From 97a5e873702d7ab6a01fd816c436522eb3882dbd Mon Sep 17 00:00:00 2001 From: drochner Date: Tue, 9 Aug 2005 17:31:06 +0000 Subject: add a "pam" pkg option and make it work with NetBSD's openpam if enabled --- security/dropbear/Makefile | 10 +++++++++- security/dropbear/distinfo | 5 +++-- security/dropbear/patches/patch-ab | 19 ++++++++++++++++--- security/dropbear/patches/patch-ac | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 63 insertions(+), 6 deletions(-) create mode 100644 security/dropbear/patches/patch-ac (limited to 'security') diff --git a/security/dropbear/Makefile b/security/dropbear/Makefile index 51d79e414b9..b7148c15378 100644 --- a/security/dropbear/Makefile +++ b/security/dropbear/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.12 2005/07/19 18:07:59 drochner Exp $ +# $NetBSD: Makefile,v 1.13 2005/08/09 17:31:06 drochner Exp $ DISTNAME= dropbear-0.46 CATEGORIES= security @@ -12,6 +12,14 @@ COMMENT= SSH2 server, aimed at embedded market GNU_CONFIGURE= yes USE_TOOLS+= gmake +PKG_OPTIONS_VAR= PKG_OPTIONS.dropbear +PKG_SUPPORTED_OPTIONS= pam +.include "../../mk/bsd.options.mk" + +.if !empty(PKG_OPTIONS:Mpam) +CONFIGURE_ARGS+= --enable-pam +.endif + MAKEFLAGS+= ROOT_USER=${ROOT_USER} ROOT_GROUP=${ROOT_GROUP} post-install: diff --git a/security/dropbear/distinfo b/security/dropbear/distinfo index 961d0d74af9..8edb6665956 100644 --- a/security/dropbear/distinfo +++ b/security/dropbear/distinfo @@ -1,7 +1,8 @@ -$NetBSD: distinfo,v 1.8 2005/07/19 18:07:59 drochner Exp $ +$NetBSD: distinfo,v 1.9 2005/08/09 17:31:06 drochner Exp $ SHA1 (dropbear-0.46.tar.bz2) = 2b6d2083ec0294fde55c75e4080c06637cbcf833 RMD160 (dropbear-0.46.tar.bz2) = f7c61b021705362f55209bc0f383d0bf3336841e Size (dropbear-0.46.tar.bz2) = 1413918 bytes SHA1 (patch-aa) = 3246fce39551e97f0b9ecd3397479ea2f3e22abd -SHA1 (patch-ab) = 80aacb92daf040e8bcff0171ac54b19b3031e86c +SHA1 (patch-ab) = 7096feb1f8cc7372410f2e94d7961190a6974fad +SHA1 (patch-ac) = 5a8bc0ccaba26fcf497de554a5c3a9478203adb1 diff --git a/security/dropbear/patches/patch-ab b/security/dropbear/patches/patch-ab index ebb042de223..dd637d304bf 100644 --- a/security/dropbear/patches/patch-ab +++ b/security/dropbear/patches/patch-ab @@ -1,8 +1,21 @@ -$NetBSD: patch-ab,v 1.2 2005/04/29 16:14:41 drochner Exp $ +$NetBSD: patch-ab,v 1.3 2005/08/09 17:31:06 drochner Exp $ ---- options.h.orig 2005-03-07 05:27:02.000000000 +0100 +--- options.h.orig 2005-07-08 21:20:58.000000000 +0200 +++ options.h -@@ -143,7 +143,7 @@ etc) slower (perhaps by 50%). Recommende +@@ -122,8 +122,11 @@ etc) slower (perhaps by 50%). Recommende + * but there's an interface via a PAM module - don't bother using it otherwise. + * You can't enable both PASSWORD and PAM. */ + ++#ifdef DISABLE_PAM + #define ENABLE_SVR_PASSWORD_AUTH +-/*#define ENABLE_SVR_PAM_AUTH*/ ++#else ++#define ENABLE_SVR_PAM_AUTH ++#endif + #define ENABLE_SVR_PUBKEY_AUTH + + #define ENABLE_CLI_PASSWORD_AUTH +@@ -148,7 +151,7 @@ etc) slower (perhaps by 50%). Recommende * however significantly reduce the security of your ssh connections * if the PRNG state becomes guessable - make sure you know what you are * doing if you change this. */ diff --git a/security/dropbear/patches/patch-ac b/security/dropbear/patches/patch-ac new file mode 100644 index 00000000000..8a5d734326a --- /dev/null +++ b/security/dropbear/patches/patch-ac @@ -0,0 +1,35 @@ +$NetBSD: patch-ac,v 1.1 2005/08/09 17:31:06 drochner Exp $ + +--- svr-authpam.c.orig 2005-08-09 19:13:13.000000000 +0200 ++++ svr-authpam.c +@@ -78,7 +78,8 @@ pamConvFunc(int num_msg, + + case PAM_PROMPT_ECHO_OFF: + +- if (strcmp(message, "Password:") != 0) { ++ if ((strcmp(message, "Password:") != 0) ++ && (strcmp(message, "Password: ") != 0)) { + TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt")) + rc = PAM_CONV_ERR; + break; +@@ -101,7 +102,9 @@ pamConvFunc(int num_msg, + + if ((strcmp(message, "login: " ) != 0) + && (strcmp(message, "login:" ) != 0) +- && (strcmp(message, "Please enter username: " ) != 0)) { ++ && (strcmp(message, "Please enter username: " ) != 0) ++ && (strcmp(message, "Login:" ) != 0) ++ && (strcmp(message, "Username:" ) != 0)) { + TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt")) + rc = PAM_CONV_ERR; + break; +@@ -184,7 +187,9 @@ void svr_auth_pam() { + goto cleanup; + } + ++#ifndef __NetBSD__ + (void) pam_fail_delay(pamHandlep, 0 /* musec_delay */); ++#endif + + /* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */ + -- cgit v1.2.3