From 1fc5019ca6358d9338ef8c367c5c1eaa32ae8326 Mon Sep 17 00:00:00 2001 From: drochner Date: Tue, 9 Aug 2005 17:31:06 +0000 Subject: add a "pam" pkg option and make it work with NetBSD's openpam if enabled --- security/dropbear/patches/patch-ab | 19 ++++++++++++++++--- security/dropbear/patches/patch-ac | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 security/dropbear/patches/patch-ac (limited to 'security/dropbear/patches') diff --git a/security/dropbear/patches/patch-ab b/security/dropbear/patches/patch-ab index ebb042de223..dd637d304bf 100644 --- a/security/dropbear/patches/patch-ab +++ b/security/dropbear/patches/patch-ab @@ -1,8 +1,21 @@ -$NetBSD: patch-ab,v 1.2 2005/04/29 16:14:41 drochner Exp $ +$NetBSD: patch-ab,v 1.3 2005/08/09 17:31:06 drochner Exp $ ---- options.h.orig 2005-03-07 05:27:02.000000000 +0100 +--- options.h.orig 2005-07-08 21:20:58.000000000 +0200 +++ options.h -@@ -143,7 +143,7 @@ etc) slower (perhaps by 50%). Recommende +@@ -122,8 +122,11 @@ etc) slower (perhaps by 50%). Recommende + * but there's an interface via a PAM module - don't bother using it otherwise. + * You can't enable both PASSWORD and PAM. */ + ++#ifdef DISABLE_PAM + #define ENABLE_SVR_PASSWORD_AUTH +-/*#define ENABLE_SVR_PAM_AUTH*/ ++#else ++#define ENABLE_SVR_PAM_AUTH ++#endif + #define ENABLE_SVR_PUBKEY_AUTH + + #define ENABLE_CLI_PASSWORD_AUTH +@@ -148,7 +151,7 @@ etc) slower (perhaps by 50%). Recommende * however significantly reduce the security of your ssh connections * if the PRNG state becomes guessable - make sure you know what you are * doing if you change this. */ diff --git a/security/dropbear/patches/patch-ac b/security/dropbear/patches/patch-ac new file mode 100644 index 00000000000..8a5d734326a --- /dev/null +++ b/security/dropbear/patches/patch-ac @@ -0,0 +1,35 @@ +$NetBSD: patch-ac,v 1.1 2005/08/09 17:31:06 drochner Exp $ + +--- svr-authpam.c.orig 2005-08-09 19:13:13.000000000 +0200 ++++ svr-authpam.c +@@ -78,7 +78,8 @@ pamConvFunc(int num_msg, + + case PAM_PROMPT_ECHO_OFF: + +- if (strcmp(message, "Password:") != 0) { ++ if ((strcmp(message, "Password:") != 0) ++ && (strcmp(message, "Password: ") != 0)) { + TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt")) + rc = PAM_CONV_ERR; + break; +@@ -101,7 +102,9 @@ pamConvFunc(int num_msg, + + if ((strcmp(message, "login: " ) != 0) + && (strcmp(message, "login:" ) != 0) +- && (strcmp(message, "Please enter username: " ) != 0)) { ++ && (strcmp(message, "Please enter username: " ) != 0) ++ && (strcmp(message, "Login:" ) != 0) ++ && (strcmp(message, "Username:" ) != 0)) { + TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt")) + rc = PAM_CONV_ERR; + break; +@@ -184,7 +187,9 @@ void svr_auth_pam() { + goto cleanup; + } + ++#ifndef __NetBSD__ + (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */); ++#endif + + /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */ + -- cgit v1.2.3