summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/CHANGES3
-rw-r--r--security/PAM/Makefile35
-rw-r--r--security/PAM/PLIST89
-rw-r--r--security/PAM/distinfo44
-rw-r--r--security/PAM/patches/patch-aa44
-rw-r--r--security/PAM/patches/patch-ab55
-rw-r--r--security/PAM/patches/patch-ac233
-rw-r--r--security/PAM/patches/patch-ad (renamed from security/PAM/patches/patch-be)6
-rw-r--r--security/PAM/patches/patch-ae (renamed from security/PAM/patches/patch-bf)6
-rw-r--r--security/PAM/patches/patch-af (renamed from security/PAM/patches/patch-bg)6
-rw-r--r--security/PAM/patches/patch-ag19
-rw-r--r--security/PAM/patches/patch-ah22
-rw-r--r--security/PAM/patches/patch-ai (renamed from security/PAM/patches/patch-av)8
-rw-r--r--security/PAM/patches/patch-aj97
-rw-r--r--security/PAM/patches/patch-ak90
-rw-r--r--security/PAM/patches/patch-al48
-rw-r--r--security/PAM/patches/patch-am37
-rw-r--r--security/PAM/patches/patch-an95
-rw-r--r--security/PAM/patches/patch-ao111
-rw-r--r--security/PAM/patches/patch-ap185
-rw-r--r--security/PAM/patches/patch-aq81
-rw-r--r--security/PAM/patches/patch-ar91
-rw-r--r--security/PAM/patches/patch-as32
-rw-r--r--security/PAM/patches/patch-au14
-rw-r--r--security/PAM/patches/patch-aw13
-rw-r--r--security/PAM/patches/patch-az13
-rw-r--r--security/PAM/patches/patch-ba53
-rw-r--r--security/PAM/patches/patch-bb69
-rw-r--r--security/PAM/patches/patch-bc13
-rw-r--r--security/PAM/patches/patch-bd13
30 files changed, 877 insertions, 748 deletions
diff --git a/doc/CHANGES b/doc/CHANGES
index d584f8e2af1..ee37f95c0e1 100644
--- a/doc/CHANGES
+++ b/doc/CHANGES
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.887 2002/12/23 20:42:42 wiz Exp $
+$NetBSD: CHANGES,v 1.888 2002/12/23 21:24:32 jlam Exp $
Changes to the packages collection and infrastructure in 2002:
@@ -4075,3 +4075,4 @@ Changes to the packages collection and infrastructure in 2002:
Updated createbuildlink to 2.3 [wiz 2002-12-23]
Updated m4 to 1.4nb1 [wiz 2002-12-23]
Updated gmake to 3.80nb1 [wiz 2002-12-23]
+ Updated PAM to 0.77 [jlam 2002-12-23]
diff --git a/security/PAM/Makefile b/security/PAM/Makefile
index 0e1ceb41828..199e4b0389a 100644
--- a/security/PAM/Makefile
+++ b/security/PAM/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.11 2002/08/25 18:39:48 jlam Exp $
+# $NetBSD: Makefile,v 1.12 2002/12/23 21:23:56 jlam Exp $
#
DISTNAME= Linux-${PKGNAME}
-PKGNAME= PAM-0.75
+PKGNAME= PAM-0.77
CATEGORIES= security
MASTER_SITES= http://www.kernel.org/pub/linux/libs/pam/pre/library/ \
ftp://ftp.kernel.org/pub/linux/libs/pam/pre/library/
@@ -13,20 +13,29 @@ COMMENT= Pluggable Authentication Modules
USE_BUILDLINK2= yes
USE_GMAKE= yes
+USE_DB185= yes
GNU_CONFIGURE= yes
+CONFIGURE_ARGS+= --enable-docdir=${PREFIX}/share/doc/PAM
CONFIGURE_ARGS+= --enable-includedir=${PREFIX}/include
+CONFIGURE_ARGS+= --enable-mandir=${PREFIX}/man
CONFIGURE_ARGS+= --enable-sconfigdir=${PKG_SYSCONFDIR}
CONFIGURE_ARGS+= --enable-static-libpam
+CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2TXT=no
+CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2HTML=no
+CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2LATEX=no
+CONFIGURE_ENV+= ac_cv_prog_HAVE_SGML2PS=no
+CONFIGURE_ENV+= ac_cv_prog_HAVE_PS2PDF=no
-CFLAGS+= -DHAVE_UTMP_H=1
-CFLAGS+= -fPIC
+.include "../../mk/bsd.prefs.mk"
+
+.if !empty(OPSYS:M*BSD)
+CFLAGS+= -DUSE_GETLOGIN=1
+.endif
MAKE_FLAGS+= OS_CFLAGS="${CFLAGS}"
PKG_SYSCONFSUBDIR?= pam
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
-DOCDIR= ${PREFIX}/share/doc/${PKGBASE}
-HTMLDIR= ${PREFIX}/share/doc/html/${PKGBASE}
CFILES= access.conf pam_env.conf group.conf time.conf
CONF_FILES= ${EGDIR}/pam.conf ${PKG_SYSCONFBASE}/pam.conf
@@ -34,12 +43,6 @@ CONF_FILES= ${EGDIR}/pam.conf ${PKG_SYSCONFBASE}/pam.conf
CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
.endfor
-post-extract:
- cd ${WRKSRC}/doc; \
- if [ -f ${DISTNAME}-docs.tar.gz ]; then \
- ${GZCAT} ${DISTNAME}-docs.tar.gz | ${GTAR} -xf -; \
- fi
-
post-install:
${INSTALL_DATA_DIR} ${EGDIR}
${INSTALL_DATA} ${WRKSRC}/conf/pam.conf ${EGDIR}
@@ -49,14 +52,8 @@ post-install:
${INSTALL_DATA} ${WRKSRC}/modules/pam_group/group.conf ${EGDIR}
${INSTALL_DATA} ${WRKSRC}/modules/pam_time/time.conf ${EGDIR}
${INSTALL_DATA_DIR} ${DOCDIR}
- cd ${WRKSRC}/doc; for file in modules/*.sgml; do \
- ${INSTALL_DATA} $${file} ${DOCDIR}; \
- done
- ${INSTALL_DATA_DIR} ${HTMLDIR}
- cd ${WRKSRC}/doc; for file in html/*.html; do \
- ${INSTALL_DATA} $${file} ${HTMLDIR}; \
- done
+.include "../../databases/db/buildlink2.mk"
.include "../../security/libcrack/buildlink2.mk"
.include "../../mk/bsd.pkg.install.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/security/PAM/PLIST b/security/PAM/PLIST
index 932787e26db..8dbde7a8ca5 100644
--- a/security/PAM/PLIST
+++ b/security/PAM/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.3 2002/01/29 21:08:48 jlam Exp $
+@comment $NetBSD: PLIST,v 1.4 2002/12/23 21:23:57 jlam Exp $
include/security/_pam_aconf.h
include/security/_pam_compat.h
include/security/_pam_macros.h
@@ -11,20 +11,22 @@ include/security/pam_modules.h
lib/libpam.a
lib/libpam.so
lib/libpam.so.0
-lib/libpam.so.0.75
+lib/libpam.so.0.77
lib/libpam_misc.a
lib/libpam_misc.so
lib/libpam_misc.so.0
-lib/libpam_misc.so.0.75
+lib/libpam_misc.so.0.77
lib/libpamc.a
lib/libpamc.so
lib/libpamc.so.0
-lib/libpamc.so.0.75
+lib/libpamc.so.0.77
lib/security/pam_access.so
lib/security/pam_cracklib.so
+lib/security/pam_debug.so
lib/security/pam_deny.so
lib/security/pam_env.so
lib/security/pam_filter.so
+lib/security/pam_filter/upperLOWER
lib/security/pam_ftp.so
lib/security/pam_group.so
lib/security/pam_issue.so
@@ -55,94 +57,23 @@ man/man3/pam_chauthtok.3
man/man3/pam_close_session.3
man/man3/pam_end.3
man/man3/pam_fail_delay.3
+man/man3/pam_get_item.3
man/man3/pam_open_session.3
+man/man3/pam_set_item.3
man/man3/pam_setcred.3
man/man3/pam_start.3
man/man3/pam_strerror.3
man/man8/pam.8
man/man8/pam.conf.8
man/man8/pam.d.8
-sbin/pam_filter/upperLOWER
+sbin/pam_tally
sbin/unix_chkpwd
-share/doc/${PKGBASE}/pam_access.sgml
-share/doc/${PKGBASE}/pam_chroot.sgml
-share/doc/${PKGBASE}/pam_cracklib.sgml
-share/doc/${PKGBASE}/pam_deny.sgml
-share/doc/${PKGBASE}/pam_env.sgml
-share/doc/${PKGBASE}/pam_filter.sgml
-share/doc/${PKGBASE}/pam_ftp.sgml
-share/doc/${PKGBASE}/pam_group.sgml
-share/doc/${PKGBASE}/pam_issue.sgml
-share/doc/${PKGBASE}/pam_krb4.sgml
-share/doc/${PKGBASE}/pam_lastlog.sgml
-share/doc/${PKGBASE}/pam_limits.sgml
-share/doc/${PKGBASE}/pam_listfile.sgml
-share/doc/${PKGBASE}/pam_mail.sgml
-share/doc/${PKGBASE}/pam_mkhomedir.sgml
-share/doc/${PKGBASE}/pam_motd.sgml
-share/doc/${PKGBASE}/pam_nologin.sgml
-share/doc/${PKGBASE}/pam_permit.sgml
-share/doc/${PKGBASE}/pam_pwdb.sgml
-share/doc/${PKGBASE}/pam_radius.sgml
-share/doc/${PKGBASE}/pam_rhosts.sgml
-share/doc/${PKGBASE}/pam_rootok.sgml
-share/doc/${PKGBASE}/pam_securetty.sgml
-share/doc/${PKGBASE}/pam_tally.sgml
-share/doc/${PKGBASE}/pam_time.sgml
-share/doc/${PKGBASE}/pam_unix.sgml
-share/doc/${PKGBASE}/pam_userdb.sgml
-share/doc/${PKGBASE}/pam_warn.sgml
-share/doc/${PKGBASE}/pam_wheel.sgml
-share/doc/html/${PKGBASE}/index.html
-share/doc/html/${PKGBASE}/pam-1.html
-share/doc/html/${PKGBASE}/pam-10.html
-share/doc/html/${PKGBASE}/pam-11.html
-share/doc/html/${PKGBASE}/pam-12.html
-share/doc/html/${PKGBASE}/pam-2.html
-share/doc/html/${PKGBASE}/pam-3.html
-share/doc/html/${PKGBASE}/pam-4.html
-share/doc/html/${PKGBASE}/pam-5.html
-share/doc/html/${PKGBASE}/pam-6.html
-share/doc/html/${PKGBASE}/pam-7.html
-share/doc/html/${PKGBASE}/pam-8.html
-share/doc/html/${PKGBASE}/pam-9.html
-share/doc/html/${PKGBASE}/pam.html
-share/doc/html/${PKGBASE}/pam_appl-1.html
-share/doc/html/${PKGBASE}/pam_appl-10.html
-share/doc/html/${PKGBASE}/pam_appl-11.html
-share/doc/html/${PKGBASE}/pam_appl-12.html
-share/doc/html/${PKGBASE}/pam_appl-13.html
-share/doc/html/${PKGBASE}/pam_appl-14.html
-share/doc/html/${PKGBASE}/pam_appl-2.html
-share/doc/html/${PKGBASE}/pam_appl-3.html
-share/doc/html/${PKGBASE}/pam_appl-4.html
-share/doc/html/${PKGBASE}/pam_appl-5.html
-share/doc/html/${PKGBASE}/pam_appl-6.html
-share/doc/html/${PKGBASE}/pam_appl-7.html
-share/doc/html/${PKGBASE}/pam_appl-8.html
-share/doc/html/${PKGBASE}/pam_appl-9.html
-share/doc/html/${PKGBASE}/pam_appl.html
-share/doc/html/${PKGBASE}/pam_modules-1.html
-share/doc/html/${PKGBASE}/pam_modules-10.html
-share/doc/html/${PKGBASE}/pam_modules-11.html
-share/doc/html/${PKGBASE}/pam_modules-12.html
-share/doc/html/${PKGBASE}/pam_modules-2.html
-share/doc/html/${PKGBASE}/pam_modules-3.html
-share/doc/html/${PKGBASE}/pam_modules-4.html
-share/doc/html/${PKGBASE}/pam_modules-5.html
-share/doc/html/${PKGBASE}/pam_modules-6.html
-share/doc/html/${PKGBASE}/pam_modules-7.html
-share/doc/html/${PKGBASE}/pam_modules-8.html
-share/doc/html/${PKGBASE}/pam_modules-9.html
-share/doc/html/${PKGBASE}/pam_modules.html
share/examples/${PKGBASE}/access.conf
share/examples/${PKGBASE}/group.conf
share/examples/${PKGBASE}/pam.conf
share/examples/${PKGBASE}/pam_env.conf
share/examples/${PKGBASE}/time.conf
@dirrm share/examples/${PKGBASE}
-@dirrm share/doc/html/${PKGBASE}
-@dirrm share/doc/${PKGBASE}
-@dirrm sbin/pam_filter
+@dirrm lib/security/pam_filter
@dirrm lib/security
@dirrm include/security
diff --git a/security/PAM/distinfo b/security/PAM/distinfo
index 0d9601e2c70..3d05cf91a79 100644
--- a/security/PAM/distinfo
+++ b/security/PAM/distinfo
@@ -1,23 +1,23 @@
-$NetBSD: distinfo,v 1.4 2002/01/29 17:10:10 jlam Exp $
+$NetBSD: distinfo,v 1.5 2002/12/23 21:23:57 jlam Exp $
-SHA1 (Linux-PAM-0.75.tar.gz) = 5151e9f91e69c199988d1397a90d07b0c459896b
-Size (Linux-PAM-0.75.tar.gz) = 874549 bytes
-SHA1 (patch-aa) = 6d10ac69ffead0d4d78adb58081920d68922034a
-SHA1 (patch-ac) = a1816f6d42fdd168c6e689a976cc4d27f72c3d32
-SHA1 (patch-aj) = cd8f889540d8d8794c7ea7d1e252d984509a9ad0
-SHA1 (patch-al) = 3a49be8ca4dcf47e2ba78107455d59c6cfa34889
-SHA1 (patch-an) = fdb8337a06abdfaf020639dec95df68b2a59496a
-SHA1 (patch-ao) = c1fcc3ae3a8d9239dd06a5cf30f5bb52743770de
-SHA1 (patch-ap) = 150bb938c25150a3913520401ec29b6797ede7e8
-SHA1 (patch-ar) = 1f904ee50c7710bd599ee4bed60a8eb5aa90986a
-SHA1 (patch-au) = f339c50f765f8f86a00a6403e276719b035d7745
-SHA1 (patch-av) = d6b89d9d6c434c48fe54e556d150c7ff9ac7288c
-SHA1 (patch-aw) = b4ee852cc4c13b668b5a613668f91c3a6a95b450
-SHA1 (patch-az) = b0caa87c0aeb131c941eeb6a994042ea7742afa4
-SHA1 (patch-ba) = c4dbd3af959222c990f3cd23af2861ec7f3b0701
-SHA1 (patch-bb) = 68e2149c0f1f8186199bfc3690feeb0e3394036c
-SHA1 (patch-bc) = bcb321fa850b17ff7a7dc179c029ab33811cfe56
-SHA1 (patch-bd) = c42a7c8cc3a06648d07e0d1fa5a369e9a8224a75
-SHA1 (patch-be) = 80a993a93e1d786bc3c297227c128de084eba746
-SHA1 (patch-bf) = a5846710b69f36a02b585727abd7ecb22ecc9c81
-SHA1 (patch-bg) = 7f78998a103c344682c8f1d889162a4e219145c1
+SHA1 (Linux-PAM-0.77.tar.gz) = 58dff29aec3c0b6a9e9b53af6fb643056ce0f304
+Size (Linux-PAM-0.77.tar.gz) = 442569 bytes
+SHA1 (patch-aa) = 99f4889c24ff71a9e40e0e913d6071b78a326877
+SHA1 (patch-ab) = c0257ace9538c4cf623a476e602eac30d42301d6
+SHA1 (patch-ac) = 9153b5aa54c68dc07deb6325a9ea03dbc28e1624
+SHA1 (patch-ad) = b3713e7150ecfa5dce47680b03c455317f1596de
+SHA1 (patch-ae) = 7e42fcd8f1d3f621e6a3ff8ea46093a221eb2c6a
+SHA1 (patch-af) = 966d42796a99d38dfa9bbdefb3daf7c48122fc88
+SHA1 (patch-ag) = f7673f80592466e1cdeb22645a620aaa3602903d
+SHA1 (patch-ah) = 30e13e82faa3b8978e28725b7c8cd8577aab8beb
+SHA1 (patch-ai) = 950c9e949c72eaf904452d8afefc0f994101e5a8
+SHA1 (patch-aj) = d47bc58c3dc810497290d6ec4a3646380b5fa4d7
+SHA1 (patch-ak) = 491aa837ee756269d57d642aeba999d1f8cc8187
+SHA1 (patch-al) = 29c9ca136655d49d739d3c4dc664af9f0b1a5fa8
+SHA1 (patch-am) = 9cf69342d0c6665ff6d9eebec35d6c3898854c8a
+SHA1 (patch-an) = 46e85fc6db95eda99ed664e7d4282a49d95437c4
+SHA1 (patch-ao) = da8c42c2afa2c66fee4e8f453970d1a4b3a0f285
+SHA1 (patch-ap) = 0a923b67a909dde6f72129b0c853088f9d48bd91
+SHA1 (patch-aq) = 91587c5b9c6587221708247decb0e82f665ae2bf
+SHA1 (patch-ar) = b7428fcc1f561892510acce57fc91e0dafb044fc
+SHA1 (patch-as) = e4fdfef53c097985c2aa8ff8225fed1caa812c10
diff --git a/security/PAM/patches/patch-aa b/security/PAM/patches/patch-aa
index d5ae2bb418f..dba0b5acc73 100644
--- a/security/PAM/patches/patch-aa
+++ b/security/PAM/patches/patch-aa
@@ -1,29 +1,21 @@
-$NetBSD: patch-aa,v 1.3 2002/01/29 17:10:10 jlam Exp $
+$NetBSD: patch-aa,v 1.4 2002/12/23 21:23:58 jlam Exp $
---- Makefile.orig Sat Jan 20 17:29:47 2001
-+++ Makefile
-@@ -58,20 +58,20 @@
- install: _pam_aconf.h prep
- $(MKDIR) $(FAKEROOT)$(INCLUDED)
- $(INSTALL) -m 444 security/_pam_aconf.h $(FAKEROOT)$(INCLUDED)
-- for x in $(THINGSTOMAKE) ; do make -C $$x install ; done
-+ for x in $(THINGSTOMAKE) ; do $(MAKE) -C $$x install ; done
+--- _pam_aconf.h.in.orig Sun Nov 25 22:04:46 2001
++++ _pam_aconf.h.in
+@@ -28,6 +28,16 @@
+ # include <features.h>
+ #endif /* HAVE_FEATURES_H */
- remove:
- rm -f $(FAKEROOT)$(INCLUDED)/_pam_aconf.h
-- for x in $(THINGSTOMAKE) ; do make -C $$x remove ; done
-+ for x in $(THINGSTOMAKE) ; do $(MAKE) -C $$x remove ; done
++/* we have <utmp.h> */
++#undef HAVE_UTMP_H
++
++/* we have <termios.h> */
++#undef HAVE_TERMIOS_H
++
++/* we have Linux shadow passwords */
++#undef HAVE_SHADOW_H
++#undef HAVE_GETSPNAM
++
+ /* we have libcrack available */
+ #undef HAVE_LIBCRACK
- release:
-- @if [ ! -f Make.Rules ]; then echo make Make.Rules first ; exit 1; fi
-+ @if [ ! -f Make.Rules ]; then echo $(MAKE) Make.Rules first ; exit 1; fi
- @if [ ! -L ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) ]; then \
- echo generating ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) link ; \
- ln -sf $(DISTNAME) ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL) ; \
- echo to ../$(DISTNAME) . ; fi
- @diff ../$(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/Make.Rules Make.Rules
-- make distclean
-+ $(MAKE) distclean
- cd .. ; tar zvfc $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL).tar.gz \
- --exclude CVS --exclude .cvsignore --exclude '.#*' \
- $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/*
diff --git a/security/PAM/patches/patch-ab b/security/PAM/patches/patch-ab
new file mode 100644
index 00000000000..c622a83c854
--- /dev/null
+++ b/security/PAM/patches/patch-ab
@@ -0,0 +1,55 @@
+$NetBSD: patch-ab,v 1.3 2002/12/23 21:23:58 jlam Exp $
+
+--- configure.in.orig Tue Jul 9 02:17:13 2002
++++ configure.in
+@@ -199,7 +199,7 @@ AC_CHECK_LIB(crack, FascistCheck, HAVE_L
+ HAVE_LIBCRACK=no)
+ AC_SUBST(HAVE_LIBCRACK)
+
+-AC_CHECK_LIB(crypt, fcrypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT),
++AC_CHECK_LIB(crypt, crypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT),
+ HAVE_LIBCRYPT=no)
+ AC_SUBST(HAVE_LIBCRYPT)
+ AC_CHECK_LIB(util, logwtmp, HAVE_LIBUTIL=yes ; AC_DEFINE(HAVE_LIBUTIL),
+@@ -240,6 +240,13 @@ AC_CHECK_HEADERS(fcntl.h limits.h malloc
+ dnl Linux wants features.h in some of the source files.
+ AC_CHECK_HEADERS(features.h)
+
++dnl For module/pam_filter
++AC_CHECK_HEADERS(termios.h)
++
++dnl For module/pam_unix
++AC_CHECK_HEADERS(shadow.h)
++AC_CHECK_FUNCS(getspnam)
++
+ dnl For module/pam_cracklib
+ AC_CHECK_HEADERS(crypt.h)
+
+@@ -257,7 +264,7 @@ dnl being found.
+
+ dnl Look for cracklib dictionary
+ AC_MSG_CHECKING(path to cracklib dictionary)
+-DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \
++DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \
+ /usr/local/lib /usr/local/share/lib"
+ DICT_FILE_CANDIDATES="pw_dict cracklib_dict"
+ CRACKLIB_DICTPATH=""
+@@ -305,6 +312,18 @@ if test "$GCC" = yes; then
+ case $OS in
+ linux)
+ OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic"
++ LD_D="gcc -shared -Xlinker -x"
++ WARNINGS="$GCC_WARNINGS"
++ PIC="-fPIC"
++ DYNTYPE=so
++ LD=ld
++ LD_L="$LD -x -shared"
++ RANLIB=ranlib
++ STRIP=strip
++ CC_STATIC="-Xlinker -export-dynamic"
++ ;;
++ netbsd)
++ OS_CFLAGS=""
+ LD_D="gcc -shared -Xlinker -x"
+ WARNINGS="$GCC_WARNINGS"
+ PIC="-fPIC"
diff --git a/security/PAM/patches/patch-ac b/security/PAM/patches/patch-ac
index f90b376e9cc..ec194130fc6 100644
--- a/security/PAM/patches/patch-ac
+++ b/security/PAM/patches/patch-ac
@@ -1,13 +1,222 @@
-$NetBSD: patch-ac,v 1.2 2002/01/29 17:10:10 jlam Exp $
+$NetBSD: patch-ac,v 1.3 2002/12/23 21:23:58 jlam Exp $
---- modules/pam_access/Makefile.orig Mon Jan 28 17:28:23 2002
-+++ modules/pam_access/Makefile
-@@ -14,8 +14,4 @@
- DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\"
- CFLAGS += $(DEFS)
-
--MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)"
--MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE)
--MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age
--
- include ../Simple.Rules
+--- configure.orig Tue Jul 9 02:17:13 2002
++++ configure
+@@ -1507,9 +1507,9 @@ fi
+
+
+
+-echo $ac_n "checking for fcrypt in -lcrypt""... $ac_c" 1>&6
+-echo "configure:1512: checking for fcrypt in -lcrypt" >&5
+-ac_lib_var=`echo crypt'_'fcrypt | sed 'y%./+-%__p_%'`
++echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
++echo "configure:1512: checking for crypt in -lcrypt" >&5
++ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
+ if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+ else
+@@ -1521,10 +1521,10 @@ cat > conftest.$ac_ext <<EOF
+ /* Override any gcc2 internal prototype to avoid an error. */
+ /* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+-char fcrypt();
++char crypt();
+
+ int main() {
+-fcrypt()
++crypt()
+ ; return 0; }
+ EOF
+ if { (eval echo configure:1531: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+@@ -2312,7 +2312,7 @@ fi
+ done
+
+
+-for ac_hdr in crypt.h
++for ac_hdr in termios.h
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+@@ -2353,7 +2353,7 @@ fi
+ done
+
+
+-for ac_hdr in ndbm.h db.h
++for ac_hdr in shadow.h
+ do
+ ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
+ echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
+@@ -2393,6 +2393,143 @@ else
+ fi
+ done
+
++for ac_func in getspnam
++do
++echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
++echo "configure:2400: checking for $ac_func" >&5
++if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
++ echo $ac_n "(cached) $ac_c" 1>&6
++else
++ cat > conftest.$ac_ext <<EOF
++#line 2405 "configure"
++#include "confdefs.h"
++/* System header to define __stub macros and hopefully few prototypes,
++ which can conflict with char $ac_func(); below. */
++#include <assert.h>
++/* Override any gcc2 internal prototype to avoid an error. */
++/* We use char because int might match the return type of a gcc2
++ builtin and then its argument prototype would still apply. */
++char $ac_func();
++
++int main() {
++
++/* The GNU C library defines this for functions which it implements
++ to always fail with ENOSYS. Some functions are actually named
++ something starting with __ and the normal name is an alias. */
++#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
++choke me
++#else
++$ac_func();
++#endif
++
++; return 0; }
++EOF
++if { (eval echo configure:2428: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
++ rm -rf conftest*
++ eval "ac_cv_func_$ac_func=yes"
++else
++ echo "configure: failed program was:" >&5
++ cat conftest.$ac_ext >&5
++ rm -rf conftest*
++ eval "ac_cv_func_$ac_func=no"
++fi
++rm -f conftest*
++fi
++
++if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
++ echo "$ac_t""yes" 1>&6
++ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
++ cat >> confdefs.h <<EOF
++#define $ac_tr_func 1
++EOF
++
++else
++ echo "$ac_t""no" 1>&6
++fi
++done
++
++
++for ac_hdr in crypt.h
++do
++ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
++echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
++echo "configure:2457: checking for $ac_hdr" >&5
++if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
++ echo $ac_n "(cached) $ac_c" 1>&6
++else
++ cat > conftest.$ac_ext <<EOF
++#line 2462 "configure"
++#include "confdefs.h"
++#include <$ac_hdr>
++EOF
++ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
++{ (eval echo configure:2467: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
++if test -z "$ac_err"; then
++ rm -rf conftest*
++ eval "ac_cv_header_$ac_safe=yes"
++else
++ echo "$ac_err" >&5
++ echo "configure: failed program was:" >&5
++ cat conftest.$ac_ext >&5
++ rm -rf conftest*
++ eval "ac_cv_header_$ac_safe=no"
++fi
++rm -f conftest*
++fi
++if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
++ echo "$ac_t""yes" 1>&6
++ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
++ cat >> confdefs.h <<EOF
++#define $ac_tr_hdr 1
++EOF
++
++else
++ echo "$ac_t""no" 1>&6
++fi
++done
++
++
++for ac_hdr in ndbm.h db.h
++do
++ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
++echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
++echo "configure:2498: checking for $ac_hdr" >&5
++if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
++ echo $ac_n "(cached) $ac_c" 1>&6
++else
++ cat > conftest.$ac_ext <<EOF
++#line 2503 "configure"
++#include "confdefs.h"
++#include <$ac_hdr>
++EOF
++ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
++{ (eval echo configure:2508: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
++ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
++if test -z "$ac_err"; then
++ rm -rf conftest*
++ eval "ac_cv_header_$ac_safe=yes"
++else
++ echo "$ac_err" >&5
++ echo "configure: failed program was:" >&5
++ cat conftest.$ac_ext >&5
++ rm -rf conftest*
++ eval "ac_cv_header_$ac_safe=no"
++fi
++rm -f conftest*
++fi
++if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then
++ echo "$ac_t""yes" 1>&6
++ ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
++ cat >> confdefs.h <<EOF
++#define $ac_tr_hdr 1
++EOF
++
++else
++ echo "$ac_t""no" 1>&6
++fi
++done
++
+ HAVE_NDBM_H=$ac_cv_header_ndbm_h
+
+
+@@ -2439,8 +2576,8 @@ done
+
+
+ echo $ac_n "checking path to cracklib dictionary""... $ac_c" 1>&6
+-echo "configure:2443: checking path to cracklib dictionary" >&5
+-DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \
++echo "configure:2580: checking path to cracklib dictionary" >&5
++DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \
+ /usr/local/lib /usr/local/share/lib"
+ DICT_FILE_CANDIDATES="pw_dict cracklib_dict"
+ CRACKLIB_DICTPATH=""
+@@ -2475,6 +2612,18 @@ if test "$GCC" = yes; then
+ case $OS in
+ linux)
+ OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic"
++ LD_D="gcc -shared -Xlinker -x"
++ WARNINGS="$GCC_WARNINGS"
++ PIC="-fPIC"
++ DYNTYPE=so
++ LD=ld
++ LD_L="$LD -x -shared"
++ RANLIB=ranlib
++ STRIP=strip
++ CC_STATIC="-Xlinker -export-dynamic"
++ ;;
++ netbsd)
++ OS_CFLAGS=""
+ LD_D="gcc -shared -Xlinker -x"
+ WARNINGS="$GCC_WARNINGS"
+ PIC="-fPIC"
diff --git a/security/PAM/patches/patch-be b/security/PAM/patches/patch-ad
index f177b68cd37..5e8986285d9 100644
--- a/security/PAM/patches/patch-be
+++ b/security/PAM/patches/patch-ad
@@ -1,8 +1,8 @@
-$NetBSD: patch-be,v 1.1 2002/01/29 17:10:12 jlam Exp $
+$NetBSD: patch-ad,v 1.3 2002/12/23 21:23:58 jlam Exp $
---- libpam/Makefile.orig Mon Jan 28 19:00:46 2002
+--- libpam/Makefile.orig Sun Dec 9 16:44:58 2001
+++ libpam/Makefile
-@@ -125,8 +125,9 @@
+@@ -125,8 +125,9 @@ ifeq ($(DYNAMIC_LIBPAM),yes)
$(INSTALL) -m $(SHLIBMODE) $(LIBPAM) $(FAKEROOT)$(libdir)/$(LIBPAMFULL)
$(LDCONFIG)
ifneq ($(DYNTYPE),"sl")
diff --git a/security/PAM/patches/patch-bf b/security/PAM/patches/patch-ae
index ada9b4f5a2f..f21c9a72d03 100644
--- a/security/PAM/patches/patch-bf
+++ b/security/PAM/patches/patch-ae
@@ -1,8 +1,8 @@
-$NetBSD: patch-bf,v 1.1 2002/01/29 17:10:12 jlam Exp $
+$NetBSD: patch-ae,v 1.3 2002/12/23 21:23:58 jlam Exp $
---- libpam_misc/Makefile.orig Mon Jan 28 19:00:46 2002
+--- libpam_misc/Makefile.orig Thu Jun 27 00:04:54 2002
+++ libpam_misc/Makefile
-@@ -85,7 +85,7 @@
+@@ -86,7 +86,7 @@ ifeq ($(DYNAMIC_LIBPAM),yes)
$(INSTALL) -m $(SHLIBMODE) $(LIBNAMED) $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL)
$(LDCONFIG)
ifneq ($(DYNTYPE),"sl")
diff --git a/security/PAM/patches/patch-bg b/security/PAM/patches/patch-af
index d0300df7d44..2a61cae0783 100644
--- a/security/PAM/patches/patch-bg
+++ b/security/PAM/patches/patch-af
@@ -1,8 +1,8 @@
-$NetBSD: patch-bg,v 1.1 2002/01/29 17:10:13 jlam Exp $
+$NetBSD: patch-af,v 1.3 2002/12/23 21:23:58 jlam Exp $
---- libpamc/Makefile.orig Mon Jan 28 19:00:46 2002
+--- libpamc/Makefile.orig Sat Feb 10 02:17:53 2001
+++ libpamc/Makefile
-@@ -85,7 +85,7 @@
+@@ -85,7 +85,7 @@ ifeq ($(DYNAMIC_LIBPAM),yes)
$(INSTALL) -m $(SHLIBMODE) $(LIBNAMED) $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL)
$(LDCONFIG)
ifneq ($(DYNTYPE),"sl")
diff --git a/security/PAM/patches/patch-ag b/security/PAM/patches/patch-ag
new file mode 100644
index 00000000000..4de2339b78f
--- /dev/null
+++ b/security/PAM/patches/patch-ag
@@ -0,0 +1,19 @@
+$NetBSD: patch-ag,v 1.3 2002/12/23 21:23:58 jlam Exp $
+
+--- modules/Makefile.orig Sun Dec 9 17:15:11 2001
++++ modules/Makefile
+@@ -12,7 +12,7 @@ MODDIRS=$(shell /bin/ls -d pam_*)
+
+ all:
+ @echo building the static modutil library
+- make -C pammodutil all
++ $(MAKE) -C pammodutil all
+ @echo modules sources available are:
+ @ls -d $(MODDIRS) 2>/dev/null ; echo :--------
+ @echo
+@@ -55,4 +55,4 @@ clean: lclean
+ $(MAKE) -C $$i clean ; \
+ } fi ; \
+ done
+- make -C pammodutil clean
++ $(MAKE) -C pammodutil clean
diff --git a/security/PAM/patches/patch-ah b/security/PAM/patches/patch-ah
new file mode 100644
index 00000000000..de584276bd5
--- /dev/null
+++ b/security/PAM/patches/patch-ah
@@ -0,0 +1,22 @@
+$NetBSD: patch-ah,v 1.4 2002/12/23 21:23:59 jlam Exp $
+
+--- modules/Simple.Rules.orig Sun Dec 9 17:15:11 2001
++++ modules/Simple.Rules
+@@ -59,7 +59,7 @@ endif
+
+ ifdef DYNAMIC
+ $(LIBSHARED): $(LIBOBJD)
+- $(LD_D) -o $@ $(LIBOBJD) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C) $(LINK_PAMMODUTILS)
++ $(LD_D) $(LDFLAGS) -o $@ $(LIBOBJD) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C) $(LINK_PAMMODUTILS)
+
+ endif
+
+@@ -69,7 +69,7 @@ endif
+
+ ifdef STATIC
+ $(LIBSTATIC): $(LIBOBJS)
+- $(LD) -r -o $@ $(LIBOBJS) $(MODULE_SIMPLE_EXTRALIBS) $(LINK_PAMMODUTILS)
++ $(LD) $(LDFLAGS) -r -o $@ $(LIBOBJS) $(MODULE_SIMPLE_EXTRALIBS) $(LINK_PAMMODUTILS)
+ endif
+
+ install: all
diff --git a/security/PAM/patches/patch-av b/security/PAM/patches/patch-ai
index 89d19f1c359..bef7f8d3fcf 100644
--- a/security/PAM/patches/patch-av
+++ b/security/PAM/patches/patch-ai
@@ -1,8 +1,8 @@
-$NetBSD: patch-av,v 1.2 2002/01/29 17:10:12 jlam Exp $
+$NetBSD: patch-ai,v 1.3 2002/12/23 21:23:59 jlam Exp $
---- modules/pam_env/Makefile.orig Mon Jan 28 17:28:23 2002
-+++ modules/pam_env/Makefile
-@@ -15,8 +15,4 @@
+--- modules/pam_access/Makefile.orig Sun Nov 19 18:54:03 2000
++++ modules/pam_access/Makefile
+@@ -14,8 +14,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/access.con
DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\"
CFLAGS += $(DEFS)
diff --git a/security/PAM/patches/patch-aj b/security/PAM/patches/patch-aj
index 573b2c75b66..083a122e1fa 100644
--- a/security/PAM/patches/patch-aj
+++ b/security/PAM/patches/patch-aj
@@ -1,86 +1,13 @@
-$NetBSD: patch-aj,v 1.2 2002/01/29 17:10:11 jlam Exp $
+$NetBSD: patch-aj,v 1.3 2002/12/23 21:23:59 jlam Exp $
---- modules/pam_filter/pam_filter.c.orig Sun Nov 19 18:54:03 2000
-+++ modules/pam_filter/pam_filter.c
-@@ -21,7 +21,7 @@
- #include <sys/stat.h>
- #include <sys/socket.h>
- #include <sys/ioctl.h>
--#include <termio.h>
-+#include <termios.h>
-
- #include <signal.h>
-
-@@ -278,7 +278,7 @@
- {
- int status=-1;
- char terminal[TERMINAL_LEN];
-- struct termio stored_mode; /* initial terminal mode settings */
-+ struct termios stored_mode; /* initial terminal mode settings */
- int fd[2], child=0, child2=0, aterminal;
-
- if (filtername == NULL || *filtername != '/') {
-@@ -305,28 +305,32 @@
- /* set terminal into raw mode.. remember old mode so that we can
- revert to it after the child has quit. */
-
-- /* this is termio terminal handling... */
-+ /* this is termios terminal handling... */
-
-- if (ioctl(STDIN_FILENO, TCGETA, (char *) &stored_mode ) < 0) {
-+ if (tcgetattr(STDIN_FILENO, &stored_mode ) < 0) {
- /* in trouble, so close down */
- close(fd[0]);
- _pam_log(LOG_CRIT, "couldn't copy terminal mode");
- return PAM_ABORT;
- } else {
-- struct termio t_mode = stored_mode;
-+ struct termios t_mode = stored_mode;
-
- t_mode.c_iflag = 0; /* no input control */
- t_mode.c_oflag &= ~OPOST; /* no ouput post processing */
-
- /* no signals, canonical input, echoing, upper/lower output */
-+#ifdef XCASE
- t_mode.c_lflag &= ~(ISIG|ICANON|ECHO|XCASE);
-+#else
-+ t_mode.c_lflag &= ~(ISIG|ICANON|ECHO);
-+#endif
- t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */
- t_mode.c_cflag |= CS8; /* 8 bit chars */
-
- t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */
- t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */
-
-- if (ioctl(STDIN_FILENO, TCSETA, (char *) &t_mode) < 0) {
-+ if (tcsetattr(STDIN_FILENO, TCSANOW, &t_mode) < 0) {
- close(fd[0]);
- _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode");
- return PAM_ABORT;
-@@ -356,7 +360,7 @@
-
- _pam_log(LOG_WARNING,"first fork failed");
- if (aterminal) {
-- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode);
-+ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode);
- }
-
- return PAM_AUTH_ERR;
-@@ -398,7 +402,7 @@
- /* initialize the child's terminal to be the way the
- parent's was before we set it into RAW mode */
-
-- if (ioctl(fd[1], TCSETA, (char *) &stored_mode) < 0) {
-+ if (tcsetattr(fd[1], TCSANOW, &stored_mode) < 0) {
- _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s"
- ,terminal);
- close(fd[1]);
-@@ -572,7 +576,7 @@
-
- if (aterminal) {
- /* reset to initial terminal mode */
-- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode);
-+ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode);
- }
-
- if (ctrl & FILTER_DEBUG) {
+--- modules/pam_env/Makefile.orig Sun Nov 19 18:54:03 2000
++++ modules/pam_env/Makefile
+@@ -15,8 +15,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/pam_env.co
+ DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\"
+ CFLAGS += $(DEFS)
+
+-MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)"
+-MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE)
+-MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age
+-
+ include ../Simple.Rules
diff --git a/security/PAM/patches/patch-ak b/security/PAM/patches/patch-ak
new file mode 100644
index 00000000000..3c2b40bb254
--- /dev/null
+++ b/security/PAM/patches/patch-ak
@@ -0,0 +1,90 @@
+$NetBSD: patch-ak,v 1.3 2002/12/23 21:23:59 jlam Exp $
+
+--- modules/pam_filter/pam_filter.c.orig Sun Nov 11 02:43:54 2001
++++ modules/pam_filter/pam_filter.c
+@@ -21,7 +21,17 @@
+ #include <sys/stat.h>
+ #include <sys/socket.h>
+ #include <sys/ioctl.h>
++#ifdef HAVE_TERMIOS_H
++#include <termios.h>
++#define STRUCT_TERMIO struct termios
++#define TCGETATTR(fd, p_termio) tcgetattr(fd, p_termio)
++#define TCSETATTR(fd, p_termio) tcsetattr(fd, TCSANOW, p_termio)
++#else
+ #include <termio.h>
++#define STRUCT_TERMIO struct termio
++#define TCGETATTR(fd, p_termio) ioctl(fd, TCGETA, (char *) p_termio)
++#define TCSETATTR(fd, p_termio) ioctl(fd, TCSETA, (char *) p_termio)
++#endif
+
+ #include <signal.h>
+
+@@ -278,7 +288,7 @@ static int set_filter(pam_handle_t *pamh
+ {
+ int status=-1;
+ char terminal[TERMINAL_LEN];
+- struct termio stored_mode; /* initial terminal mode settings */
++ STRUCT_TERMIO stored_mode; /* initial terminal mode settings */
+ int fd[2], child=0, child2=0, aterminal;
+
+ if (filtername == NULL || *filtername != '/') {
+@@ -307,17 +317,20 @@ static int set_filter(pam_handle_t *pamh
+
+ /* this is termio terminal handling... */
+
+- if (ioctl(STDIN_FILENO, TCGETA, (char *) &stored_mode ) < 0) {
++ if (TCGETATTR(STDIN_FILENO, &stored_mode ) < 0) {
+ /* in trouble, so close down */
+ close(fd[0]);
+ _pam_log(LOG_CRIT, "couldn't copy terminal mode");
+ return PAM_ABORT;
+ } else {
+- struct termio t_mode = stored_mode;
++ STRUCT_TERMIO t_mode = stored_mode;
+
+ t_mode.c_iflag = 0; /* no input control */
+ t_mode.c_oflag &= ~OPOST; /* no ouput post processing */
+
++#ifndef XCASE
++#define XCASE 0
++#endif
+ /* no signals, canonical input, echoing, upper/lower output */
+ t_mode.c_lflag &= ~(ISIG|ICANON|ECHO|XCASE);
+ t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */
+@@ -326,7 +339,7 @@ static int set_filter(pam_handle_t *pamh
+ t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */
+ t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */
+
+- if (ioctl(STDIN_FILENO, TCSETA, (char *) &t_mode) < 0) {
++ if (TCSETATTR(STDIN_FILENO, &t_mode) < 0) {
+ close(fd[0]);
+ _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode");
+ return PAM_ABORT;
+@@ -356,7 +369,7 @@ static int set_filter(pam_handle_t *pamh
+
+ _pam_log(LOG_WARNING,"first fork failed");
+ if (aterminal) {
+- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode);
++ (void) TCSETATTR(STDIN_FILENO, &stored_mode);
+ }
+
+ return PAM_AUTH_ERR;
+@@ -398,7 +411,7 @@ static int set_filter(pam_handle_t *pamh
+ /* initialize the child's terminal to be the way the
+ parent's was before we set it into RAW mode */
+
+- if (ioctl(fd[1], TCSETA, (char *) &stored_mode) < 0) {
++ if (TCSETATTR(fd[1], &stored_mode) < 0) {
+ _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s"
+ ,terminal);
+ close(fd[1]);
+@@ -572,7 +585,7 @@ static int set_filter(pam_handle_t *pamh
+
+ if (aterminal) {
+ /* reset to initial terminal mode */
+- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode);
++ (void) TCSETATTR(STDIN_FILENO, &stored_mode);
+ }
+
+ if (ctrl & FILTER_DEBUG) {
diff --git a/security/PAM/patches/patch-al b/security/PAM/patches/patch-al
index ab79d039881..917f0ba6c47 100644
--- a/security/PAM/patches/patch-al
+++ b/security/PAM/patches/patch-al
@@ -1,37 +1,13 @@
-$NetBSD: patch-al,v 1.2 2002/01/29 17:10:11 jlam Exp $
+$NetBSD: patch-al,v 1.3 2002/12/23 21:23:59 jlam Exp $
---- modules/pam_issue/pam_issue.c.orig Wed Feb 21 23:49:45 2001
-+++ modules/pam_issue/pam_issue.c
-@@ -21,6 +21,7 @@
- #include <stdio.h>
- #include <stdlib.h>
- #include <sys/types.h>
-+#include <sys/param.h>
- #include <sys/stat.h>
- #include <time.h>
- #include <fcntl.h>
-@@ -215,12 +216,24 @@
- case 'U':
- {
- int users = 0;
-+#if (defined(BSD) && BSD >= 199306)
-+ struct utmp ut;
-+ FILE *uf;
-+
-+ if ((uf == fopen(_PATH_UTMP, "r")) != NULL) {
-+ while (fread(&ut, sizeof(ut), 1, uf) > 0)
-+ if (ut.ut_name[0] != '\0')
-+ ++users;
-+ (void) fclose(uf);
-+ }
-+#else
- struct utmp *ut;
- setutent();
- while ((ut = getutent()))
- if (ut->ut_type == USER_PROCESS)
- users++;
- endutent();
-+#endif
- printf ("%d ", users);
- if (c == 'U')
- snprintf (buf, 1024, "%s", (users == 1) ?
+--- modules/pam_group/Makefile.orig Sun Nov 19 18:54:04 2000
++++ modules/pam_group/Makefile
+@@ -14,8 +14,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/group.conf
+ DEFS=-DDEFAULT_CONF_FILE=\"$(CONFILE)\"
+ CFLAGS += $(DEFS)
+
+-MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)"
+-MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE)
+-MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age
+-
+ include ../Simple.Rules
diff --git a/security/PAM/patches/patch-am b/security/PAM/patches/patch-am
new file mode 100644
index 00000000000..2fb8cbf285a
--- /dev/null
+++ b/security/PAM/patches/patch-am
@@ -0,0 +1,37 @@
+$NetBSD: patch-am,v 1.4 2002/12/23 21:23:59 jlam Exp $
+
+--- modules/pam_issue/pam_issue.c.orig Sun Nov 11 21:23:29 2001
++++ modules/pam_issue/pam_issue.c
+@@ -21,6 +21,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <sys/types.h>
++#include <sys/param.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <string.h>
+@@ -244,12 +245,24 @@ char *do_prompt(FILE *fd)
+ case 'U':
+ {
+ int users = 0;
++#if (defined(BSD) && BSD >= 199306)
++ struct utmp ut;
++ FILE *uf;
++
++ if ((uf == fopen(_PATH_UTMP, "r")) != NULL) {
++ while (fread(&ut, sizeof(ut), 1, uf) > 0)
++ if (ut.ut_name[0] != '\0')
++ ++users;
++ (void) fclose(uf);
++ }
++#else
+ struct utmp *ut;
+ setutent();
+ while ((ut = getutent()))
+ if (ut->ut_type == USER_PROCESS)
+ users++;
+ endutent();
++#endif
+ printf ("%d ", users);
+ if (c == 'U')
+ snprintf (buf, 1024, "%s", (users == 1) ?
diff --git a/security/PAM/patches/patch-an b/security/PAM/patches/patch-an
index 9720f36dfe0..95110d429cd 100644
--- a/security/PAM/patches/patch-an
+++ b/security/PAM/patches/patch-an
@@ -1,89 +1,12 @@
-$NetBSD: patch-an,v 1.2 2002/01/29 17:10:11 jlam Exp $
+$NetBSD: patch-an,v 1.3 2002/12/23 21:23:59 jlam Exp $
---- modules/pam_unix/pam_unix_acct.c.orig Wed Dec 20 00:15:05 2000
-+++ modules/pam_unix/pam_unix_acct.c
-@@ -41,9 +41,12 @@
- #include <string.h>
+--- modules/pam_mkhomedir/pam_mkhomedir.c.orig Fri Feb 8 00:20:17 2002
++++ modules/pam_mkhomedir/pam_mkhomedir.c
+@@ -34,6 +34,7 @@
+ #include <sys/stat.h>
+ #include <fcntl.h>
#include <unistd.h>
- #include <sys/types.h>
-+#include <sys/param.h>
- #include <syslog.h>
++#include <limits.h>
#include <pwd.h>
-+#ifndef BSD
- #include <shadow.h>
-+#endif
- #include <time.h> /* for time() */
-
- #include <security/_pam_macros.h>
-@@ -72,7 +75,7 @@
- const char *uname;
- int retval, daysleft;
- time_t curdays;
-- struct spwd *spent;
-+ struct spwd *spent = NULL;
- struct passwd *pwent;
- char buf[80];
-
-@@ -113,6 +116,9 @@
- return PAM_CRED_INSUFFICIENT;
- }
- }
-+#ifdef BSD
-+ spent = NULL;
-+#else
- spent = getspnam( uname );
- if (save_uid == pwent->pw_uid)
- setreuid( save_uid, save_euid );
-@@ -121,16 +127,42 @@
- setreuid( save_uid, -1 );
- setreuid( -1, save_euid );
- }
--
-+#endif
- } else if (!strcmp( pwent->pw_passwd, "x" )) {
-+#ifdef BSD
-+ spent = NULL;
-+#else
- spent = getspnam(uname);
-+#endif
- } else {
-+#if (defined(BSD) && BSD >= 199306)
-+ time_t now = time(NULL);
-+ if (now > pwent->pw_expire) {
-+ _log_err(LOG_NOTICE
-+ ,"account %s has expired (account expired)"
-+ ,uname);
-+ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
-+ "Your account has expired; please contact your system administrator");
-+ D(("account expired"));
-+ return PAM_ACCT_EXPIRED;
-+ }
-+ else if (now + _PASSWORD_WARNDAYS * 86400 > pwent->pw_expire) {
-+ daysleft = (pwent->pw_expire - now) / 86400;
-+ _log_err(LOG_DEBUG
-+ ,"password for user %s will expire in %d days"
-+ ,uname, daysleft);
-+ snprintf(buf, 80, "Warning: your password will expire in %d day%.2s",
-+ daysleft, daysleft == 1 ? "" : "s");
-+ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
-+ }
-+#endif
- return PAM_SUCCESS;
- }
-
- if (!spent)
- return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */
-
-+#ifndef BSD
- curdays = time(NULL) / (60 * 60 * 24);
- D(("today is %d, last change %d", curdays, spent->sp_lstchg));
- if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)
-@@ -183,7 +215,7 @@
- daysleft, daysleft == 1 ? "" : "s");
- _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
- }
--
-+#endif
- D(("all done"));
-
- return PAM_SUCCESS;
+ #include <stdlib.h>
+ #include <stdio.h>
diff --git a/security/PAM/patches/patch-ao b/security/PAM/patches/patch-ao
index 0771ddd3b6e..82cc4027224 100644
--- a/security/PAM/patches/patch-ao
+++ b/security/PAM/patches/patch-ao
@@ -1,100 +1,13 @@
-$NetBSD: patch-ao,v 1.2 2002/01/29 17:10:11 jlam Exp $
+$NetBSD: patch-ao,v 1.3 2002/12/23 21:23:59 jlam Exp $
---- modules/pam_unix/pam_unix_passwd.c.orig Sun Feb 11 01:33:53 2001
-+++ modules/pam_unix/pam_unix_passwd.c
-@@ -47,7 +47,10 @@
- #include <sys/types.h>
- #include <pwd.h>
- #include <syslog.h>
-+#include <sys/param.h>
-+#ifndef BSD
- #include <shadow.h>
-+#endif
- #include <time.h> /* for time() */
- #include <fcntl.h>
- #include <ctype.h>
-@@ -77,7 +80,7 @@
- #include "md5.h"
- #include "support.h"
-
--#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
-+#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
- extern int getrpcport(const char *host, unsigned long prognum,
- unsigned long versnum, unsigned int proto);
- #endif /* GNU libc 2.1 */
-@@ -330,6 +333,9 @@
-
- static int _update_passwd(const char *forwho, const char *towhat)
- {
-+#ifdef BSD
-+ return PAM_AUTHTOK_ERR;
-+#else
- struct passwd *tmpent = NULL;
- FILE *pwfile, *opwfile;
- int retval = 0;
-@@ -372,10 +378,14 @@
- unlink(PW_TMPFILE);
-
- return retval;
-+#endif
- }
-
- static int _update_shadow(const char *forwho, char *towhat)
- {
-+#ifdef BSD
-+ return PAM_AUTHTOK_ERR;
-+#else
- struct spwd *spwdent = NULL, *stmpent = NULL;
- FILE *pwfile, *opwfile;
- int retval = 0;
-@@ -424,6 +434,7 @@
- unlink(SH_TMPFILE);
-
- return retval;
-+#endif
- }
-
- static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
-@@ -531,15 +542,18 @@
- return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */
-
- if (strcmp(pwd->pw_passwd, "x") == 0) {
-+#ifndef BSD
- /* ...and shadow password file entry for this user, if shadowing
- is enabled */
- setspent();
- spwdent = getspnam(user);
- endspent();
-+#endif
-
- if (spwdent == NULL)
- return PAM_AUTHINFO_UNAVAIL;
- } else {
-+#ifndef BSD
- if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */
- uid_t save_uid;
-
-@@ -552,8 +566,15 @@
- return PAM_AUTHINFO_UNAVAIL;
- } else
- spwdent = NULL;
-+#endif
- }
-
-+#ifdef BSD
-+ if (off(UNIX__IAMROOT, ctrl)) {
-+ if (time(NULL) > pwd->pw_expire)
-+ retval = PAM_ACCT_EXPIRED;
-+ }
-+#else
- if (spwdent != NULL) {
- /* We have the user's information, now let's check if their account
- has expired (60 * 60 * 24 = number of seconds in a day) */
-@@ -579,6 +600,7 @@
- retval = PAM_ACCT_EXPIRED;
- }
- }
-+#endif
- return retval;
- }
-
+--- modules/pam_time/Makefile.orig Sun Nov 19 18:54:05 2000
++++ modules/pam_time/Makefile
+@@ -14,8 +14,4 @@ INSTALLED_CONFILE=$(SCONFIGD)/time.conf
+ DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\"
+ CFLAGS += $(DEFS)
+
+-MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)"
+-MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE)
+-MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age
+-
+ include ../Simple.Rules
diff --git a/security/PAM/patches/patch-ap b/security/PAM/patches/patch-ap
index aa5d3f25ba0..2984b120b4f 100644
--- a/security/PAM/patches/patch-ap
+++ b/security/PAM/patches/patch-ap
@@ -1,74 +1,141 @@
-$NetBSD: patch-ap,v 1.2 2002/01/29 17:10:11 jlam Exp $
+$NetBSD: patch-ap,v 1.3 2002/12/23 21:23:59 jlam Exp $
---- modules/pam_unix/support.c.orig Sun Feb 11 01:33:53 2001
-+++ modules/pam_unix/support.c
-@@ -12,7 +12,10 @@
- #include <string.h>
- #include <malloc.h>
+--- modules/pam_unix/pam_unix_acct.c.orig Wed Dec 20 00:15:05 2000
++++ modules/pam_unix/pam_unix_acct.c
+@@ -43,7 +43,9 @@
+ #include <sys/types.h>
+ #include <syslog.h>
#include <pwd.h>
-+#include <sys/param.h>
-+#ifndef BSD
++#ifdef HAVE_SHADOW_H
#include <shadow.h>
+#endif
- #include <limits.h>
- #include <utmp.h>
+ #include <time.h> /* for time() */
-@@ -111,6 +114,9 @@
- */
- char *PAM_getlogin(void)
- {
-+#ifdef BSD
-+ return getlogin();
-+#else
- struct utmp *ut, line;
- char *curr_tty, *retval;
- static char curr_user[sizeof(ut->ut_user) + 4];
-@@ -132,6 +138,7 @@
- D(("PAM_getlogin retval: %s", retval));
-
- return retval;
+ #include <security/_pam_macros.h>
+@@ -71,8 +73,10 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+ unsigned int ctrl;
+ const char *uname;
+ int retval, daysleft;
+- time_t curdays;
++ time_t now, curdays;
++#ifdef HAVE_GETSPNAM
+ struct spwd *spent;
+#endif
- }
+ struct passwd *pwent;
+ char buf[80];
- /*
-@@ -330,6 +337,7 @@
- pwd = getpwnam(name); /* Get password file entry... */
+@@ -113,7 +117,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+ return PAM_CRED_INSUFFICIENT;
+ }
+ }
++#ifdef HAVE_GETSPNAM
+ spent = getspnam( uname );
++#endif
+ if (save_uid == pwent->pw_uid)
+ setreuid( save_uid, save_euid );
+ else {
+@@ -123,15 +129,21 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+ }
- if (pwd != NULL) {
-+#ifndef BSD
- if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
- { /* NIS+ */
- uid_t save_euid, save_uid;
-@@ -367,6 +375,7 @@
- if (spwdent)
- salt = x_strdup(spwdent->sp_pwdp);
- else
+ } else if (!strcmp( pwent->pw_passwd, "x" )) {
++#ifdef HAVE_GETSPNAM
+ spent = getspnam(uname);
+#endif
- salt = x_strdup(pwd->pw_passwd);
+ } else {
+ return PAM_SUCCESS;
}
- /* Does this user have a password? */
-@@ -481,6 +490,7 @@
- pwd = getpwnam(name); /* Get password file entry... */
- if (pwd != NULL) {
-+#ifndef BSD
- if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
- { /* NIS+ */
- uid_t save_euid, save_uid;
-@@ -498,7 +508,7 @@
- return PAM_CRED_INSUFFICIENT;
- }
- }
--
++#ifdef HAVE_GETSPNAM
+ if (!spent)
+ return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */
++#endif
+
+- curdays = time(NULL) / (60 * 60 * 24);
++ now = time(NULL);
++ curdays = now / (60 * 60 * 24);
++#ifdef HAVE_GETSPNAM
+ D(("today is %d, last change %d", curdays, spent->sp_lstchg));
+ if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)
+ && (spent->sp_lstchg != 0)) {
+@@ -143,6 +155,29 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+ D(("account expired"));
+ return PAM_ACCT_EXPIRED;
+ }
++#else
++ if ((now > pwent->pw_expire) && (pwent->pw_expire != 0)) {
++ _log_err(LOG_NOTICE, pamh
++ ,"account %s has expired (account expired)"
++ ,uname);
++ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
++ "Your account has expired; please contact your system administrator");
++ D(("account expired"));
++ return PAM_ACCT_EXPIRED;
++ }
++ if ((now + _PASSWORD_WARNDAYS * 60 * 60 * 24 > pwent->pw_expire)
++ && (pwent->pw_expire != 0)) {
++ daysleft = (pwent->pw_expire - now) / (60 * 60 * 24);
++ _log_err(LOG_DEBUG, pamh
++ ,"account for user %s will expire in %d days"
++ ,uname, daysleft);
++ snprintf(buf, 80, "Warning: your account will expire in %d day%.2s",
++ daysleft, daysleft == 1 ? "" : "s");
++ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
++ }
++#endif
+
- spwdent = getspnam( name );
- if (save_uid == pwd->pw_uid)
- setreuid( save_uid, save_euid );
-@@ -517,6 +527,7 @@
- if (spwdent)
- salt = x_strdup(spwdent->sp_pwdp);
- else
++#ifdef HAVE_GETSPNAM
+ if ((curdays > (spent->sp_lstchg + spent->sp_max + spent->sp_inact))
+ && (spent->sp_max != -1) && (spent->sp_inact != -1)
+ && (spent->sp_lstchg != 0)) {
+@@ -154,7 +189,9 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+ D(("account expired 2"));
+ return PAM_ACCT_EXPIRED;
+ }
+#endif
- salt = x_strdup(pwd->pw_passwd);
+ D(("when was the last change"));
++#ifdef HAVE_GETSPNAM
+ if (spent->sp_lstchg == 0) {
+ _log_err(LOG_NOTICE, pamh
+ ,"expired password for user %s (root enforced)"
+@@ -173,6 +210,19 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+ D(("need a new password 2"));
+ return PAM_NEW_AUTHTOK_REQD;
+ }
++#else
++ if (pwent->pw_change == -1) {
++ _log_err(LOG_NOTICE, pamh
++ ,"expired password for user %s (root enforced)"
++ ,uname);
++ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
++ "You are required to change your password immediately (root enforced)");
++ D(("need a new password"));
++ return PAM_NEW_AUTHTOK_REQD;
++ }
++#endif
++
++#ifdef HAVE_GETSPNAM
+ if ((curdays > (spent->sp_lstchg + spent->sp_max - spent->sp_warn))
+ && (spent->sp_max != -1) && (spent->sp_warn != -1)) {
+ daysleft = (spent->sp_lstchg + spent->sp_max) - curdays;
+@@ -183,6 +233,21 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_hand
+ daysleft, daysleft == 1 ? "" : "s");
+ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
}
++#else
++#ifndef _PASSWORD_WARNDAYS
++#define _PASSWORD_WARNDAYS 14
++#endif
++ if ((now + _PASSWORD_WARNDAYS * 60 * 60 * 24 > pwent->pw_change)
++ && (pwent->pw_change != 0) && (pwent->pw_change != -1)) {
++ daysleft = (pwent->pw_change - now) / (60 * 60 * 24);
++ _log_err(LOG_DEBUG, pamh
++ ,"password for user %s will expire in %d days"
++ ,uname, daysleft);
++ snprintf(buf, 80, "Warning: your password will expire in %d day%.2s",
++ daysleft, daysleft == 1 ? "" : "s");
++ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf);
++ }
++#endif
+
+ D(("all done"));
diff --git a/security/PAM/patches/patch-aq b/security/PAM/patches/patch-aq
new file mode 100644
index 00000000000..67d202130ae
--- /dev/null
+++ b/security/PAM/patches/patch-aq
@@ -0,0 +1,81 @@
+$NetBSD: patch-aq,v 1.4 2002/12/23 21:23:59 jlam Exp $
+
+--- modules/pam_unix/pam_unix_passwd.c.orig Tue Jul 9 00:44:18 2002
++++ modules/pam_unix/pam_unix_passwd.c
+@@ -47,7 +47,10 @@
+ #include <sys/types.h>
+ #include <pwd.h>
+ #include <syslog.h>
++#include <sys/param.h>
++#ifdef HAVE_SHADOW_H
+ #include <shadow.h>
++#endif
+ #include <time.h> /* for time() */
+ #include <fcntl.h>
+ #include <ctype.h>
+@@ -77,7 +80,7 @@
+ #include "md5.h"
+ #include "support.h"
+
+-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
++#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1))
+ extern int getrpcport(const char *host, unsigned long prognum,
+ unsigned long versnum, unsigned int proto);
+ #endif /* GNU libc 2.1 */
+@@ -346,6 +349,7 @@ static int save_old_password(const char
+ static int _update_passwd(pam_handle_t *pamh,
+ const char *forwho, const char *towhat)
+ {
++#ifdef HAVE_SHADOW_H
+ struct passwd *tmpent = NULL;
+ FILE *pwfile, *opwfile;
+ int err = 1;
+@@ -401,10 +405,14 @@ static int _update_passwd(pam_handle_t *
+ unlink(PW_TMPFILE);
+ return PAM_AUTHTOK_ERR;
+ }
++#else
++ return PAM_AUTHTOK_ERR;
++#endif
+ }
+
+ static int _update_shadow(const char *forwho, char *towhat)
+ {
++#ifdef HAVE_GETSPNAM
+ struct spwd *spwdent = NULL, *stmpent = NULL;
+ FILE *pwfile, *opwfile;
+ int err = 1;
+@@ -461,6 +469,9 @@ static int _update_shadow(const char *fo
+ unlink(SH_TMPFILE);
+ return PAM_AUTHTOK_ERR;
+ }
++#else
++ return PAM_AUTHTOK_ERR;
++#endif
+ }
+
+ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
+@@ -569,6 +580,7 @@ static int _unix_verify_shadow(const cha
+ if (pwd == NULL)
+ return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */
+
++#ifdef HAVE_GETSPNAM
+ if (strcmp(pwd->pw_passwd, "x") == 0) {
+ /* ...and shadow password file entry for this user, if shadowing
+ is enabled */
+@@ -619,6 +631,15 @@ static int _unix_verify_shadow(const cha
+ }
+ }
+ return retval;
++#else
++ if (strcmp(pwd->pw_passwd, "x") == 0)
++ return PAM_AUTHINFO_UNAVAIL;
++
++ if (off(UNIX__IAMROOT, ctrl)) {
++ if (time(NULL) > pwd->pw_expire)
++ return PAM_ACCT_EXPIRED;
++ }
++#endif
+ }
+
+ static int _pam_unix_approve_pass(pam_handle_t * pamh
diff --git a/security/PAM/patches/patch-ar b/security/PAM/patches/patch-ar
index 5daeda92eb0..a891f0bcf8d 100644
--- a/security/PAM/patches/patch-ar
+++ b/security/PAM/patches/patch-ar
@@ -1,34 +1,79 @@
-$NetBSD: patch-ar,v 1.2 2002/01/29 17:10:11 jlam Exp $
+$NetBSD: patch-ar,v 1.3 2002/12/23 21:24:00 jlam Exp $
---- modules/pam_unix/unix_chkpwd.c.orig Sun Feb 11 01:33:53 2001
-+++ modules/pam_unix/unix_chkpwd.c
-@@ -22,8 +22,11 @@
- #include <syslog.h>
+--- modules/pam_unix/support.c.orig Mon Sep 23 13:33:22 2002
++++ modules/pam_unix/support.c
+@@ -6,13 +6,17 @@
+
+ #define _BSD_SOURCE
+
++#include <security/_pam_aconf.h>
++
+ #include <stdlib.h>
#include <unistd.h>
- #include <sys/types.h>
-+#include <sys/param.h>
+ #include <stdarg.h>
+ #include <string.h>
+ #include <malloc.h>
#include <pwd.h>
-+#ifndef BSD
++#ifdef HAVE_SHADOW_H
#include <shadow.h>
+#endif
- #include <signal.h>
+ #include <limits.h>
+ #include <utmp.h>
+ #include <errno.h>
+@@ -113,6 +117,12 @@ int _make_remark(pam_handle_t * pamh, un
+ */
+ char *PAM_getlogin(void)
+ {
++#ifdef USE_GETLOGIN
++ char *retval = NULL;
++ retval = getlogin();
++ D(("PAM_getlogin retval: %s", retval));
++ return retval;
++#else
+ struct utmp *ut, line;
+ char *curr_tty, *retval;
+ static char curr_user[sizeof(ut->ut_user) + 4];
+@@ -135,6 +145,7 @@ char *PAM_getlogin(void)
+ D(("PAM_getlogin retval: %s", retval));
+
+ return retval;
++#endif
+ }
+
+ /*
+@@ -358,6 +369,7 @@ int _unix_blankpasswd(unsigned int ctrl,
+ #endif
- #define MAXPASS 200 /* the maximum length of a password */
-@@ -94,6 +97,9 @@
- pwd = getpwnam(name); /* Get password file entry... */
- endpwent();
if (pwd != NULL) {
-+#ifdef BSD
++#ifdef HAVE_GETSPNAM
+ if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
+ { /* NIS+ */
+ uid_t save_euid, save_uid;
+@@ -400,6 +412,9 @@ int _unix_blankpasswd(unsigned int ctrl,
+ salt = x_strdup(spwdent->sp_pwdp);
+ else
+ salt = x_strdup(pwd->pw_passwd);
++#else
+ salt = x_strdup(pwd->pw_passwd);
++#endif
+ }
+ /* Does this user have a password? */
+ if (salt == NULL) {
+@@ -535,6 +550,7 @@ int _unix_verify_password(pam_handle_t *
+ pwd = getpwnam(name); /* Get password file entry... */
+
+ if (pwd != NULL) {
++#ifdef GETSPNAM
+ if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
+ { /* NIS+ */
+ uid_t save_euid, save_uid;
+@@ -572,6 +588,9 @@ int _unix_verify_password(pam_handle_t *
+ salt = x_strdup(spwdent->sp_pwdp);
+ else
+ salt = x_strdup(pwd->pw_passwd);
+#else
- if (strcmp(pwd->pw_passwd, "x") == 0) {
- /*
- * ...and shadow password file entry for this user,
-@@ -120,6 +126,7 @@
- salt = x_strdup(pwd->pw_passwd);
- }
- }
++ salt = x_strdup(pwd->pw_passwd);
+#endif
}
- if (pwd == NULL || salt == NULL) {
- _log_err(LOG_ALERT, "check pass; user unknown");
+
+ data_name = (char *) malloc(sizeof(FAIL_PREFIX) + strlen(name));
diff --git a/security/PAM/patches/patch-as b/security/PAM/patches/patch-as
new file mode 100644
index 00000000000..2af7b25fe24
--- /dev/null
+++ b/security/PAM/patches/patch-as
@@ -0,0 +1,32 @@
+$NetBSD: patch-as,v 1.3 2002/12/23 21:24:00 jlam Exp $
+
+--- modules/pam_unix/unix_chkpwd.c.orig Mon Sep 23 13:33:22 2002
++++ modules/pam_unix/unix_chkpwd.c
+@@ -29,7 +29,9 @@
+ #include <unistd.h>
+ #include <sys/types.h>
+ #include <pwd.h>
++#ifdef HAVE_SHADOW_H
+ #include <shadow.h>
++#endif
+ #include <signal.h>
+
+ #define MAXPASS 200 /* the maximum length of a password */
+@@ -101,6 +103,7 @@ static int _unix_verify_password(const c
+ pwd = getpwnam(name); /* Get password file entry... */
+ endpwent();
+ if (pwd != NULL) {
++#ifdef HAVE_GETSPNAM
+ if (strcmp(pwd->pw_passwd, "x") == 0) {
+ /*
+ * ...and shadow password file entry for this user,
+@@ -127,6 +130,9 @@ static int _unix_verify_password(const c
+ salt = x_strdup(pwd->pw_passwd);
+ }
+ }
++#else
++ salt = x_strdup(pwd->pw_passwd);
++#endif
+ }
+ if (pwd == NULL || salt == NULL) {
+ _log_err(LOG_ALERT, "check pass; user unknown");
diff --git a/security/PAM/patches/patch-au b/security/PAM/patches/patch-au
deleted file mode 100644
index 8a2f5fc81e9..00000000000
--- a/security/PAM/patches/patch-au
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-au,v 1.2 2002/01/29 17:10:12 jlam Exp $
-
---- modules/pam_userdb/Makefile.orig Sat Feb 17 22:03:31 2001
-+++ modules/pam_userdb/Makefile
-@@ -12,7 +12,9 @@
-
- ifeq ($(HAVE_NDBM_H),yes)
- WHICH_DB=ndbm
-+ifeq ($(HAVE_LIBNDBM),yes)
- MODULE_SIMPLE_EXTRALIBS = -lndbm
-+endif
- else
- ifeq ($(HAVE_LIBDB),yes)
- WHICH_DB=db
diff --git a/security/PAM/patches/patch-aw b/security/PAM/patches/patch-aw
deleted file mode 100644
index a0686af4373..00000000000
--- a/security/PAM/patches/patch-aw
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-aw,v 1.2 2002/01/29 17:10:12 jlam Exp $
-
---- modules/pam_group/Makefile.orig Mon Jan 28 17:28:23 2002
-+++ modules/pam_group/Makefile
-@@ -14,8 +14,4 @@
- DEFS=-DDEFAULT_CONF_FILE=\"$(CONFILE)\"
- CFLAGS += $(DEFS)
-
--MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)"
--MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE)
--MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age
--
- include ../Simple.Rules
diff --git a/security/PAM/patches/patch-az b/security/PAM/patches/patch-az
deleted file mode 100644
index b979b886f0b..00000000000
--- a/security/PAM/patches/patch-az
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-az,v 1.2 2002/01/29 17:10:12 jlam Exp $
-
---- modules/pam_time/Makefile.orig Mon Jan 28 17:28:23 2002
-+++ modules/pam_time/Makefile
-@@ -14,8 +14,4 @@
- DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\"
- CFLAGS += $(DEFS)
-
--MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)"
--MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE)
--MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age
--
- include ../Simple.Rules
diff --git a/security/PAM/patches/patch-ba b/security/PAM/patches/patch-ba
deleted file mode 100644
index 31c8fdca516..00000000000
--- a/security/PAM/patches/patch-ba
+++ /dev/null
@@ -1,53 +0,0 @@
-$NetBSD: patch-ba,v 1.1 2002/01/29 17:10:12 jlam Exp $
-
---- configure.in.orig Sun Mar 18 20:56:36 2001
-+++ configure.in
-@@ -172,7 +172,7 @@
- HAVE_LIBCRACK=no)
- AC_SUBST(HAVE_LIBCRACK)
-
--AC_CHECK_LIB(crypt, fcrypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT),
-+AC_CHECK_LIB(crypt, crypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT),
- HAVE_LIBCRYPT=no)
- AC_SUBST(HAVE_LIBCRYPT)
- AC_CHECK_LIB(util, logwtmp, HAVE_LIBUTIL=yes ; AC_DEFINE(HAVE_LIBUTIL),
-@@ -220,7 +220,7 @@
-
- dnl Look for cracklib dictionary
- AC_MSG_CHECKING(path to cracklib dictionary)
--DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \
-+DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \
- /usr/local/lib /usr/local/share/lib"
- DICT_FILE_CANDIDATES="pw_dict cracklib_dict"
- CRACKLIB_DICTPATH=""
-@@ -264,6 +264,21 @@
- if test "$GCC" = yes; then
- ###
- ### Non-Linux needs attention on per-OS basis
-+ case $OS in
-+ netbsd*)
-+ OS_CFLAGS=""
-+ WARNINGS="$GCC_WARNINGS"
-+ PIC="-fPIC"
-+#can/should we use LD=gcc ???
-+ LD=ld
-+ LD_D="\$(CC) -shared -Xlinker -x"
-+ LD_L="$LD -x -shared"
-+ RANLIB=ranlib
-+ STRIP=strip
-+ CC_STATIC="-Xlinker -export-dynamic"
-+ ;;
-+
-+ *)
- OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic"
- WARNINGS="$GCC_WARNINGS"
- PIC="-fPIC"
-@@ -274,6 +289,8 @@
- RANLIB=ranlib
- STRIP=strip
- CC_STATIC="-Xlinker -export-dynamic"
-+ ;;
-+ esac
- else
- ###
- ### Non-gcc needs attention on per-OS basis
diff --git a/security/PAM/patches/patch-bb b/security/PAM/patches/patch-bb
deleted file mode 100644
index 02b96f924c0..00000000000
--- a/security/PAM/patches/patch-bb
+++ /dev/null
@@ -1,69 +0,0 @@
-$NetBSD: patch-bb,v 1.1 2002/01/29 17:10:12 jlam Exp $
-
---- configure.orig Sun Mar 18 20:56:36 2001
-+++ configure
-@@ -1460,9 +1460,9 @@
-
-
-
--echo $ac_n "checking for fcrypt in -lcrypt""... $ac_c" 1>&6
--echo "configure:1465: checking for fcrypt in -lcrypt" >&5
--ac_lib_var=`echo crypt'_'fcrypt | sed 'y%./+-%__p_%'`
-+echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
-+echo "configure:1465: checking for crypt in -lcrypt" >&5
-+ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
- if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
- echo $ac_n "(cached) $ac_c" 1>&6
- else
-@@ -1474,10 +1474,10 @@
- /* Override any gcc2 internal prototype to avoid an error. */
- /* We use char because int might match the return type of a gcc2
- builtin and then its argument prototype would still apply. */
--char fcrypt();
-+char crypt();
-
- int main() {
--fcrypt()
-+crypt()
- ; return 0; }
- EOF
- if { (eval echo configure:1484: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
-@@ -2257,7 +2257,7 @@
-
- echo $ac_n "checking path to cracklib dictionary""... $ac_c" 1>&6
- echo "configure:2260: checking path to cracklib dictionary" >&5
--DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \
-+DICT_DIR_CANDIDATES="${prefix}/libdata /usr/lib /usr/share/dict /usr/share/lib \
- /usr/local/lib /usr/local/share/lib"
- DICT_FILE_CANDIDATES="pw_dict cracklib_dict"
- CRACKLIB_DICTPATH=""
-@@ -2288,6 +2288,20 @@
- if test "$GCC" = yes; then
- ###
- ### Non-Linux needs attention on per-OS basis
-+ case $OS in
-+ netbsd*)
-+ OS_CFLAGS=""
-+ WARNINGS="$GCC_WARNINGS"
-+ PIC="-fPIC"
-+ LD=ld
-+ LD_D="\$(CC) -shared -Xlinker -x"
-+ LD_L="$LD -x -shared"
-+ RANLIB=ranlib
-+ STRIP=strip
-+ CC_STATIC="-Xlinker -export-dynamic"
-+ ;;
-+
-+ *)
- OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic"
- WARNINGS="$GCC_WARNINGS"
- PIC="-fPIC"
-@@ -2298,6 +2312,8 @@
- RANLIB=ranlib
- STRIP=strip
- CC_STATIC="-Xlinker -export-dynamic"
-+ ;;
-+ esac
- else
- ###
- ### Non-gcc needs attention on per-OS basis
diff --git a/security/PAM/patches/patch-bc b/security/PAM/patches/patch-bc
deleted file mode 100644
index 6dd94142df1..00000000000
--- a/security/PAM/patches/patch-bc
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-bc,v 1.1 2002/01/29 17:10:12 jlam Exp $
-
---- modules/Simple.Rules.orig Wed Feb 21 23:55:41 2001
-+++ modules/Simple.Rules
-@@ -56,7 +56,7 @@
-
- ifdef DYNAMIC
- $(LIBSHARED): $(LIBOBJD)
-- $(LD_D) -o $@ $(LIBOBJD) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C)
-+ $(LD_D) -o $@ $(LIBOBJD) $(LDFLAGS) $(MODULE_SIMPLE_EXTRALIBS) $(NEED_LINK_LIB_C)
-
- endif
-
diff --git a/security/PAM/patches/patch-bd b/security/PAM/patches/patch-bd
deleted file mode 100644
index 04aeeddf2c2..00000000000
--- a/security/PAM/patches/patch-bd
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-bd,v 1.1 2002/01/29 17:10:12 jlam Exp $
-
---- doc/Makefile.orig Mon Jan 28 18:45:38 2002
-+++ doc/Makefile
-@@ -5,7 +5,7 @@
-
- # These two should probably be moved into autoconf...
- DOCDIR=/usr/doc/Linux-PAM
--MANDIR=/usr/man
-+MANDIR=${mandir}
-
- #######################################################
-