git: 293b50911ab5 - main - security/pecl-pam: Update to 2.2.3
Po-Chuan Hsieh
sunpoet at FreeBSD.org
Tue Sep 21 22:24:56 UTC 2021
The branch main has been updated by sunpoet:
URL: https://cgit.FreeBSD.org/ports/commit/?id=293b50911ab590623c2924db77a0224404203120
commit 293b50911ab590623c2924db77a0224404203120
Author: Po-Chuan Hsieh <sunpoet at FreeBSD.org>
AuthorDate: 2021-09-21 22:13:09 +0000
Commit: Po-Chuan Hsieh <sunpoet at FreeBSD.org>
CommitDate: 2021-09-21 22:23:26 +0000
security/pecl-pam: Update to 2.2.3
Changes: https://pecl.php.net/package-changelog.php?package=PAM
---
security/pecl-pam/Makefile | 9 +-
security/pecl-pam/distinfo | 6 +-
security/pecl-pam/files/_pam_macros.h | 196 ++++++++++++++++++++++++++++++++++
security/pecl-pam/files/patch-pam.c | 130 ++--------------------
4 files changed, 214 insertions(+), 127 deletions(-)
diff --git a/security/pecl-pam/Makefile b/security/pecl-pam/Makefile
index 162435e0928e..0c15ffe5a381 100644
--- a/security/pecl-pam/Makefile
+++ b/security/pecl-pam/Makefile
@@ -1,8 +1,7 @@
# Created by: wen at FreeBSD.org
PORTNAME= pam
-PORTVERSION= 1.0.3
-PORTREVISION= 2
+PORTVERSION= 2.2.3
CATEGORIES= security pear
MAINTAINER= sunpoet at FreeBSD.org
@@ -10,8 +9,10 @@ COMMENT= PECL classes for PAM integration
LICENSE= PHP202
-USES= dos2unix php:pecl
+USES= php:pecl
-IGNORE_WITH_PHP=80
+post-patch:
+# https://github.com/linux-pam/linux-pam/blob/master/libpam/include/security/_pam_macros.h
+ @${CP} ${FILESDIR}/_pam_macros.h ${WRKSRC}/_pam_macros.h
.include <bsd.port.mk>
diff --git a/security/pecl-pam/distinfo b/security/pecl-pam/distinfo
index a4efd06f5ceb..7a26046393db 100644
--- a/security/pecl-pam/distinfo
+++ b/security/pecl-pam/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1491395894
-SHA256 (PECL/pam-1.0.3.tgz) = 2e00f253ffd987e2634b44689473beb61ae64120a3899b6f2d1ffdde06ddc887
-SIZE (PECL/pam-1.0.3.tgz) = 6671
+TIMESTAMP = 1632227500
+SHA256 (PECL/pam-2.2.3.tgz) = fda3b5f719d51cb278351eedd3d7a96db75661324d81fdcf8072a4309121bc92
+SIZE (PECL/pam-2.2.3.tgz) = 9422
diff --git a/security/pecl-pam/files/_pam_macros.h b/security/pecl-pam/files/_pam_macros.h
new file mode 100644
index 000000000000..e891e2261b5e
--- /dev/null
+++ b/security/pecl-pam/files/_pam_macros.h
@@ -0,0 +1,196 @@
+#ifndef PAM_MACROS_H
+#define PAM_MACROS_H
+
+/*
+ * All kind of macros used by PAM, but usable in some other
+ * programs too.
+ * Organized by Cristian Gafton <gafton at redhat.com>
+ */
+
+/* a 'safe' version of strdup */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define x_strdup(s) ( (s) ? strdup(s):NULL )
+
+/* Good policy to strike out passwords with some characters not just
+ free the memory */
+
+#define _pam_overwrite(x) \
+do { \
+ register char *__xx__; \
+ if ((__xx__=(x))) \
+ while (*__xx__) \
+ *__xx__++ = '\0'; \
+} while (0)
+
+#define _pam_overwrite_n(x,n) \
+do { \
+ register char *__xx__; \
+ register unsigned int __i__ = 0; \
+ if ((__xx__=(x))) \
+ for (;__i__<n; __i__++) \
+ __xx__[__i__] = 0; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) \
+do { \
+ if (X) { \
+ free(X); \
+ X=NULL; \
+ } \
+} while (0)
+
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do { \
+ int reply_i; \
+ \
+ for (reply_i=0; reply_i<replies; ++reply_i) { \
+ if (reply[reply_i].resp) { \
+ _pam_overwrite(reply[reply_i].resp); \
+ free(reply[reply_i].resp); \
+ } \
+ } \
+ if (reply) \
+ free(reply); \
+} while (0)
+
+/* some debugging code */
+
+#ifdef PAM_DEBUG
+
+/*
+ * This provides the necessary function to do debugging in PAM.
+ * Cristian Gafton <gafton at redhat.com>
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+/*
+ * This is for debugging purposes ONLY. DO NOT use on live systems !!!
+ * You have been warned :-) - CG
+ *
+ * to get automated debugging to the log file, it must be created manually.
+ * _PAM_LOGFILE must exist and be writable to the programs you debug.
+ */
+
+#ifndef _PAM_LOGFILE
+#define _PAM_LOGFILE "/var/run/pam-debug.log"
+#endif
+
+static void _pam_output_debug_info(const char *file, const char *fn
+ , const int line)
+{
+ FILE *logfile;
+ int must_close = 1, fd;
+
+#ifdef O_NOFOLLOW
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+ if (!(logfile = fdopen(fd,"a"))) {
+ logfile = stderr;
+ must_close = 0;
+ close(fd);
+ }
+ } else {
+ logfile = stderr;
+ must_close = 0;
+ }
+ fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
+ fflush(logfile);
+ if (must_close)
+ fclose(logfile);
+}
+
+static void _pam_output_debug(const char *format, ...)
+{
+ va_list args;
+ FILE *logfile;
+ int must_close = 1, fd;
+
+ va_start(args, format);
+
+#ifdef O_NOFOLLOW
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+ if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+ if (!(logfile = fdopen(fd,"a"))) {
+ logfile = stderr;
+ must_close = 0;
+ close(fd);
+ }
+ } else {
+ logfile = stderr;
+ must_close = 0;
+ }
+ vfprintf(logfile, format, args);
+ fprintf(logfile, "\n");
+ fflush(logfile);
+ if (must_close)
+ fclose(logfile);
+
+ va_end(args);
+}
+
+#define D(x) do { \
+ _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
+ _pam_output_debug x ; \
+} while (0)
+
+#define _pam_show_mem(X,XS) do { \
+ int i; \
+ register unsigned char *x; \
+ x = (unsigned char *)X; \
+ fprintf(stderr, " <start at %p>\n", X); \
+ for (i = 0; i < XS ; ++x, ++i) { \
+ fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \
+ } \
+ fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \
+} while (0)
+
+#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \
+do { \
+ int reply_i; \
+ setbuf(stderr, NULL); \
+ fprintf(stderr, "array at %p of size %d\n",reply,replies); \
+ fflush(stderr); \
+ if (reply) { \
+ for (reply_i = 0; reply_i < replies; reply_i++) { \
+ fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \
+ reply_i, reply+reply_i, reply[reply_i].resp, \
+ reply[reply_i].resp, _retcode); \
+ fflush(stderr); \
+ if (reply[reply_i].resp) { \
+ fprintf(stderr, " resp[%d] = '%s'\n", \
+ strlen(reply[reply_i].resp), reply[reply_i].resp); \
+ fflush(stderr); \
+ } \
+ } \
+ } \
+ fprintf(stderr, "done here\n"); \
+ fflush(stderr); \
+} while (0)
+
+#else
+
+#define D(x) do { } while (0)
+#define _pam_show_mem(X,XS) do { } while (0)
+#define _pam_show_reply(reply, replies) do { } while (0)
+
+#endif /* PAM_DEBUG */
+
+#endif /* PAM_MACROS_H */
diff --git a/security/pecl-pam/files/patch-pam.c b/security/pecl-pam/files/patch-pam.c
index 7edcdcbfe9f7..02db30284d6f 100644
--- a/security/pecl-pam/files/patch-pam.c
+++ b/security/pecl-pam/files/patch-pam.c
@@ -1,121 +1,11 @@
-Obtained from Gentoo:
- https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f113e301d3d56ef3c9623c40014000a102db15c
-
---- pam.c.orig 2018-01-02 11:11:25 UTC
+--- pam.c.orig 2021-06-08 06:30:45 UTC
+++ pam.c
-@@ -227,8 +227,13 @@ int chpass_pam_talker(int num_msg,
- PHP_FUNCTION(pam_auth)
- {
- char *username, *password;
-+#if PHP_MAJOR_VERSION >= 7
-+ size_t username_len, password_len;
-+ zval *status = NULL, *server, *remote_addr;
-+#else
- int username_len, password_len;
- zval *status = NULL, **server, **remote_addr;
-+#endif
- zend_bool checkacctmgmt = 1;
-
- pam_auth_t userinfo = {NULL, NULL};
-@@ -248,22 +253,37 @@ PHP_FUNCTION(pam_auth)
- if (status) {
- spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_start");
- zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+ ZVAL_STRING(status, error_msg);
-+ efree(error_msg);
-+#else
- ZVAL_STRING(status, error_msg, 0);
-+#endif
- }
- RETURN_FALSE;
- }
-
-+#if PHP_MAJOR_VERSION >= 7
-+ if ((remote_addr = zend_hash_str_find(Z_ARR(PG(http_globals)[TRACK_VARS_SERVER]), "REMOTE_ADDR", sizeof("REMOTE_ADDR")-1)) != NULL && Z_TYPE_P(remote_addr) == IS_STRING) {
-+ pam_set_item(pamh, PAM_RHOST, Z_STRVAL_P(remote_addr));
-+#else
- if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **)&server) == SUCCESS && Z_TYPE_PP(server) == IS_ARRAY) {
- if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **)&remote_addr) == SUCCESS && Z_TYPE_PP(remote_addr) == IS_STRING) {
- pam_set_item(pamh, PAM_RHOST, Z_STRVAL_PP(remote_addr));
- }
-+#endif
- }
-
- if ((result = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
- if (status) {
- spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_authenticate");
- zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+ ZVAL_STRING(status, error_msg);
-+ efree(error_msg);
-+#else
- ZVAL_STRING(status, error_msg, 0);
-+#endif
- }
- pam_end(pamh, PAM_SUCCESS);
- RETURN_FALSE;
-@@ -274,7 +294,12 @@ PHP_FUNCTION(pam_auth)
- if (status) {
- spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_acct_mgmt");
- zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+ ZVAL_STRING(status, error_msg);
-+ efree(error_msg);
-+#else
- ZVAL_STRING(status, error_msg, 0);
-+#endif
- }
- pam_end(pamh, PAM_SUCCESS);
- RETURN_FALSE;
-@@ -291,7 +316,11 @@ PHP_FUNCTION(pam_auth)
- PHP_FUNCTION(pam_chpass)
- {
- char *username, *oldpass, *newpass;
-+#if PHP_MAJOR_VERSION >= 7
-+ size_t username_len, oldpass_len, newpass_len;
-+#else
- int username_len, oldpass_len, newpass_len;
-+#endif
- zval *status = NULL;
-
- pam_chpass_t userinfo = {NULL, NULL, NULL, 0};
-@@ -312,7 +341,12 @@ PHP_FUNCTION(pam_chpass)
- if (status) {
- spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_start");
- zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+ ZVAL_STRING(status, error_msg);
-+ efree(error_msg);
-+#else
- ZVAL_STRING(status, error_msg, 0);
-+#endif
- }
- RETURN_FALSE;
- }
-@@ -321,7 +355,12 @@ PHP_FUNCTION(pam_chpass)
- if (status) {
- spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_authenticate");
- zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+ ZVAL_STRING(status, error_msg);
-+ efree(error_msg);
-+#else
- ZVAL_STRING(status, error_msg, 0);
-+#endif
- }
- pam_end(pamh, PAM_SUCCESS);
- RETURN_FALSE;
-@@ -331,7 +370,12 @@ PHP_FUNCTION(pam_chpass)
- if (status) {
- spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_chauthtok");
- zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+ ZVAL_STRING(status, error_msg);
-+ efree(error_msg);
-+#else
- ZVAL_STRING(status, error_msg, 0);
-+#endif
- }
- pam_end(pamh, PAM_SUCCESS);
- RETURN_FALSE;
+@@ -25,7 +25,7 @@
+ #include "ext/standard/info.h"
+ #include "php_pam.h"
+ #include <security/pam_appl.h>
+-#include <security/_pam_macros.h>
++#include "_pam_macros.h"
+
+ #if PHP_VERSION_ID < 80000
+ #include "pam_legacy_arginfo.h"
More information about the dev-commits-ports-all
mailing list