #include "support.h" - --#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) -+#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) - extern int getrpcport(const char *host, unsigned long prognum, - unsigned long versnum, unsigned int proto); - #endif /* GNU libc 2.1 */ -@@ -330,6 +333,9 @@ - - static int _update_passwd(const char *forwho, const char *towhat) - { -+#ifdef BSD -+ return PAM_AUTHTOK_ERR; -+#else - struct passwd *tmpent = NULL; - FILE *pwfile, *opwfile; - int retval = 0; -@@ -372,10 +378,14 @@ - unlink(PW_TMPFILE); - - return retval; -+#endif - } - - static int _update_shadow(const char *forwho, char *towhat) - { -+#ifdef BSD -+ return PAM_AUTHTOK_ERR; -+#else - struct spwd *spwdent = NULL, *stmpent = NULL; - FILE *pwfile, *opwfile; - int retval = 0; -@@ -424,6 +434,7 @@ - unlink(SH_TMPFILE); - - return retval; -+#endif - } - - static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, -@@ -531,15 +542,18 @@ - return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ - - if (strcmp(pwd->pw_passwd, "x") == 0) { -+#ifndef BSD - /* ...and shadow password file entry for this user, if shadowing - is enabled */ - setspent(); - spwdent = getspnam(user); - endspent(); -+#endif - - if (spwdent == NULL) - return PAM_AUTHINFO_UNAVAIL; - } else { -+#ifndef BSD - if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */ - uid_t save_uid; - -@@ -552,8 +566,15 @@ - return PAM_AUTHINFO_UNAVAIL; - } else - spwdent = NULL; -+#endif - } - -+#ifdef BSD -+ if (off(UNIX__IAMROOT, ctrl)) { -+ if (time(NULL) > pwd->pw_expire) -+ retval = PAM_ACCT_EXPIRED; -+ } -+#else - if (spwdent != NULL) { - /* We have the user's information, now let's check if their account - has expired (60 * 60 * 24 = number of seconds in a day) */ -@@ -579,6 +600,7 @@ - retval = PAM_ACCT_EXPIRED; - } - } -+#endif - return retval; - } - +--- modules/pam_time/Makefile.orig Sun Nov 19 18:54:05 2000 ++++ modules/pam_time/Makefile +@@ -14,8 +14,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/time.conf + DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" + CFLAGS += $(DEFS) + +-MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" +-MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) +-MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age +- + include ../Simple.Rules diff --git a/security/PAM/patches/patch-ap b/security/PAM/patches/patch-ap index aa5d3f25ba0..2984b120b4f 100644 --- a/security/PAM/patches/patch-ap +++ b/security/PAM/patches/patch-ap @@ -1,74 +1,141 @@ -$NetBSD: patch-ap,v 1.2 2002/01/29 17:10:11 jlam Exp $ +$NetBSD: patch-ap,v 1.3 2002/12/23 21:23:59 jlam Exp $ ---- modules/pam_unix/support.c.orig Sun Feb 11 01:33:53 2001 -+++ modules/pam_unix/support.c -@@ -12,7 +12,10 @@ - #include <string.h> - #include <malloc.h> +--- modules/pam_unix/pam_unix_acct.c.orig Wed Dec 20 00:15:05 2000 ++++ modules/pam_unix/pam_unix_acct.c +@@ -43,7 +43,9 @@ + #include <sys/types.h> + #include <syslog.h> #include <pwd.h> -+#include <sys/param.h> -+#ifndef BSD ++#ifdef HAVE_SHADOW_H #include <shadow.h> +#endif - #include <limits.h> - #include <utmp.h> + #include <time.h> /* for time() */ -@@ -111,6 +114,9 @@ - */ - char *PAM_getlogin(void) - { -+#ifdef BSD -+ return getlogin(); -+#else - struct utmp *ut, line; - char *curr_tty, *retval; - static char curr_user[sizeof(ut->ut_user) + 4]; -@@ -132,6 +138,7 @@ - D(("PAM_getlogin retval: %s", retval)); - - return retval; + #include <security/_pam_macros.h> +@@ -71,8 +73,10 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand + unsigned int ctrl; + const char *uname; + int retval, daysleft; +- time_t curdays; ++ time_t now, curdays; ++#ifdef HAVE_GETSPNAM + struct spwd *spent; +#endif - } + struct passwd *pwent; + char buf[80]; - /* -@@ -330,6 +337,7 @@ - pwd = getpwnam(name); /* Get password file entry... */ +@@ -113,7 +117,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand + return PAM_CRED_INSUFFICIENT; + } + } ++#ifdef HAVE_GETSPNAM + spent = getspnam( uname ); ++#endif + if (save_uid == pwent->pw_uid) + setreuid( save_uid, save_euid ); + else { +@@ -123,15 +129,21 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand + } - if (pwd != NULL) { -+#ifndef BSD - if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) - { /* NIS+ */ - uid_t save_euid, save_uid; -@@ -367,6 +375,7 @@ - if (spwdent) - salt = x_strdup(spwdent->sp_pwdp); - else + } else if (!strcmp( pwent->pw_passwd, "x" )) { ++#ifdef HAVE_GETSPNAM + spent = getspnam(uname); +#endif - salt = x_strdup(pwd->pw_passwd); + } else { + return PAM_SUCCESS; } - /* Does this user have a password? */ -@@ -481,6 +490,7 @@ - pwd = getpwnam(name); /* Get password file entry... */ - if (pwd != NULL) { -+#ifndef BSD - if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) - { /* NIS+ */ - uid_t save_euid, save_uid; -@@ -498,7 +508,7 @@ - return PAM_CRED_INSUFFICIENT; - } - } -- ++#ifdef HAVE_GETSPNAM + if (!spent) + return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */ ++#endif + +- curdays = time(NULL) / (60 * 60 * 24); ++ now = time(NULL); ++ curdays = now / (60 * 60 * 24); ++#ifdef HAVE_GETSPNAM + D(("today is %d, last change %d", curdays, spent->sp_lstchg)); + if ((curdays > spent->sp_expire) && (spent->sp_expire != -1) + && (spent->sp_lstchg != 0)) { +@@ -143,6 +155,29 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand + D(("account expired")); + return PAM_ACCT_EXPIRED; + } ++#else ++ if ((now > pwent->pw_expire) && (pwent->pw_expire != 0)) { ++ _log_err(LOG_NOTICE, pamh ++ ,"account %s has expired (account expired)" ++ ,uname); ++ _make_remark(pamh, ctrl, PAM_ERROR_MSG, ++ "Your account has expired; please contact your system administrator"); ++ D(("account expired")); ++ return PAM_ACCT_EXPIRED; ++ } ++ if ((now + _PASSWORD_WARNDAYS * 60 * 60 * 24 > pwent->pw_expire) ++ && (pwent->pw_expire != 0)) { ++ daysleft = (pwent->pw_expire - now) / (60 * 60 * 24); ++ _log_err(LOG_DEBUG, pamh ++ ,"account for user %s will expire in %d days" ++ ,uname, daysleft); ++ snprintf(buf, 80, "Warning: your account will expire in %d day%.2s", ++ daysleft, daysleft == 1 ? "" : "s"); ++ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); ++ } ++#endif + - spwdent = getspnam( name ); - if (save_uid == pwd->pw_uid) - setreuid( save_uid, save_euid ); -@@ -517,6 +527,7 @@ - if (spwdent) - salt = x_strdup(spwdent->sp_pwdp); - else ++#ifdef HAVE_GETSPNAM + if ((curdays > (spent->sp_lstchg + spent->sp_max + spent->sp_inact)) + && (spent->sp_max != -1) && (spent->sp_inact != -1) + && (spent->sp_lstchg != 0)) { +@@ -154,7 +189,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand + D(("account expired 2")); + return PAM_ACCT_EXPIRED; + } +#endif - salt = x_strdup(pwd->pw_passwd); + D(("when was the last change")); ++#ifdef HAVE_GETSPNAM + if (spent->sp_lstchg == 0) { + _log_err(LOG_NOTICE, pamh + ,"expired password for user %s (root enforced)" +@@ -173,6 +210,19 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand + D(("need a new password 2")); + return PAM_NEW_AUTHTOK_REQD; + } ++#else ++ if (pwent->pw_change == -1) { ++ _log_err(LOG_NOTICE, pamh ++ ,"expired password for user %s (root enforced)" ++ ,uname); ++ _make_remark(pamh, ctrl, PAM_ERROR_MSG, ++ "You are required to change your password immediately (root enforced)"); ++ D(("need a new password")); ++ return PAM_NEW_AUTHTOK_REQD; ++ } ++#endif ++ ++#ifdef HAVE_GETSPNAM + if ((curdays > (spent->sp_lstchg + spent->sp_max - spent->sp_warn)) + && (spent->sp_max != -1) && (spent->sp_warn != -1)) { + daysleft = (spent->sp_lstchg + spent->sp_max) - curdays; +@@ -183,6 +233,21 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand + daysleft, daysleft == 1 ? "" : "s"); + _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); } ++#else ++#ifndef _PASSWORD_WARNDAYS ++#define _PASSWORD_WARNDAYS 14 ++#endif ++ if ((now + _PASSWORD_WARNDAYS * 60 * 60 * 24 > pwent->pw_change) ++ && (pwent->pw_change != 0) && (pwent->pw_change != -1)) { ++ daysleft = (pwent->pw_change - now) / (60 * 60 * 24); ++ _log_err(LOG_DEBUG, pamh ++ ,"password for user %s will expire in %d days" ++ ,uname, daysleft); ++ snprintf(buf, 80, "Warning: your password will expire in %d day%.2s", ++ daysleft, daysleft == 1 ? "" : "s"); ++ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); ++ } ++#endif + + D(("all done")); diff --git a/security/PAM/patches/patch-aq b/security/PAM/patches/patch-aq new file mode 100644 index 00000000000..67d202130ae --- /dev/null +++ b/security/PAM/patches/patch-aq @@ -0,0 +1,81 @@ +$NetBSD: patch-aq,v 1.4 2002/12/23 21:23:59 jlam Exp $ + +--- modules/pam_unix/pam_unix_passwd.c.orig Tue Jul 9 00:44:18 2002 ++++ modules/pam_unix/pam_unix_passwd.c +@@ -47,7 +47,10 @@ + #include <sys/types.h> + #include <pwd.h> + #include <syslog.h> ++#include <sys/param.h> ++#ifdef HAVE_SHADOW_H + #include <shadow.h> ++#endif + #include <time.h> /* for time() */ + #include <fcntl.h> + #include <ctype.h> +@@ -77,7 +80,7 @@ + #include "md5.h" + #include "support.h" + +-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) ++#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) + extern int getrpcport(const char *host, unsigned long prognum, + unsigned long versnum, unsigned int proto); + #endif /* GNU libc 2.1 */ +@@ -346,6 +349,7 @@ static int save_old_password(const char + static int _update_passwd(pam_handle_t *pamh, + const char *forwho, const char *towhat) + { ++#ifdef HAVE_SHADOW_H + struct passwd *tmpent = NULL; + FILE *pwfile, *opwfile; + int err = 1; +@@ -401,10 +405,14 @@ static int _update_passwd(pam_handle_t * + unlink(PW_TMPFILE); + return PAM_AUTHTOK_ERR; + } ++#else ++ return PAM_AUTHTOK_ERR; ++#endif + } + + static int _update_shadow(const char *forwho, char *towhat) + { ++#ifdef HAVE_GETSPNAM + struct spwd *spwdent = NULL, *stmpent = NULL; + FILE *pwfile, *opwfile; + int err = 1; +@@ -461,6 +469,9 @@ static int _update_shadow(const char *fo + unlink(SH_TMPFILE); + return PAM_AUTHTOK_ERR; + } ++#else ++ return PAM_AUTHTOK_ERR; ++#endif + } + + static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, +@@ -569,6 +580,7 @@ static int _unix_verify_shadow(const cha + if (pwd == NULL) + return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ + ++#ifdef HAVE_GETSPNAM + if (strcmp(pwd->pw_passwd, "x") == 0) { + /* ...and shadow password file entry for this user, if shadowing + is enabled */ +@@ -619,6 +631,15 @@ static int _unix_verify_shadow(const cha + } + } + return retval; ++#else ++ if (strcmp(pwd->pw_passwd, "x") == 0) ++ return PAM_AUTHINFO_UNAVAIL; ++ ++ if (off(UNIX__IAMROOT, ctrl)) { ++ if (time(NULL) > pwd->pw_expire) ++ return PAM_ACCT_EXPIRED; ++ } ++#endif + } + + static int _pam_unix_approve_pass(pam_handle_t * pamh diff --git a/security/PAM/patches/patch-ar b/security/PAM/patches/patch-ar index 5daeda92eb0..a891f0bcf8d 100644 --- a/security/PAM/patches/patch-ar +++ b/security/PAM/patches/patch-ar @@ -1,34 +1,79 @@ -$NetBSD: patch-ar,v 1.2 2002/01/29 17:10:11 jlam Exp $ +$NetBSD: patch-ar,v 1.3 2002/12/23 21:24:00 jlam Exp $ ---- modules/pam_unix/unix_chkpwd.c.orig Sun Feb 11 01:33:53 2001 -+++ modules/pam_unix/unix_chkpwd.c -@@ -22,8 +22,11 @@ - #include <syslog.h> +--- modules/pam_unix/support.c.orig Mon Sep 23 13:33:22 2002 ++++ modules/pam_unix/support.c +@@ -6,13 +6,17 @@ + + #define _BSD_SOURCE + ++#include <security/_pam_aconf.h> ++ + #include <stdlib.h> #include <unistd.h> - #include <sys/types.h> -+#include <sys/param.h> + #include <stdarg.h> + #include <string.h> + #include <malloc.h> #include <pwd.h> -+#ifndef BSD ++#ifdef HAVE_SHADOW_H #include <shadow.h> +#endif - #include <signal.h> + #include <limits.h> + #include <utmp.h> + #include <errno.h> +@@ -113,6 +117,12 @@ int _make_remark(pam_handle_t * pamh, un + */ + char *PAM_getlogin(void) + { ++#ifdef USE_GETLOGIN ++ char *retval = NULL; ++ retval = getlogin(); ++ D(("PAM_getlogin retval: %s", retval)); ++ return retval; ++#else + struct utmp *ut, line; + char *curr_tty, *retval; + static char curr_user[sizeof(ut->ut_user) + 4]; +@@ -135,6 +145,7 @@ char *PAM_getlogin(void) + D(("PAM_getlogin retval: %s", retval)); + + return retval; ++#endif + } + + /* +@@ -358,6 +369,7 @@ int _unix_blankpasswd(unsigned int ctrl, + #endif - #define MAXPASS 200 /* the maximum length of a password */ -@@ -94,6 +97,9 @@ - pwd = getpwnam(name); /* Get password file entry... */ - endpwent(); if (pwd != NULL) { -+#ifdef BSD ++#ifdef HAVE_GETSPNAM + if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) + { /* NIS+ */ + uid_t save_euid, save_uid; +@@ -400,6 +412,9 @@ int _unix_blankpasswd(unsigned int ctrl, + salt = x_strdup(spwdent->sp_pwdp); + else + salt = x_strdup(pwd->pw_passwd); ++#else + salt = x_strdup(pwd->pw_passwd); ++#endif + } + /* Does this user have a password? */ + if (salt == NULL) { +@@ -535,6 +550,7 @@ int _unix_verify_password(pam_handle_t * + pwd = getpwnam(name); /* Get password file entry... */ + + if (pwd != NULL) { ++#ifdef GETSPNAM + if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) + { /* NIS+ */ + uid_t save_euid, save_uid; +@@ -572,6 +588,9 @@ int _unix_verify_password(pam_handle_t * + salt = x_strdup(spwdent->sp_pwdp); + else + salt = x_strdup(pwd->pw_passwd); +#else - if (strcmp(pwd->pw_passwd, "x") == 0) { - /* - * ...and shadow password file entry for this user, -@@ -120,6 +126,7 @@ - salt = x_strdup(pwd->pw_passwd); - } - } ++ salt = x_strdup(pwd->pw_passwd); +#endif } - if (pwd == NULL || salt == NULL) { - _log_err(LOG_ALERT, "check pass; user unknown"); + + data_name = (char *) malloc(sizeof(FAIL_PREFIX) + strlen(name)); diff --git a/security/PAM/patches/patch-as b/security/PAM/patches/patch-as new file mode 100644 index 00000000000..2af7b25fe24 --- /dev/null +++ b/security/PAM/patches/patch-as @@ -0,0 +1,32 @@ +$NetBSD: patch-as,v 1.3 2002/12/23 21:24:00 jlam Exp $ + +--- modules/pam_unix/unix_chkpwd.c.orig Mon Sep 23 13:33:22 2002 ++++ modules/pam_unix/unix_chkpwd.c +@@ -29,7 +29,9 @@ + #include <unistd.h> + #include <sys/types.h> + #include <pwd.h> ++#ifdef HAVE_SHADOW_H + #include <shadow.h> ++#endif + #include <signal.h> + + #define MAXPASS 200 /* the maximum length of a password */ +@@ -101,6 +103,7 @@ static int _unix_verify_password(const c + pwd = getpwnam(name); /* Get password file entry... */ + endpwent(); + if (pwd != NULL) { ++#ifdef HAVE_GETSPNAM + if (strcmp(pwd->pw_passwd, "x") == 0) { + /* + * ...and shadow password file entry for this user, +@@ -127,6 +130,9 @@ static int _unix_verify_password(const c + salt = x_strdup(pwd->pw_passwd); + } + } ++#else ++ salt = x_strdup(pwd->pw_passwd); ++#endif + } + if (pwd == NULL || salt == NULL) { + _log_err(LOG_ALERT, "check pass; user unknown"); diff --git a/security/PAM/patches/patch-au b/security/PAM/patches/patch-au deleted file mode 100644 index 8a2f5fc81e9..00000000000 --- a/security/PAM/patches/patch-au +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-au,v 1.2 2002/01/29 17:10:12 jlam Exp $ - ---- modules/pam_userdb/Makefile.orig Sat Feb 17 22:03:31 2001 -+++ modules/pam_userdb/Makefile -@@ -12,7 +12,9 @@ - - ifeq ($(HAVE_NDBM_H),yes) - WHICH_DB=ndbm -+ifeq ($(HAVE_LIBNDBM),yes) - MODULE_SIMPLE_EXTRALIBS = -lndbm -+endif - else - ifeq ($(HAVE_LIBDB),yes) - WHICH_DB=db diff --git a/security/PAM/patches/patch-aw b/security/PAM/patches/patch-aw deleted file mode 100644 index a0686af4373..00000000000 --- a/security/PAM/patches/patch-aw +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-aw,v 1.2 2002/01/29 17:10:12 jlam Exp $ - ---- modules/pam_group/Makefile.orig Mon Jan 28 17:28:23 2002 -+++ modules/pam_group/Makefile -@@ -14,8 +14,4 @@ - DEFS=-DDEFAULT_CONF_FILE=\"$(CONFILE)\" - CFLAGS += $(DEFS) - --MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" --MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) --MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age -- - include ../Simple.Rules diff --git a/security/PAM/patches/patch-az b/security/PAM/patches/patch-az deleted file mode 100644 index b979b886f0b..00000000000 --- a/security/PAM/patches/patch-az +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-az,v 1.2 2002/01/29 17:10:12 jlam Exp $ - ---- modules/pam_time/Makefile.orig Mon Jan 28 17:28:23 2002 -+++ modules/pam_time/Makefile -@@ -14,8 +14,4 @@ - DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" - CFLAGS += $(DEFS) - --MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" --MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) --MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age -- - include ../Simple.Rules diff --git a/security/PAM/patches/patch-ba b/security/PAM/patches/patch-ba deleted file mode 100644 index 31c8fdca516..00000000000 --- a/security/PAM/patches/patch-ba +++ /dev/null @@ -1,53 +0,0 @@ -$NetBSD: patch-ba,v 1.1 2002/01/29 17:10:12 jlam Exp $ - ---- configure.in.orig Sun Mar 18 20:56:36 2001 -+++ configure.in -@@ -172,7 +172,7 @@ - HAVE_LIBCRACK=no) - AC_SUBST(HAVE_LIBCRACK) - --AC_CHECK_LIB(crypt, fcrypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT), -+AC_CHECK_LIB(crypt, crypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT), - HAVE_LIBCRYPT=no) - AC_SUBST(HAVE_LIBCRYPT) - AC_CHECK_LIB(util, logwtmp, HAVE_LIBUTIL=yes ; AC_DEFINE(HAVE_LIBUTIL), -@@ -220,7 +220,7 @@ - - dnl Look for cracklib dictionary - AC_MSG_CHECKING(path to cracklib dictionary) --DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \ -+DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \ - /usr/local/lib /usr/local/share/lib" - DICT_FILE_CANDIDATES="pw_dict cracklib_dict" - CRACKLIB_DICTPATH="" -@@ -264,6 +264,21 @@ - if test "$GCC" = yes; then - ### - ### Non-Linux needs attention on per-OS basis -+ case $OS in -+ netbsd*) -+ OS_CFLAGS="" -+ WARNINGS="$GCC_WARNINGS" -+ PIC="-fPIC" -+#can/should we use LD=gcc ??? -+ LD=ld -+ LD_D="\$(CC) -shared -Xlinker -x" -+ LD_L="$LD -x -shared" -+ RANLIB=ranlib -+ STRIP=strip -+ CC_STATIC="-Xlinker -export-dynamic" -+ ;; -+ -+ *) - OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic" - WARNINGS="$GCC_WARNINGS" - PIC="-fPIC" -@@ -274,6 +289,8 @@ - RANLIB=ranlib - STRIP=strip - CC_STATIC="-Xlinker -export-dynamic" -+ ;; -+ esac - else - ### - ### Non-gcc needs attention on per-OS basis diff --git a/security/PAM/patches/patch-bb b/security/PAM/patches/patch-bb deleted file mode 100644 index 02b96f924c0..00000000000 --- a/security/PAM/patches/patch-bb +++ /dev/null @@ -1,69 +0,0 @@ -$NetBSD: patch-bb,v 1.1 2002/01/29 17:10:12 jlam Exp $ - ---- configure.orig Sun Mar 18 20:56:36 2001 -+++ configure -@@ -1460,9 +1460,9 @@ - - - --echo $ac_n "checking for fcrypt in -lcrypt""... $ac_c" 1>&6 --echo "configure:1465: checking for fcrypt in -lcrypt" >&5 --ac_lib_var=`echo crypt'_'fcrypt | sed 'y%./+-%__p_%'` -+echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -+echo "configure:1465: checking for crypt in -lcrypt" >&5 -+ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` - if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 - else -@@ -1474,10 +1474,10 @@ - /* Override any gcc2 internal prototype to avoid an error. */ - /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ --char fcrypt(); -+char crypt(); - - int main() { --fcrypt() -+crypt() - ; return 0; } - EOF - if { (eval echo configure:1484: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then -@@ -2257,7 +2257,7 @@ - - echo $ac_n "checking path to cracklib dictionary""... $ac_c" 1>&6 - echo "configure:2260: checking path to cracklib dictionary" >&5 --DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \ -+DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \ - /usr/local/lib /usr/local/share/lib" - DICT_FILE_CANDIDATES="pw_dict cracklib_dict" - CRACKLIB_DICTPATH="" -@@ -2288,6 +2288,20 @@ - if test "$GCC" = yes; then - ### - ### Non-Linux needs attention on per-OS basis -+ case $OS in -+ netbsd*) -+ OS_CFLAGS="" -+ WARNINGS="$GCC_WARNINGS" -+ PIC="-fPIC" -+ LD=ld -+ LD_D="\$(CC) -shared -Xlinker -x" -+ LD_L="$LD -x -shared" -+ RANLIB=ranlib -+ STRIP=strip -+ CC_STATIC="-Xlinker -export-dynamic" -+ ;; -+ -+ *) - OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic" - WARNINGS="$GCC_WARNINGS" - PIC="-fPIC" -@@ -2298,6 +2312,8 @@ - RANLIB=ranlib - STRIP=strip - CC_STATIC="-Xlinker -export-dynamic" -+ ;; -+ esac - else - ### - ### Non-gcc needs attention on per-OS basis diff --git a/security/PAM/patches/patch-bc b/security/PAM/patches/patch-bc deleted file mode 100644 index 6dd94142df1..00000000000 --- a/security/PAM/patches/patch-bc +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-bc,v 1.1 2002/01/29 17:10:12 jlam Exp $ - ---- modules/Simple.Rules.orig Wed Feb 21 23:55:41 2001 -+++ modules/Simple.Rules -@@ -56,7 +56,7 @@ - - ifdef DYNAMIC - $(LIBSHARED): $(LIBOBJD) -- $(LD_D) -o $@ $(LIBOBJD) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C) -+ $(LD_D) -o $@ $(LIBOBJD) $(LDFLAGS) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C) - - endif - diff --git a/security/PAM/patches/patch-bd b/security/PAM/patches/patch-bd deleted file mode 100644 index 04aeeddf2c2..00000000000 --- a/security/PAM/patches/patch-bd +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-bd,v 1.1 2002/01/29 17:10:12 jlam Exp $ - ---- doc/Makefile.orig Mon Jan 28 18:45:38 2002 -+++ doc/Makefile -@@ -5,7 +5,7 @@ - - # These two should probably be moved into autoconf... - DOCDIR=/usr/doc/Linux-PAM --MANDIR=/usr/man -+MANDIR=${mandir} - - ####################################################### - |