From owner-freebsd-ports Sun Nov 5 2:10: 9 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1788137B4D7 for ; Sun, 5 Nov 2000 02:10:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id CAA56356; Sun, 5 Nov 2000 02:10:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from mgate03.so-net.ne.jp (mgate03.so-net.ne.jp [210.139.254.150]) by hub.freebsd.org (Postfix) with ESMTP id 0E70837B4C5 for ; Sun, 5 Nov 2000 02:08:24 -0800 (PST) Received: from mail.ba2.so-net.ne.jp (mail.ba2.so-net.ne.jp [210.139.254.21]) by mgate03.so-net.ne.jp (8.8.8+3.0Wbeta9/3.6W00101717) with ESMTP id TAA25198 for ; Sun, 5 Nov 2000 19:08:22 +0900 (JST) Received: from ba2.so-net.ne.jp (pee4aac.tokynt01.ap.so-net.ne.jp [202.238.74.172]) by mail.ba2.so-net.ne.jp (8.8.8/3.7W99081617) with ESMTP id TAA03273 for ; Sun, 5 Nov 2000 19:08:21 +0900 (JST) Received: (from sanewo@localhost) by ba2.so-net.ne.jp (8.11.1/8.11.1) id eA5A7oV19205; Sun, 5 Nov 2000 19:07:50 +0900 (JST) (envelope-from sanewo) Message-Id: <200011051007.eA5A7oV19205@ba2.so-net.ne.jp> Date: Sun, 5 Nov 2000 19:07:50 +0900 (JST) From: sanewo@ba2.so-net.ne.jp Reply-To: sanewo@ba2.so-net.ne.jp To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: ports/22615: fix for xdm to cope with PAM Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 22615 >Category: ports >Synopsis: fix for xdm to cope with PAM >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Nov 05 02:10:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Takanori Saneto >Release: FreeBSD 4.2-BETA i386 >Organization: an individual >Environment: x11/XFree86-4, x11/XFree86-4-client ports as of today. >Description: 1. Although XFree86-4.0.1's xdm supports pam authentication, it is not enabled for FreeBSD platform. 2. Moreover, pam support in XFree86 has a bug which prevents pam_ssh from supporting session management (automatic ssh-agent invocation). NOTE: This patch is already sent to xpert@XFree86.org (couple weeks ago), but is not incorporated to the source yet. >How-To-Repeat: Try following pam.conf setting work before/after applying the patch. >Fix: Put this patch in /usr/ports/x11/XFree86-4/files and rebuild the ports. Patch to Imakefile fixes the problem 1. Patches to other files fixes problem 2. NOTE: You need to fix openssh (see PR bin/22614) to make it work. (ports version of openssh seems to be fixed already) Index: programs/xdm/Imakefile =================================================================== RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/Imakefile,v retrieving revision 3.36 diff -u -r3.36 Imakefile --- programs/xdm/Imakefile 2000/06/17 00:27:34 3.36 +++ programs/xdm/Imakefile 2000/10/07 11:06:01 @@ -68,16 +68,16 @@ XPM_DEFINES = -DXPM +#if HasPam +PAM_LIBRARIES = -lpam DlLibrary +PAM_DEFINES = -DUSE_PAM +#endif + #if SystemV4 || HasShadowPasswd #if !LinuxShadowSuite PWD_DEFINES = -DUSESHADOW #else PWD_DEFINES = -DUSESHADOW -DSHADOWSUITE -#endif - -#if HasPam -PAM_LIBRARIES = -lpam DlLibrary -PAM_DEFINES = -DUSE_PAM #endif #if !defined(i386IscArchitecture) && !defined(i386ScoArchitecture) && !defined(LinuxArchitecture) && !defined(NTOArchitecture) && !defined(SGIArchitecture) Index: programs/xdm/dm.h =================================================================== RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/dm.h,v retrieving revision 3.19 diff -u -r3.19 dm.h --- programs/xdm/dm.h 2000/06/14 00:16:14 3.19 +++ programs/xdm/dm.h 2000/10/08 10:10:36 @@ -417,7 +417,7 @@ /* in session.c */ #ifdef USE_PAM -extern pam_handle_t *thepamh(void); +extern pam_handle_t **thepamh(void); #endif extern char **defaultEnv (void); extern char **systemEnv (struct display *d, char *user, char *home); Index: programs/xdm/greet.h =================================================================== RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/greet.h,v retrieving revision 1.5 diff -u -r1.5 greet.h --- programs/xdm/greet.h 2000/05/31 07:15:11 1.5 +++ programs/xdm/greet.h 2000/10/08 10:08:23 @@ -82,7 +82,7 @@ #endif char *(*_crypt)(CRYPT_ARGS); #ifdef USE_PAM - pam_handle_t *(*_thepamh)(void); + pam_handle_t **(*_thepamh)(void); #endif }; @@ -178,7 +178,7 @@ #endif extern char *(*__xdm_crypt)(CRYPT_ARGS); #ifdef USE_PAM -extern pam_handle_t *(*__xdm_thepamh)(void); +extern pam_handle_t **(*__xdm_thepamh)(void); #endif /* Index: programs/xdm/session.c =================================================================== RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/session.c,v retrieving revision 3.23 diff -u -r3.23 session.c --- programs/xdm/session.c 2000/06/17 00:27:34 3.23 +++ programs/xdm/session.c 2000/10/08 10:09:49 @@ -97,10 +97,10 @@ extern char *crypt(CRYPT_ARGS); #endif #ifdef USE_PAM -pam_handle_t *thepamh() +pam_handle_t **thepamh() { static pam_handle_t *pamh = NULL; - return pamh; + return &pamh; } #endif @@ -468,7 +468,7 @@ if (removeAuth) { #ifdef USE_PAM - pam_handle_t *pamh = thepamh(); + pam_handle_t **pamh = thepamh(); #endif setgid (verify.gid); setuid (verify.uid); @@ -498,11 +498,11 @@ } #endif /* K5AUTH */ #ifdef USE_PAM - if (pamh) { + if (pamh && *pamh) { /* shutdown PAM session */ - pam_close_session(pamh, 0); - pam_end(pamh, PAM_SUCCESS); - pamh = NULL; + pam_close_session(*pamh, 0); + pam_end(*pamh, PAM_SUCCESS); + *pamh = NULL; } #endif } @@ -525,7 +525,7 @@ struct passwd* pwd; #endif #ifdef USE_PAM - pam_handle_t *pamh = thepamh(); + pam_handle_t **pamh = thepamh(); #endif if (verify->argv) { @@ -540,7 +540,7 @@ Debug ("\n"); } #ifdef USE_PAM - if (pamh) pam_open_session(pamh, 0); + if (pamh && *pamh) pam_open_session(*pamh, 0); #endif switch (pid = fork ()) { case 0: @@ -554,9 +554,9 @@ #ifdef USE_PAM /* pass in environment variables set by libpam and modules it called */ - if (pamh) { + if (pamh && *pamh) { long i; - char **pam_env = pam_getenvlist(pamh); + char **pam_env = pam_getenvlist(*pamh); for(i = 0; pam_env && pam_env[i]; i++) { verify->userEnviron = putEnv(pam_env[i], verify->userEnviron); } Index: programs/xdm/greeter/greet.c =================================================================== RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/greeter/greet.c,v retrieving revision 3.7 diff -u -r3.7 greet.c --- programs/xdm/greeter/greet.c 2000/06/14 00:16:16 3.7 +++ programs/xdm/greeter/greet.c 2000/10/08 10:08:09 @@ -83,7 +83,7 @@ #endif char *(*__xdm_crypt)(CRYPT_ARGS) = NULL; #ifdef USE_PAM -pam_handle_t *(*__xdm_thepamh)(void) = NULL; +pam_handle_t **(*__xdm_thepamh)(void) = NULL; #endif #endif Index: programs/xdm/greeter/verify.c =================================================================== RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/greeter/verify.c,v retrieving revision 3.9 diff -u -r3.9 verify.c --- programs/xdm/greeter/verify.c 2000/06/14 00:16:16 3.9 +++ programs/xdm/greeter/verify.c 2000/10/08 10:10:28 @@ -163,7 +163,7 @@ { struct passwd *p; #ifdef USE_PAM - pam_handle_t *pamh = thepamh(); + pam_handle_t **pamh = thepamh(); #else #ifdef USESHADOW struct spwd *sp; @@ -312,19 +312,19 @@ #else /* USE_PAM */ #define PAM_BAIL \ - if (pam_error != PAM_SUCCESS) { pam_end(pamh, 0); return 0; } + if (pam_error != PAM_SUCCESS) { pam_end(*pamh, 0); return 0; } PAM_password = greet->password; - pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh); + pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, pamh); PAM_BAIL; - pam_error = pam_set_item(pamh, PAM_TTY, d->name); + pam_error = pam_set_item(*pamh, PAM_TTY, d->name); PAM_BAIL; - pam_error = pam_authenticate(pamh, 0); + pam_error = pam_authenticate(*pamh, 0); PAM_BAIL; - pam_error = pam_acct_mgmt(pamh, 0); + pam_error = pam_acct_mgmt(*pamh, 0); /* really should do password changing, but it doesn't fit well */ PAM_BAIL; - pam_error = pam_setcred(pamh, 0); + pam_error = pam_setcred(*pamh, 0); PAM_BAIL; #undef PAM_BAIL #endif /* USE_PAM */ >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message