kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

1. Fixed coredump on -STABLE

Browse source 
2. pass maintainership to Mathieu Arnold <m@absolight.fr>

PR:		41637
Submitted by:	old maintainer
This commit is contained in:
Ying-Chieh Liao 2002-09-18 14:33:23 +00:00
parent e08fa0da38
commit cb1f32d722
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=66610
4 changed files with 365 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
security/pam-pgsql/Makefile
View file

@ -7,16 +7,17 @@
PORTNAME= pam-pgsql
PORTVERSION= 0.5.2
PORTREVISION= 5
PORTREVISION= 6
CATEGORIES= security databases
MASTER_SITES= ${MASTER_SITE_DEBIAN} \
http://libpam-pgsql.codecastle.com/${PORTNAME}-${PORTVERSION}-${PORTREVISION}/
MASTER_SITE_SUBDIR= pool/non-US/main/p/pam-pgsql
DISTFILES= ${PORTNAME}_${PORTVERSION}.orig${EXTRACT_SUFX}
PATCHFILES= pam-pgsql_0.5.2-${PORTREVISION}.diff.gz
PATCHFILES= pam-pgsql_${PORTVERSION}-5.diff.gz
PATCH_SITES= ${MASTER_SITES}
MAINTAINER= andrey@mgul.ac.ru
MAINTAINER= m@absolight.fr
LIB_DEPENDS= pq:${PORTSDIR}/databases/postgresql7

2
security/pam-pgsql/files/Makefile.bsd
View file

@ -2,7 +2,7 @@
.PATH: ${FILESDIR}
SRCS= pam_pgsql.c pam_get_pass.c pam_std_option.c pam_get_service.c
SRCS= pam_pgsql.c pam_get_pass.c
SHLIB_NAME= pam_pgsql.so
LDADD= -lpam -L${LOCALBASE}/lib -lpq -lmd

73
security/pam-pgsql/files/patch-pam_get_pass.c Normal file
View file

@ -0,0 +1,73 @@
--- pam_get_pass.c.orig Mon Jan 14 17:45:55 2002
+++ pam_get_pass.c Tue Aug 13 18:31:56 2002
@@ -33,70 +33,7 @@
/* $Id: pam_get_pass.c,v 1.2 2000/06/25 09:39:28 ljb Exp $ */
#include <stdlib.h>
#include <security/pam_modules.h>
-#include "pam_mod_misc.h"
-
-static int pam_conv_pass(pam_handle_t *, const char *, int);
-
-static int
-pam_conv_pass(pam_handle_t *pamh, const char *prompt, int options)
-{
- int retval;
- const void *item;
- const struct pam_conv *conv;
- struct pam_message msg;
- const struct pam_message *msgs[1];
- struct pam_response *resp;
-
- if ((retval = pam_get_item(pamh, PAM_CONV, &item)) !=
- PAM_SUCCESS)
- return retval;
- conv = (const struct pam_conv *)item;
- msg.msg_style = options & PAM_OPT_ECHO_PASS ?
- PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF;
- msg.msg = prompt;
- msgs[0] = &msg;
- if ((retval = conv->conv(1, msgs, &resp, conv->appdata_ptr)) !=
- PAM_SUCCESS)
- return retval;
- if ((retval = pam_set_item(pamh, PAM_AUTHTOK, resp[0].resp)) !=
- PAM_SUCCESS)
- return retval;
- memset(resp[0].resp, 0, strlen(resp[0].resp));
- free(resp[0].resp);
- free(resp);
- return PAM_SUCCESS;
-}
-
-int
-pam_get_pass(pam_handle_t *pamh, const char **passp, const char *prompt,
- int options)
-{
- int retval;
- const void *item = NULL;
-
- /*
- * Grab the already-entered password if we might want to use it.
- */
- if (options & (PAM_OPT_TRY_FIRST_PASS | PAM_OPT_USE_FIRST_PASS)) {
- if ((retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) !=
- PAM_SUCCESS)
- return retval;
- }
-
- if (item == NULL) {
- /* The user hasn't entered a password yet. */
- if (options & PAM_OPT_USE_FIRST_PASS)
- return PAM_AUTH_ERR;
- /* Use the conversation function to get a password. */
- if ((retval = pam_conv_pass(pamh, prompt, options)) !=
- PAM_SUCCESS ||
- (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) !=
- PAM_SUCCESS)
- return retval;
- }
- *passp = (const char *)item;
- return PAM_SUCCESS;
-}
+#include <security/pam_mod_misc.h>
int

287
security/pam-pgsql/files/patch-pam_pgsql.c Normal file
View file

@ -0,0 +1,287 @@
--- pam_pgsql.c.orig Tue Aug 13 18:31:40 2002
+++ pam_pgsql.c Tue Aug 13 18:33:05 2002
@@ -23,7 +23,7 @@
#define PAM_SM_ACCOUNT
#define PAM_SM_PASSWORD
#include <security/pam_modules.h>
-#include "pam_mod_misc.h"
+#include <security/pam_mod_misc.h>
#define PASSWORD_PROMPT "Password: "
#define PASSWORD_PROMPT_NEW "New password: "
@@ -31,16 +31,15 @@
#define CONF "/etc/pam_pgsql.conf"
#define DBGLOG(x...) if(options->debug) { \
- openlog("PAM_pgsql", LOG_PID, LOG_AUTH); \
syslog(LOG_DEBUG, ##x); \
- closelog(); \
}
#define SYSLOG(x...) do { \
- openlog("PAM_pgsql", LOG_PID, LOG_AUTH); \
syslog(LOG_INFO, ##x); \
- closelog(); \
} while(0);
+int pam_get_confirm_pass(pam_handle_t *, const char **, const char *, const char *, int);
+
+
typedef enum {
PW_CLEAR = 1,
PW_MD5,
@@ -61,32 +60,36 @@
int debug;
};
-/* private: parse and set the specified string option */
-static void
-set_module_option(const char *option, struct module_options *options)
-{
- char *buf, *eq;
- char *val, *end;
-
- if(!option || !*option)
- return;
+enum {
+ PAM_DATABASE = PAM_OPT_STD_MAX,
+ PAM_TABLE,
+ PAM_DB_HOST,
+ PAM_DB_USER,
+ PAM_DB_PASSWORD,
+ PAM_USER_COLUMN,
+ PAM_PWD_COLUMN,
+ PAM_EXPIRED_COLUMN,
+ PAM_NEWTOK_COLUMN,
+ PAM_PW_TYPE
+};
- buf = strdup(option);
+static struct opttab other_options[] = {
+ {"database", PAM_DATABASE},
+ {"table", PAM_TABLE},
+ {"host", PAM_DB_HOST},
+ {"user", PAM_DB_USER},
+ {"password", PAM_DB_PASSWORD},
+ {"user_column", PAM_USER_COLUMN},
+ {"pwd_column", PAM_PWD_COLUMN},
+ {"expired_column", PAM_EXPIRED_COLUMN},
+ {"newtok_column", PAM_NEWTOK_COLUMN},
+ {"pw_type", PAM_PW_TYPE},
+ {NULL, 0}
+};
- if((eq = strchr(buf, '='))) {
- end = eq - 1;
- val = eq + 1;
- if(end <= buf || !*val)
- return;
- while(end > buf && isspace(*end))
- end--;
- end++;
- *end = '\0';
- while(*val && isspace(*val))
- val++;
- } else {
- val = NULL;
- }
+/* set the specified string option */
+static void
+set_option_val(struct module_options * options, const char * buf, char * val) {
DBGLOG("setting option: %s=>%s\n", buf, val);
@@ -118,17 +121,48 @@
} else if(!strcmp(buf, "debug")) {
options->debug = 1;
}
+}
+
+/* private: parse the specified string option */
+static void
+set_module_option(const char *option, struct module_options *options)
+{
+ char *buf, *eq;
+ char *val, *end;
+
+ if(!option || !*option)
+ return;
+
+ buf = strdup(option);
+
+ if((eq = strchr(buf, '='))) {
+ end = eq - 1;
+ val = eq + 1;
+ if(end <= buf || !*val)
+ return;
+ while(end > buf && isspace(*end))
+ end--;
+ end++;
+ *end = '\0';
+ while(*val && isspace(*val))
+ val++;
+ } else {
+ val = NULL;
+ }
+
+ set_option_val(options, buf, val);
free(buf);
}
/* private: read module options from file or commandline */
static int
-get_module_options(int argc, const char **argv, struct module_options **options)
+get_module_options(int argc, const char **argv, struct module_options **options, struct options * pam_options)
{
int i, rc;
FILE *fp;
struct module_options *opts;
+ char *c;
opts = (struct module_options *)malloc(sizeof *opts);
bzero(opts, sizeof(*opts));
@@ -154,11 +188,11 @@
fclose(fp);
}
- for(i = 0; i < argc; i++) {
- if(pam_std_option(&rc, argv[i]) == 0)
- continue;
- set_module_option(argv[i], opts);
+ for(i = PAM_OPT_STD_MAX; i <= PAM_PW_TYPE; i++) {
+ if (pam_test_option(pam_options, i, &c))
+ set_option_val(opts, other_options[i - PAM_OPT_STD_MAX].name, c);
}
+
*options = opts;
return rc;
@@ -257,7 +291,7 @@
free(conn_str);
if(PQstatus(conn) != CONNECTION_OK) {
- SYSLOG("PostgreSQL connection failed: '%s'", PQerrorMessage(conn));
+ SYSLOG("PostgreSQL connection failed: '%s' '%s'", PQerrorMessage(conn), conn_str);
return NULL;
}
@@ -412,7 +446,6 @@
user_s = malloc(ulen);
sqlescape(user, user_s, strlen(user));
-DBGLOG(user_s);
DBGLOG("query: SELECT %s FROM %s WHERE %s='%s'", options->pwd_column, options->table, options->user_column, user);
if(pg_exec(options, conn, &res, "SELECT %s FROM %s WHERE %s='%s'",
@@ -463,13 +496,17 @@
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
struct module_options *options;
+ struct options pam_options;
const char *user, *password;
int rc, std_flags;
if((rc = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS)
return rc;
- std_flags = get_module_options(argc, argv, &options);
+ pam_std_option(&pam_options, other_options, argc, argv);
+
+ std_flags = get_module_options(argc, argv, &options, &pam_options);
+
if(options_valid(options) != 0) {
free_module_options(options);
return PAM_AUTH_ERR;
@@ -477,18 +514,19 @@
DBGLOG("attempting to authenticate: %s", user);
- if((rc = pam_get_pass(pamh, &password, PASSWORD_PROMPT, std_flags)
+ if((rc = pam_get_pass(pamh, &password, PASSWORD_PROMPT, &pam_options)
!= PAM_SUCCESS)) {
free_module_options(options);
return rc;
}
+ DBGLOG("received : user: '%s', pass: '%s'", user, password);
if((rc = auth_verify_password(user, password, options)) != PAM_SUCCESS) {
free_module_options(options);
return rc;
}
- SYSLOG("(%s) user %s authenticated.", pam_get_service(pamh), user);
+ SYSLOG("user %s authenticated.", user);
free_module_options(options);
return PAM_SUCCESS;
@@ -500,13 +538,16 @@
const char **argv)
{
struct module_options *options;
+ struct options pam_options;
const char *user;
char *user_s;
int rc, ulen;
PGconn *conn;
PGresult *res;
- get_module_options(argc, argv, &options);
+ pam_std_option(&pam_options, other_options, argc, argv);
+
+ get_module_options(argc, argv, &options, &pam_options);
if(options_valid(options) != 0) {
free_module_options(options);
return PAM_AUTH_ERR;
@@ -590,13 +631,16 @@
pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
struct module_options *options;
+ struct options pam_options;
int rc, std_flags, ulen;
const char *user, *pass, *newpass;
char *newpass_crypt, *user_s;
PGconn *conn;
PGresult *res;
- std_flags = get_module_options(argc, argv, &options);
+ pam_std_option(&pam_options, other_options, argc, argv);
+
+ std_flags = get_module_options(argc, argv, &options, &pam_options);
if(options_valid(options) != 0) {
free_module_options(options);
return PAM_AUTH_ERR;
@@ -614,7 +658,7 @@
if(flags & PAM_PRELIM_CHECK) {
/* at this point, this is the first time we get called */
- if((rc = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, std_flags)) == PAM_SUCCESS) {
+ if((rc = pam_get_pass(pamh, &pass, PASSWORD_PROMPT, &pam_options)) == PAM_SUCCESS) {
if((rc = auth_verify_password(user, pass, options)) == PAM_SUCCESS) {
rc = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *)pass);
if(rc != PAM_SUCCESS) {
@@ -640,7 +684,7 @@
}
rc = auth_verify_password(user, pass, options);
if(rc != PAM_SUCCESS) {
- SYSLOG("(%s) user '%s' not authenticated.", pam_get_service(pamh), user);
+ SYSLOG("user '%s' not authenticated.", user);
free_module_options(options);
return rc;
}
@@ -698,7 +742,7 @@
free_module_options(options);
free(user_s);
- SYSLOG("(%s) password for '%s' was changed.", pam_get_service(pamh), user);
+ SYSLOG("password for '%s' was changed.", user);
return PAM_SUCCESS;
}
@@ -707,4 +751,6 @@
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
return PAM_SUCCESS;
-}
+}
+
+PAM_MODULE_ENTRY("pam_pgsql");