diff options
Diffstat (limited to 'security/PAM/patches')
26 files changed, 824 insertions, 0 deletions
diff --git a/security/PAM/patches/patch-aa b/security/PAM/patches/patch-aa new file mode 100644 index 00000000000..7e41cf9e159 --- /dev/null +++ b/security/PAM/patches/patch-aa @@ -0,0 +1,88 @@ +$NetBSD: patch-aa,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- Makefile.orig Mon Nov 22 04:02:36 1999 ++++ Makefile +@@ -31,8 +31,8 @@ + #STATIC=-DPAM_STATIC + + # Comment out these lines to disable building dynamic/static libpam.* +-DYNAMIC_LIBPAM=yes +-#STATIC_LIBPAM=yes ++DYNAMIC_LIBPAM?=yes ++STATIC_LIBPAM?=yes + + # All combinations of the above four variable definitions are legal, + # however, not defining either dynamic or static modules and yet +@@ -43,22 +43,22 @@ + # they control the building of some modules in this distribution + # Note, these definitions are all "export"ed below... + +-HAVE_PWDBLIB=yes ++HAVE_PWDBLIB=no + HAVE_CRACKLIB=yes + HAVE_AFSLIBS=no +-HAVE_KRBLIBS=no ++HAVE_KRBLIBS=yes + + # NB. The following is the generic defines for compilation. + # They can be overridden in the default.defs file below + # +-WARNINGS = -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ ++WARNINGS = -ansi -Wall -Wwrite-strings \ + -Wpointer-arith -Wcast-qual -Wcast-align \ + -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \ + -Wnested-externs -Winline -Wshadow -pedantic + PIC=-fPIC + + # Mode to install shared libraries with +-SHLIBMODE=755 ++SHLIBMODE=444 + + # + # Conditional defines.. +@@ -66,7 +66,7 @@ + + ifdef DYNAMIC + # need the dynamic library functions +-LIBDL=-l$(DYNLOAD) ++LIBDL= + ifdef STATIC_LIBPAM + # needed because pam_xxx() fn's are now in statically linked library + RDYNAMIC = -rdynamic +@@ -98,15 +98,15 @@ + + # the sub-directories to make things in + +-DIRS = modules libpam conf libpam_misc libpamc examples ++DIRS = libpam modules conf libpam_misc libpamc examples + + # + # basic defines + # + +-INCLUDEDIR=-I$(shell pwd)/include +-PAMLIB=-L$(shell pwd)/libpam +-PAMMISCLIB=-L$(shell pwd)/libpam_misc ++INCLUDEDIR=-I$(shell pwd)/include -I${PREFIX}/include/cracklib ++PAMLIB=-L$(shell pwd)/libpam -Wl,-R${PREFIX}/lib -L${PREFIX}/lib ++PAMMISCLIB=-L$(shell pwd)/libpam_misc -Wl,-R${PREFIX}/lib -L${PREFIX}/lib + ifeq ($(DEBUG_REL),yes) + PAMLIB += -lpamd + PAMMISCLIB += -lpamd_misc +@@ -121,6 +121,7 @@ + # only that you are compiling the "Linux" (read FREE) implementation + # of Pluggable Authentication Modules. + EXTRAS += -DLINUX_PAM ++EXTRAS += -DHAVE_UTMP_H + + # + # build composite defines +@@ -209,7 +210,7 @@ + ## the rules + ## + +-all: .freezemake headers ++all: headers + + @for i in $(DIRS) ; do \ + $(MAKE) -C $$i all ; \ diff --git a/security/PAM/patches/patch-ab b/security/PAM/patches/patch-ab new file mode 100644 index 00000000000..c9c2a7106d7 --- /dev/null +++ b/security/PAM/patches/patch-ab @@ -0,0 +1,59 @@ +$NetBSD: patch-ab,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- default.defs.orig Thu Jul 8 07:01:39 1999 ++++ default.defs +@@ -1,36 +1,20 @@ +-## +-# defs for Red Hat Linux +-# Michael K. Johnson <johnsonm@redhat.com> +-## +-# this file indicates the compiler and the various hardware/OS dependent +-# flags for installation. It also defines the various destinations of +-# installed files on the system. +-# +-# This file is the version used for Red Hat Linux. +- +-OS=linux +-ARCH=$(shell rpm --showrc | grep '^build arch' | sed 's/^.*: //g') +-CC=gcc +-INSTALL=install +-MKDIR=mkdir -p +-CFLAGS=$(RPM_OPT_FLAGS) -pipe -g +-ULIBS=#-lefence +-LD=ld +-LD_D=gcc -shared -Xlinker -x +-LD_L=$(LD) -x -shared ++OS=${LOWER_OPSYS} ++ARCH=${MACHINE_GNU_ARCH} ++INSTALL=${BSD_INSTALL} ++WARNINGS= ++ULIBS= ++LD_L=${LD} -G ++LD_D=${LD_L} ++RDYNAMIC= + USESONAME=yes +-SOSWITCH=-soname +-LINKLIBS=-lc ++SOSWITCH=-h + NEEDSONAME=no +-LDCONFIG=/sbin/ldconfig +-AR=ar -cr +-RANLIB=ranlib +-FAKEROOT=$(RPM_BUILD_ROOT) +-PREFIX= +-SUPLEMENTED=$(PREFIX)/sbin +-LIBDIR=$(PREFIX)/lib +-SECUREDIR=$(LIBDIR)/security +-INCLUDED=/usr/include/security +-CONFIGED=/etc +-SCONFIGED=/etc/security +-EXTRALS=-lcrypt ++LDCONFIG=echo ++AR=${ARPRG} -cr ++FAKEROOT= ++SUPLEMENTED=${PREFIX}/sbin ++LIBDIR=${PREFIX}/lib ++SECUREDIR=${LIBDIR}/security ++INCLUDED=${PREFIX}/include/security ++CONFIGED=${PREFIX}/etc ++SCONFIGED=${CONFIGED}/pam diff --git a/security/PAM/patches/patch-ac b/security/PAM/patches/patch-ac new file mode 100644 index 00000000000..40b2111e579 --- /dev/null +++ b/security/PAM/patches/patch-ac @@ -0,0 +1,22 @@ +$NetBSD: patch-ac,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_access/Makefile.orig Sat Oct 21 15:23:02 2000 ++++ modules/pam_access/Makefile +@@ -6,7 +6,7 @@ + # + + TITLE=pam_access +-CONFD=$(CONFIGED)/security ++CONFD=$(CONFIGED)/pam + export CONFD + CONFILE=$(CONFD)/access.conf + export CONFILE +@@ -17,7 +17,7 @@ + export DYNAMIC=-DPAM_DYNAMIC + export CC=gcc + export CFLAGS=-O2 -Dlinux -DLINUX_PAM \ +- -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ ++ -ansi -Wall -Wwrite-strings \ + -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \ + -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \ + -Wshadow -pedantic -fPIC diff --git a/security/PAM/patches/patch-ad b/security/PAM/patches/patch-ad new file mode 100644 index 00000000000..d46c45741ef --- /dev/null +++ b/security/PAM/patches/patch-ad @@ -0,0 +1,13 @@ +$NetBSD: patch-ad,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_deny/Makefile.orig Sun Jul 12 07:17:16 1998 ++++ modules/pam_deny/Makefile +@@ -40,7 +40,7 @@ + export DYNAMIC=-DPAM_DYNAMIC + export CC=gcc + export CFLAGS=-O2 -Dlinux -DLINUX_PAM \ +- -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ ++ -ansi -Wall -Wwrite-strings \ + -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \ + -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \ + -Wshadow -pedantic -fPIC diff --git a/security/PAM/patches/patch-ae b/security/PAM/patches/patch-ae new file mode 100644 index 00000000000..4f86bacc767 --- /dev/null +++ b/security/PAM/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_lastlog/Makefile.orig Sun Jul 12 07:17:17 1998 ++++ modules/pam_lastlog/Makefile +@@ -26,7 +26,7 @@ + export DYNAMIC=-DPAM_DYNAMIC + export CC=gcc + export CFLAGS=-O2 -Dlinux -DLINUX_PAM \ +- -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ ++ -ansi -Wall -Wwrite-strings \ + -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \ + -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \ + -Wshadow -pedantic -fPIC diff --git a/security/PAM/patches/patch-af b/security/PAM/patches/patch-af new file mode 100644 index 00000000000..ea6df5b8511 --- /dev/null +++ b/security/PAM/patches/patch-af @@ -0,0 +1,13 @@ +$NetBSD: patch-af,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_permit/Makefile.orig Sun Jul 12 07:17:16 1998 ++++ modules/pam_permit/Makefile +@@ -40,7 +40,7 @@ + export DYNAMIC=-DPAM_DYNAMIC + export CC=gcc + export CFLAGS=-O2 -Dlinux -DLINUX_PAM \ +- -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ ++ -ansi -Wall -Wwrite-strings \ + -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \ + -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \ + -Wshadow -pedantic -fPIC diff --git a/security/PAM/patches/patch-ag b/security/PAM/patches/patch-ag new file mode 100644 index 00000000000..4e827255280 --- /dev/null +++ b/security/PAM/patches/patch-ag @@ -0,0 +1,13 @@ +$NetBSD: patch-ag,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_pwdb/Makefile.orig Sun Aug 1 18:18:27 1999 ++++ modules/pam_pwdb/Makefile +@@ -16,7 +16,7 @@ + export DYNAMIC=-DPAM_DYNAMIC + export CC=gcc + export CFLAGS=-O2 -Dlinux -DLINUX_PAM \ +- -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ ++ -ansi -Wall -Wwrite-strings \ + -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional \ + -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline \ + -Wshadow -pedantic -fPIC diff --git a/security/PAM/patches/patch-ah b/security/PAM/patches/patch-ah new file mode 100644 index 00000000000..2afbe5b6d01 --- /dev/null +++ b/security/PAM/patches/patch-ah @@ -0,0 +1,18 @@ +$NetBSD: patch-ah,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_cracklib/Makefile.orig Sat Oct 9 07:07:02 1999 ++++ modules/pam_cracklib/Makefile +@@ -22,11 +22,11 @@ + ifeq ($(HAVE_CRACKLIB),yes) + + TITLE=pam_cracklib +-CRACKLIB=-lcrack ++CRACKLIB=-R${PREFIX}/lib -L${PREFIX}/lib -lcrack + ifeq ($(shell if [ -f /usr/lib/cracklib_dict.hwm ]; then echo yes ; fi),yes) + CRACKLIB_DICTPATH=/usr/lib/cracklib_dict + else +- CRACKLIB_DICTPATH=/usr/share/dict/cracklib_dict ++ CRACKLIB_DICTPATH=${PREFIX}/libdata/pw_dict + endif + # + ifeq ($(shell if [ -f /usr/include/crypt.h ]; then echo yes ; fi),yes) diff --git a/security/PAM/patches/patch-ai b/security/PAM/patches/patch-ai new file mode 100644 index 00000000000..c0067222dc1 --- /dev/null +++ b/security/PAM/patches/patch-ai @@ -0,0 +1,15 @@ +$NetBSD: patch-ai,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_env/pam_env.c.orig Sat Oct 21 11:37:33 2000 ++++ modules/pam_env/pam_env.c +@@ -18,7 +18,10 @@ + #define _GNU_SOURCE + #define _BSD_SOURCE + ++#include <sys/param.h> ++#if (!defined(BSD) || BSD < 199306) + #include <features.h> ++#endif + #include <ctype.h> + #include <errno.h> + #include <pwd.h> diff --git a/security/PAM/patches/patch-aj b/security/PAM/patches/patch-aj new file mode 100644 index 00000000000..5c008c1706b --- /dev/null +++ b/security/PAM/patches/patch-aj @@ -0,0 +1,80 @@ +$NetBSD: patch-aj,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_filter/pam_filter.c.orig Sat Oct 21 11:39:55 2000 ++++ modules/pam_filter/pam_filter.c +@@ -18,13 +18,18 @@ + + #include <stdio.h> + #include <sys/types.h> ++#include <sys/param.h> + #include <sys/wait.h> + #include <sys/time.h> + #include <sys/file.h> + #include <sys/stat.h> + #include <sys/socket.h> + #include <sys/ioctl.h> +-#include <termio.h> ++#include <termios.h> ++ ++#if (defined(BSD) && BSD >= 199306) ++#define termio termios ++#endif + + #include <signal.h> + +@@ -310,7 +315,7 @@ + + /* this is termio terminal handling... */ + +- if (ioctl(STDIN_FILENO, TCGETA, (char *) &stored_mode ) < 0) { ++ if (tcgetattr(STDIN_FILENO, &stored_mode ) < 0) { + /* in trouble, so close down */ + close(fd[0]); + _pam_log(LOG_CRIT, "couldn't copy terminal mode"); +@@ -322,14 +327,18 @@ + t_mode.c_oflag &= ~OPOST; /* no ouput post processing */ + + /* no signals, canonical input, echoing, upper/lower output */ ++#ifdef XCASE + t_mode.c_lflag &= ~(ISIG|ICANON|ECHO|XCASE); ++#else ++ t_mode.c_lflag &= ~(ISIG|ICANON|ECHO); ++#endif + t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */ + t_mode.c_cflag |= CS8; /* 8 bit chars */ + + t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */ + t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */ + +- if (ioctl(STDIN_FILENO, TCSETA, (char *) &t_mode) < 0) { ++ if (tcsetattr(STDIN_FILENO, TCSANOW, &t_mode ) < 0) { + close(fd[0]); + _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode"); + return PAM_ABORT; +@@ -359,7 +368,7 @@ + + _pam_log(LOG_WARNING,"first fork failed"); + if (aterminal) { +- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); ++ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode); + } + + return PAM_AUTH_ERR; +@@ -401,7 +410,7 @@ + /* initialize the child's terminal to be the way the + parent's was before we set it into RAW mode */ + +- if (ioctl(fd[1], TCSETA, (char *) &stored_mode) < 0) { ++ if (tcsetattr(fd[1], TCSANOW, &stored_mode) < 0) { + _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s" + ,terminal); + close(fd[1]); +@@ -575,7 +584,7 @@ + + if (aterminal) { + /* reset to initial terminal mode */ +- (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); ++ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode); + } + + if (ctrl & FILTER_DEBUG) { diff --git a/security/PAM/patches/patch-ak b/security/PAM/patches/patch-ak new file mode 100644 index 00000000000..ee2623e621f --- /dev/null +++ b/security/PAM/patches/patch-ak @@ -0,0 +1,15 @@ +$NetBSD: patch-ak,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_ftp/pam_ftp.c.orig Sat Oct 21 11:54:46 2000 ++++ modules/pam_ftp/pam_ftp.c +@@ -17,7 +17,10 @@ + #define _GNU_SOURCE + #define _BSD_SOURCE + ++#include <sys/param.h> ++#if (!defined(BSD) || BSD < 199306) + #include <features.h> ++#endif + #include <stdio.h> + #include <stdlib.h> + #include <unistd.h> diff --git a/security/PAM/patches/patch-al b/security/PAM/patches/patch-al new file mode 100644 index 00000000000..e0cf473674d --- /dev/null +++ b/security/PAM/patches/patch-al @@ -0,0 +1,37 @@ +$NetBSD: patch-al,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_issue/pam_issue.c.orig Sat Oct 21 11:56:30 2000 ++++ modules/pam_issue/pam_issue.c +@@ -21,6 +21,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <sys/types.h> ++#include <sys/param.h> + #include <sys/stat.h> + #include <fcntl.h> + #include <string.h> +@@ -214,12 +215,24 @@ + case 'U': + { + int users = 0; ++#if (defined(BSD) && BSD >= 199306) ++ struct utmp ut; ++ FILE *uf; ++ ++ if ((uf == fopen(_PATH_UTMP, "r")) != NULL) { ++ while (fread(&ut, sizeof(ut), 1, uf) > 0) ++ if (ut.ut_name[0] != '\0') ++ ++users; ++ (void) fclose(uf); ++ } ++#else + struct utmp *ut; + setutent(); + while ((ut = getutent())) + if (ut->ut_type == USER_PROCESS) + users++; + endutent(); ++#endif + printf ("%d ", users); + if (c == 'U') + snprintf (buf, 1024, "%s", (users == 1) ? diff --git a/security/PAM/patches/patch-am b/security/PAM/patches/patch-am new file mode 100644 index 00000000000..cab31000edb --- /dev/null +++ b/security/PAM/patches/patch-am @@ -0,0 +1,13 @@ +$NetBSD: patch-am,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_mkhomedir/Makefile.orig Sat Oct 21 12:44:27 2000 ++++ modules/pam_mkhomedir/Makefile +@@ -61,7 +61,7 @@ + $(LIBOBJD): $(LIBSRC) + + $(LIBSHARED): $(LIBOBJD) +- $(LD_D) -o $@ $(LIBOBJD) $(LINKLIBS) -lpam ++ ${LD_D} -o $@ ${LIBOBJD} -R${PREFIX}/lib -L../../libpam -L${PREFIX}/lib ${LINKLIBS} -lpam + endif + + ifdef STATIC diff --git a/security/PAM/patches/patch-an b/security/PAM/patches/patch-an new file mode 100644 index 00000000000..44c1665b0e3 --- /dev/null +++ b/security/PAM/patches/patch-an @@ -0,0 +1,89 @@ +$NetBSD: patch-an,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_unix/pam_unix_acct.c.orig Sat Oct 21 12:49:02 2000 ++++ modules/pam_unix/pam_unix_acct.c +@@ -46,9 +46,12 @@ + #include <string.h> + #include <unistd.h> + #include <sys/types.h> ++#include <sys/param.h> + #include <syslog.h> + #include <pwd.h> ++#ifndef BSD + #include <shadow.h> ++#endif + #include <time.h> /* for time() */ + + +@@ -78,7 +81,7 @@ + const char *uname; + int retval, daysleft; + time_t curdays; +- struct spwd *spent; ++ struct spwd *spent = NULL; + struct passwd *pwent; + char buf[80]; + +@@ -119,6 +122,9 @@ + return PAM_CRED_INSUFFICIENT; + } + } ++#ifdef BSD ++ spent = NULL; ++#else + spent = getspnam( uname ); + if (save_uid == pwent->pw_uid) + setreuid( save_uid, save_euid ); +@@ -127,16 +133,42 @@ + setreuid( save_uid, -1 ); + setreuid( -1, save_euid ); + } +- ++#endif + } else if (!strcmp( pwent->pw_passwd, "x" )) { ++#ifdef BSD ++ spent = NULL; ++#else + spent = getspnam(uname); ++#endif + } else { ++#if (defined(BSD) && BSD >= 199306) ++ time_t now = time(NULL); ++ if (now > pwent->pw_expire) { ++ _log_err(LOG_NOTICE ++ ,"account %s has expired (account expired)" ++ ,uname); ++ _make_remark(pamh, ctrl, PAM_ERROR_MSG, ++ "Your account has expired; please contact your system administrator"); ++ D(("account expired")); ++ return PAM_ACCT_EXPIRED; ++ } ++ else if (now + _PASSWORD_WARNDAYS * 86400 > pwent->pw_expire) { ++ daysleft = (pwent->pw_expire - now) / 86400; ++ _log_err(LOG_DEBUG ++ ,"password for user %s will expire in %d days" ++ ,uname, daysleft); ++ snprintf(buf, 80, "Warning: your password will expire in %d day%.2s", ++ daysleft, daysleft == 1 ? "" : "s"); ++ _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); ++ } ++#endif + return PAM_SUCCESS; + } + + if (!spent) + return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */ + ++#ifndef BSD + curdays = time(NULL) / (60 * 60 * 24); + D(("today is %d, last change %d", curdays, spent->sp_lstchg)); + if ((curdays > spent->sp_expire) && (spent->sp_expire != -1) +@@ -189,7 +221,7 @@ + daysleft, daysleft == 1 ? "" : "s"); + _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); + } +- ++#endif + D(("all done")); + + return PAM_SUCCESS; diff --git a/security/PAM/patches/patch-ao b/security/PAM/patches/patch-ao new file mode 100644 index 00000000000..977c4e8f2cf --- /dev/null +++ b/security/PAM/patches/patch-ao @@ -0,0 +1,100 @@ +$NetBSD: patch-ao,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_unix/pam_unix_passwd.c.orig Sat Oct 21 13:10:07 2000 ++++ modules/pam_unix/pam_unix_passwd.c +@@ -52,7 +52,10 @@ + #include <errno.h> + #include <pwd.h> + #include <syslog.h> ++#include <sys/param.h> ++#ifndef BSD + #include <shadow.h> ++#endif + #include <time.h> /* for time() */ + #include <fcntl.h> + #include <ctype.h> +@@ -83,7 +86,7 @@ + #include "md5.h" + #include "support.h" + +-#if !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) ++#if !defined(BSD) && !((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 1)) + extern int getrpcport(const char *host, unsigned long prognum, + unsigned long versnum, unsigned int proto); + #endif /* GNU libc 2.1 */ +@@ -334,6 +337,9 @@ + + static int _update_passwd(const char *forwho, char *towhat) + { ++#ifdef BSD ++ return PAM_AUTHTOK_ERR; ++#else + struct passwd *tmpent = NULL; + FILE *pwfile, *opwfile; + int retval = 0; +@@ -376,10 +382,14 @@ + unlink(PW_TMPFILE); + + return retval; ++#endif + } + + static int _update_shadow(const char *forwho, char *towhat) + { ++#ifdef BSD ++ return PAM_AUTHTOK_ERR; ++#else + struct spwd *spwdent = NULL, *stmpent = NULL; + FILE *pwfile, *opwfile; + int retval = 0; +@@ -428,6 +438,7 @@ + unlink(SH_TMPFILE); + + return retval; ++#endif + } + + static int _do_setpass(const char *forwho, char *fromwhat, char *towhat, +@@ -535,15 +546,18 @@ + return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ + + if (strcmp(pwd->pw_passwd, "x") == 0) { ++#ifndef BSD + /* ...and shadow password file entry for this user, if shadowing + is enabled */ + setspent(); + spwdent = getspnam(user); + endspent(); ++#endif + + if (spwdent == NULL) + return PAM_AUTHINFO_UNAVAIL; + } else { ++#ifndef BSD + if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */ + uid_t save_uid; + +@@ -556,8 +570,15 @@ + return PAM_AUTHINFO_UNAVAIL; + } else + spwdent = NULL; ++#endif + } + ++#ifdef BSD ++ if (off(UNIX__IAMROOT, ctrl)) { ++ if (time(NULL) > pwd->pw_expire) ++ retval = PAM_ACCT_EXPIRED; ++ } ++#else + if (spwdent != NULL) { + /* We have the user's information, now let's check if their account + has expired (60 * 60 * 24 = number of seconds in a day) */ +@@ -583,6 +604,7 @@ + retval = PAM_ACCT_EXPIRED; + } + } ++#endif + return retval; + } + diff --git a/security/PAM/patches/patch-ap b/security/PAM/patches/patch-ap new file mode 100644 index 00000000000..710dbe842db --- /dev/null +++ b/security/PAM/patches/patch-ap @@ -0,0 +1,74 @@ +$NetBSD: patch-ap,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_unix/support.c.orig Sat Oct 21 14:21:48 2000 ++++ modules/pam_unix/support.c +@@ -12,7 +12,10 @@ + #include <string.h> + #include <malloc.h> + #include <pwd.h> ++#include <sys/param.h> ++#ifndef BSD + #include <shadow.h> ++#endif + #include <limits.h> + #include <utmp.h> + +@@ -99,6 +102,9 @@ + */ + char *PAM_getlogin(void) + { ++#ifdef BSD ++ return getlogin(); ++#else + struct utmp *ut, line; + char *curr_tty, *retval; + static char curr_user[UT_NAMESIZE + 4]; +@@ -120,6 +126,7 @@ + D(("PAM_getlogin retval: %s", retval)); + + return retval; ++#endif + } + + /* +@@ -302,6 +309,7 @@ + pwd = getpwnam(name); /* Get password file entry... */ + + if (pwd != NULL) { ++#ifndef BSD + if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) + { /* NIS+ */ + uid_t save_euid, save_uid; +@@ -339,6 +347,7 @@ + if (spwdent) + salt = x_strdup(spwdent->sp_pwdp); + else ++#endif + salt = x_strdup(pwd->pw_passwd); + } + /* Does this user have a password? */ +@@ -450,6 +459,7 @@ + pwd = getpwnam(name); /* Get password file entry... */ + + if (pwd != NULL) { ++#ifndef BSD + if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) + { /* NIS+ */ + uid_t save_euid, save_uid; +@@ -467,7 +477,7 @@ + return PAM_CRED_INSUFFICIENT; + } + } +- ++ + spwdent = getspnam( name ); + if (save_uid == pwd->pw_uid) + setreuid( save_uid, save_euid ); +@@ -486,6 +496,7 @@ + if (spwdent) + salt = x_strdup(spwdent->sp_pwdp); + else ++#endif + salt = x_strdup(pwd->pw_passwd); + } + diff --git a/security/PAM/patches/patch-aq b/security/PAM/patches/patch-aq new file mode 100644 index 00000000000..fa5d4e0502b --- /dev/null +++ b/security/PAM/patches/patch-aq @@ -0,0 +1,17 @@ +$NetBSD: patch-aq,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_unix/Makefile.orig Sat Oct 21 14:28:23 2000 ++++ modules/pam_unix/Makefile +@@ -30,10 +30,10 @@ + ######################################################################## + + CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) +-LDLIBS = $(EXTRALS) ++LDLIBS = $(EXTRALS) -lcrypt + + ifdef USE_CRACKLIB +-CRACKLIB = -lcrack ++CRACKLIB = -R${PREFIX}/lib -L${PREFIX}/lib -lcrack + endif + + diff --git a/security/PAM/patches/patch-ar b/security/PAM/patches/patch-ar new file mode 100644 index 00000000000..f43bdf78458 --- /dev/null +++ b/security/PAM/patches/patch-ar @@ -0,0 +1,34 @@ +$NetBSD: patch-ar,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_unix/unix_chkpwd.c.orig Sat Oct 21 14:30:41 2000 ++++ modules/pam_unix/unix_chkpwd.c +@@ -26,8 +26,11 @@ + #include <syslog.h> + #include <unistd.h> + #include <sys/types.h> ++#include <sys/param.h> + #include <pwd.h> ++#ifndef BSD + #include <shadow.h> ++#endif + #include <signal.h> + + #define MAXPASS 200 /* the maximum length of a password */ +@@ -98,6 +101,9 @@ + pwd = getpwnam(name); /* Get password file entry... */ + endpwent(); + if (pwd != NULL) { ++#ifdef BSD ++ salt = x_strdup(pwd->pw_passwd); ++#else + if (strcmp(pwd->pw_passwd, "x") == 0) { + /* + * ...and shadow password file entry for this user, +@@ -124,6 +130,7 @@ + salt = x_strdup(pwd->pw_passwd); + } + } ++#endif + } + if (pwd == NULL || salt == NULL) { + _log_err(LOG_ALERT, "check pass; user unknown"); diff --git a/security/PAM/patches/patch-as b/security/PAM/patches/patch-as new file mode 100644 index 00000000000..219cede6282 --- /dev/null +++ b/security/PAM/patches/patch-as @@ -0,0 +1,15 @@ +$NetBSD: patch-as,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_userdb/pam_userdb.c.orig Sat Oct 21 14:34:30 2000 ++++ modules/pam_userdb/pam_userdb.c +@@ -9,7 +9,10 @@ + #define _GNU_SOURCE + #define _BSD_SOURCE + ++#include <sys/param.h> ++#ifndef BSD + #include <features.h> ++#endif + #include <stdlib.h> + #include <unistd.h> + #include <string.h> diff --git a/security/PAM/patches/patch-at b/security/PAM/patches/patch-at new file mode 100644 index 00000000000..057c2899959 --- /dev/null +++ b/security/PAM/patches/patch-at @@ -0,0 +1,12 @@ +$NetBSD: patch-at,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_userdb/Makefile.orig Sat Oct 21 14:36:41 2000 ++++ modules/pam_userdb/Makefile +@@ -20,7 +20,6 @@ + LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) + #LIBOBJS = $(addprefix static/,$(LIBOBJ)) + +-EXTRALS += -ldb + CFLAGS += $(WHICH_DB) + + dynamic/%.o : %.c diff --git a/security/PAM/patches/patch-au b/security/PAM/patches/patch-au new file mode 100644 index 00000000000..2d049531f33 --- /dev/null +++ b/security/PAM/patches/patch-au @@ -0,0 +1,19 @@ +$NetBSD: patch-au,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- conf/install_conf.orig Sun Jul 12 07:17:14 1998 ++++ conf/install_conf +@@ -14,11 +14,10 @@ + echo "\ + An older Linux-PAM configuration file already exists ($CONFILE)" + WRITE=overwrite ++ yes=n ++ else ++ yes=y + fi +- echo -n "\ +-Do you wish to copy the $CONF file in this distribution +-to $CONFILE ? (y/n) [n] " +- read yes + else + yes=n + fi diff --git a/security/PAM/patches/patch-av b/security/PAM/patches/patch-av new file mode 100644 index 00000000000..17c577f48c1 --- /dev/null +++ b/security/PAM/patches/patch-av @@ -0,0 +1,13 @@ +$NetBSD: patch-av,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_env/Makefile.orig Sat Oct 21 15:45:39 2000 ++++ modules/pam_env/Makefile +@@ -24,7 +24,7 @@ + + TITLE=pam_env + +-CONFD=$(CONFIGED)/security ++CONFD=$(CONFIGED)/pam + export CONFD + CONFILE=$(CONFD)/pam_env.conf + export CONFILE diff --git a/security/PAM/patches/patch-aw b/security/PAM/patches/patch-aw new file mode 100644 index 00000000000..189395d0ae0 --- /dev/null +++ b/security/PAM/patches/patch-aw @@ -0,0 +1,13 @@ +$NetBSD: patch-aw,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_group/Makefile.orig Sat Oct 21 15:45:39 2000 ++++ modules/pam_group/Makefile +@@ -9,7 +9,7 @@ + # + + TITLE=pam_group +-CONFD=$(CONFIGED)/security ++CONFD=$(CONFIGED)/pam + export CONFD + CONFILE=$(CONFD)/group.conf + export CONFILE diff --git a/security/PAM/patches/patch-ax b/security/PAM/patches/patch-ax new file mode 100644 index 00000000000..5bd43b46dd3 --- /dev/null +++ b/security/PAM/patches/patch-ax @@ -0,0 +1,13 @@ +$NetBSD: patch-ax,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_limits/Makefile.orig Sat Oct 21 15:45:39 2000 ++++ modules/pam_limits/Makefile +@@ -8,7 +8,7 @@ + + ifeq ($(OS),linux) + TITLE=pam_limits +-CONFD=$(CONFIGED)/security ++CONFD=$(CONFIGED)/pam + export CONFD + CONFILE=$(CONFD)/limits.conf + export CONFILE diff --git a/security/PAM/patches/patch-ay b/security/PAM/patches/patch-ay new file mode 100644 index 00000000000..b1e317238ce --- /dev/null +++ b/security/PAM/patches/patch-ay @@ -0,0 +1,13 @@ +$NetBSD: patch-ay,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_radius/Makefile.orig Sat Oct 21 15:45:39 2000 ++++ modules/pam_radius/Makefile +@@ -9,7 +9,7 @@ + # + + TITLE=pam_radius +-CONFD=$(CONFIGED)/security ++CONFD=$(CONFIGED)/pam + export CONFD + CONFILE=$(CONFD)/radius.conf + export CONFILE diff --git a/security/PAM/patches/patch-az b/security/PAM/patches/patch-az new file mode 100644 index 00000000000..9f66cce918c --- /dev/null +++ b/security/PAM/patches/patch-az @@ -0,0 +1,13 @@ +$NetBSD: patch-az,v 1.1.1.1 2000/10/21 18:41:54 rh Exp $ + +--- modules/pam_time/Makefile.orig Sat Oct 21 15:45:39 2000 ++++ modules/pam_time/Makefile +@@ -9,7 +9,7 @@ + # + + TITLE=pam_time +-CONFD=$(CONFIGED)/security ++CONFD=$(CONFIGED)/pam + export CONFD + CONFILE=$(CONFD)/time.conf + export CONFILE |