ports/138483: security/pam_pwdfile port doesn't work post update to 0.99
Michael Schout
mschout at gkg.net
Sat Sep 5 03:30:04 UTC 2009
The following reply was made to PR ports/138483; it has been noted by GNATS.
From: Michael Schout <mschout at gkg.net>
To: bug-followup at FreeBSD.org, me at benschumacher.com
Cc:
Subject: Re: ports/138483: security/pam_pwdfile port doesn't work post update
to 0.99
Date: Fri, 04 Sep 2009 22:20:08 -0500
This is a multi-part message in MIME format.
--------------090703090901050304020601
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Very sorry about that.
Attached patch against the port fixes all problems.
the md5 files and also bigcrypt needed to get compiled.
In addition, a header is needed, _pam_macros.h, which are not available
on FreeBSD. I pulled this header from the Linux-PAM package and
included it so that it compiles.
I bumped the portrevision to 1
I ran pamtester against it, and it succeeds now.
Please commit to security/pam_pwdfile in ports tree.
--------------090703090901050304020601
Content-Type: text/x-patch;
name="pam_pwdfile-fix.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="pam_pwdfile-fix.patch"
diff --git a/security/pam_pwdfile/Makefile b/security/pam_pwdfile/Makefile
index f3c5ade..27272ab 100644
--- a/security/pam_pwdfile/Makefile
+++ b/security/pam_pwdfile/Makefile
@@ -7,6 +7,7 @@
PORTNAME= pam_pwdfile
PORTVERSION= 0.99
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= http://cpbotha.net/files/pam_pwdfile/
@@ -17,9 +18,11 @@ MAKEFILE= ${FILESDIR}/Makefile.bsd
PLIST_FILES= lib/pam_pwdfile.so
PORTDOCS= README INSTALL changelog
+CFLAGS+= -I${WRKSRC}
post-patch:
${REINPLACE_CMD} -e 's|#include <features.h>||g' ${WRKSRC}/pam_pwdfile.c
+ ${CP} ${FILESDIR}/_pam_macros.h ${WRKSRC}
post-install:
.if !defined(NOPORTDOCS)
diff --git a/security/pam_pwdfile/files/Makefile.bsd b/security/pam_pwdfile/files/Makefile.bsd
index 0a6f5c8..8c848c8 100644
--- a/security/pam_pwdfile/files/Makefile.bsd
+++ b/security/pam_pwdfile/files/Makefile.bsd
@@ -1,6 +1,12 @@
# inspired from pam-pgsql port :-)
-SRCS= pam_pwdfile.c
+SRCS= pam_pwdfile.c \
+ bigcrypt.c \
+ md5_good.c \
+ md5_crypt_good.c \
+ md5_broken.c \
+ md5_crypt_broken.c
+
SHLIB_NAME= pam_pwdfile.so
LDADD= -lpam -lcrypt
@@ -8,4 +14,16 @@ CFLAGS+= -Wall -D_BSD_SOURCE
LIBDIR= ${LOCALBASE}/lib
+md5_good.c: md5.c
+ $(CPP) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' -o $@ $>
+
+md5_broken.c: md5.c
+ $(CPP) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' -o $@ $>
+
+md5_crypt_good.c: md5_crypt.c
+ $(CPP) $(CPPFLAGS) -D'MD5Name(x)=Good##x' -o $@ $>
+
+md5_crypt_broken.c: md5_crypt.c
+ $(CPP) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' -o $@ $>
+
.include <bsd.lib.mk>
diff --git a/security/pam_pwdfile/files/_pam_macros.h b/security/pam_pwdfile/files/_pam_macros.h
new file mode 100644
index 0000000..bd107cf
--- /dev/null
+++ b/security/pam_pwdfile/files/_pam_macros.h
@@ -0,0 +1,196 @@
+#ifndef PAM_MACROS_H
+#define PAM_MACROS_H
+
+/*
+ * All kind of macros used by PAM, but usable in some other
+ * programs too.
+ * Organized by Cristian Gafton <gafton at redhat.com>
+ */
+
+/* a 'safe' version of strdup */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define x_strdup(s) ( (s) ? strdup(s):NULL )
+
+/* Good policy to strike out passwords with some characters not just
+ free the memory */
+
+#define _pam_overwrite(x) \
+do { \
+ register char *__xx__; \
+ if ((__xx__=(x))) \
+ while (*__xx__) \
+ *__xx__++ = '\0'; \
+} while (0)
+
+#define _pam_overwrite_n(x,n) \
+do { \
+ register char *__xx__; \
+ register unsigned int __i__ = 0; \
+ if ((__xx__=(x))) \
+ for (;__i__<n; __i__++) \
+ __xx__[__i__] = 0; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) \
+do { \
+ if (X) { \
+ free(X); \
+ X=NULL; \
+ } \
+} while (0)
+
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do { \
+ int reply_i; \
+ \
+ for (reply_i=0; reply_i<replies; ++reply_i) { \
+ if (reply[reply_i].resp) { \
+ _pam_overwrite(reply[reply_i].resp); \
+ free(reply[reply_i].resp); \
+ } \
+ } \
+ if (reply) \
+ free(reply); \
+} while (0)
+
+/* some debugging code */
+
+#ifdef DEBUG
+
+/*
+ * This provides the necessary function to do debugging in PAM.
+ * Cristian Gafton <gafton at redhat.com>
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+/*
+ * This is for debugging purposes ONLY. DO NOT use on live systems !!!
+ * You have been warned :-) - CG
+ *
+ * to get automated debugging to the log file, it must be created manually.
+ * _PAM_LOGFILE must exist and be writable to the programs you debug.
+ */
+
+#ifndef _PAM_LOGFILE
+#define _PAM_LOGFILE "/var/run/pam-debug.log"
+#endif
+
+static void _pam_output_debug_info(const char *file, const char *fn
+ , const int line)
+{
+ FILE *logfile;
+ int must_close = 1, fd;
+
+#ifdef O_NOFOLLOW
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+ if (!(logfile = fdopen(fd,"a"))) {
+ logfile = stderr;
+ must_close = 0;
+ close(fd);
+ }
+ } else {
+ logfile = stderr;
+ must_close = 0;
+ }
+ fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
+ fflush(logfile);
+ if (must_close)
+ fclose(logfile);
+}
+
+static void _pam_output_debug(const char *format, ...)
+{
+ va_list args;
+ FILE *logfile;
+ int must_close = 1, fd;
+
+ va_start(args, format);
+
+#ifdef O_NOFOLLOW
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+ if (!(logfile = fdopen(fd,"a"))) {
+ logfile = stderr;
+ must_close = 0;
+ close(fd);
+ }
+ } else {
+ logfile = stderr;
+ must_close = 0;
+ }
+ vfprintf(logfile, format, args);
+ fprintf(logfile, "\n");
+ fflush(logfile);
+ if (must_close)
+ fclose(logfile);
+
+ va_end(args);
+}
+
+#define D(x) do { \
+ _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
+ _pam_output_debug x ; \
+} while (0)
+
+#define _pam_show_mem(X,XS) do { \
+ int i; \
+ register unsigned char *x; \
+ x = (unsigned char *)X; \
+ fprintf(stderr, " <start at %p>\n", X); \
+ for (i = 0; i < XS ; ++x, ++i) { \
+ fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \
+ } \
+ fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \
+} while (0)
+
+#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \
+do { \
+ int reply_i; \
+ setbuf(stderr, NULL); \
+ fprintf(stderr, "array at %p of size %d\n",reply,replies); \
+ fflush(stderr); \
+ if (reply) { \
+ for (reply_i = 0; reply_i < replies; reply_i++) { \
+ fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \
+ reply_i, reply+reply_i, reply[reply_i].resp, \
+ reply[reply_i].resp, _retcode); \
+ fflush(stderr); \
+ if (reply[reply_i].resp) { \
+ fprintf(stderr, " resp[%d] = '%s'\n", \
+ strlen(reply[reply_i].resp), reply[reply_i].resp); \
+ fflush(stderr); \
+ } \
+ } \
+ } \
+ fprintf(stderr, "done here\n"); \
+ fflush(stderr); \
+} while (0)
+
+#else
+
+#define D(x) do { } while (0)
+#define _pam_show_mem(X,XS) do { } while (0)
+#define _pam_show_reply(reply, replies) do { } while (0)
+
+#endif /* DEBUG */
+
+#endif /* PAM_MACROS_H */
diff --git a/security/pam_pwdfile/files/patch-bigcrypt.c b/security/pam_pwdfile/files/patch-bigcrypt.c
new file mode 100644
index 0000000..bb1f31c
--- /dev/null
+++ b/security/pam_pwdfile/files/patch-bigcrypt.c
@@ -0,0 +1,11 @@
+--- bigcrypt.c.orig 2009-09-04 18:37:28.000000000 -0500
++++ bigcrypt.c 2009-09-04 18:37:30.000000000 -0500
+@@ -25,7 +25,7 @@
+ */
+
+ #include <string.h>
+-#include <security/_pam_macros.h>
++#include <_pam_macros.h>
+
+ char *crypt(const char *key, const char *salt);
+ char *bigcrypt(const char *key, const char *salt);
--------------090703090901050304020601--
More information about the freebsd-ports-bugs
mailing list