Date: Sun, 5 Nov 2000 19:07:50 +0900 (JST) From: sanewo@ba2.so-net.ne.jp To: FreeBSD-gnats-submit@freebsd.org Subject: ports/22615: fix for xdm to cope with PAM Message-ID: <200011051007.eA5A7oV19205@ba2.so-net.ne.jp>
next in thread | raw e-mail | index | archive | help
>Number: 22615
>Category: ports
>Synopsis: fix for xdm to cope with PAM
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Nov 05 02:10:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: Takanori Saneto
>Release: FreeBSD 4.2-BETA i386
>Organization:
an individual
>Environment:
x11/XFree86-4, x11/XFree86-4-client ports as of today.
>Description:
1. Although XFree86-4.0.1's xdm supports pam authentication, it is not
enabled for FreeBSD platform.
2. Moreover, pam support in XFree86 has a bug which prevents pam_ssh from
supporting session management (automatic ssh-agent invocation).
NOTE: This patch is already sent to xpert@XFree86.org (couple weeks ago),
but is not incorporated to the source yet.
>How-To-Repeat:
Try following pam.conf setting work before/after applying the patch.
>Fix:
Put this patch in /usr/ports/x11/XFree86-4/files and rebuild the ports.
Patch to Imakefile fixes the problem 1. Patches to other files fixes problem 2.
NOTE: You need to fix openssh (see PR bin/22614) to make it work.
(ports version of openssh seems to be fixed already)
Index: programs/xdm/Imakefile
===================================================================
RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/Imakefile,v
retrieving revision 3.36
diff -u -r3.36 Imakefile
--- programs/xdm/Imakefile 2000/06/17 00:27:34 3.36
+++ programs/xdm/Imakefile 2000/10/07 11:06:01
@@ -68,16 +68,16 @@
XPM_DEFINES = -DXPM
+#if HasPam
+PAM_LIBRARIES = -lpam DlLibrary
+PAM_DEFINES = -DUSE_PAM
+#endif
+
#if SystemV4 || HasShadowPasswd
#if !LinuxShadowSuite
PWD_DEFINES = -DUSESHADOW
#else
PWD_DEFINES = -DUSESHADOW -DSHADOWSUITE
-#endif
-
-#if HasPam
-PAM_LIBRARIES = -lpam DlLibrary
-PAM_DEFINES = -DUSE_PAM
#endif
#if !defined(i386IscArchitecture) && !defined(i386ScoArchitecture) && !defined(LinuxArchitecture) && !defined(NTOArchitecture) && !defined(SGIArchitecture)
Index: programs/xdm/dm.h
===================================================================
RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/dm.h,v
retrieving revision 3.19
diff -u -r3.19 dm.h
--- programs/xdm/dm.h 2000/06/14 00:16:14 3.19
+++ programs/xdm/dm.h 2000/10/08 10:10:36
@@ -417,7 +417,7 @@
/* in session.c */
#ifdef USE_PAM
-extern pam_handle_t *thepamh(void);
+extern pam_handle_t **thepamh(void);
#endif
extern char **defaultEnv (void);
extern char **systemEnv (struct display *d, char *user, char *home);
Index: programs/xdm/greet.h
===================================================================
RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/greet.h,v
retrieving revision 1.5
diff -u -r1.5 greet.h
--- programs/xdm/greet.h 2000/05/31 07:15:11 1.5
+++ programs/xdm/greet.h 2000/10/08 10:08:23
@@ -82,7 +82,7 @@
#endif
char *(*_crypt)(CRYPT_ARGS);
#ifdef USE_PAM
- pam_handle_t *(*_thepamh)(void);
+ pam_handle_t **(*_thepamh)(void);
#endif
};
@@ -178,7 +178,7 @@
#endif
extern char *(*__xdm_crypt)(CRYPT_ARGS);
#ifdef USE_PAM
-extern pam_handle_t *(*__xdm_thepamh)(void);
+extern pam_handle_t **(*__xdm_thepamh)(void);
#endif
/*
Index: programs/xdm/session.c
===================================================================
RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/session.c,v
retrieving revision 3.23
diff -u -r3.23 session.c
--- programs/xdm/session.c 2000/06/17 00:27:34 3.23
+++ programs/xdm/session.c 2000/10/08 10:09:49
@@ -97,10 +97,10 @@
extern char *crypt(CRYPT_ARGS);
#endif
#ifdef USE_PAM
-pam_handle_t *thepamh()
+pam_handle_t **thepamh()
{
static pam_handle_t *pamh = NULL;
- return pamh;
+ return &pamh;
}
#endif
@@ -468,7 +468,7 @@
if (removeAuth)
{
#ifdef USE_PAM
- pam_handle_t *pamh = thepamh();
+ pam_handle_t **pamh = thepamh();
#endif
setgid (verify.gid);
setuid (verify.uid);
@@ -498,11 +498,11 @@
}
#endif /* K5AUTH */
#ifdef USE_PAM
- if (pamh) {
+ if (pamh && *pamh) {
/* shutdown PAM session */
- pam_close_session(pamh, 0);
- pam_end(pamh, PAM_SUCCESS);
- pamh = NULL;
+ pam_close_session(*pamh, 0);
+ pam_end(*pamh, PAM_SUCCESS);
+ *pamh = NULL;
}
#endif
}
@@ -525,7 +525,7 @@
struct passwd* pwd;
#endif
#ifdef USE_PAM
- pam_handle_t *pamh = thepamh();
+ pam_handle_t **pamh = thepamh();
#endif
if (verify->argv) {
@@ -540,7 +540,7 @@
Debug ("\n");
}
#ifdef USE_PAM
- if (pamh) pam_open_session(pamh, 0);
+ if (pamh && *pamh) pam_open_session(*pamh, 0);
#endif
switch (pid = fork ()) {
case 0:
@@ -554,9 +554,9 @@
#ifdef USE_PAM
/* pass in environment variables set by libpam and modules it called */
- if (pamh) {
+ if (pamh && *pamh) {
long i;
- char **pam_env = pam_getenvlist(pamh);
+ char **pam_env = pam_getenvlist(*pamh);
for(i = 0; pam_env && pam_env[i]; i++) {
verify->userEnviron = putEnv(pam_env[i], verify->userEnviron);
}
Index: programs/xdm/greeter/greet.c
===================================================================
RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/greeter/greet.c,v
retrieving revision 3.7
diff -u -r3.7 greet.c
--- programs/xdm/greeter/greet.c 2000/06/14 00:16:16 3.7
+++ programs/xdm/greeter/greet.c 2000/10/08 10:08:09
@@ -83,7 +83,7 @@
#endif
char *(*__xdm_crypt)(CRYPT_ARGS) = NULL;
#ifdef USE_PAM
-pam_handle_t *(*__xdm_thepamh)(void) = NULL;
+pam_handle_t **(*__xdm_thepamh)(void) = NULL;
#endif
#endif
Index: programs/xdm/greeter/verify.c
===================================================================
RCS file: /sd1/cvsup-xfree86/cvs/xc/programs/xdm/greeter/verify.c,v
retrieving revision 3.9
diff -u -r3.9 verify.c
--- programs/xdm/greeter/verify.c 2000/06/14 00:16:16 3.9
+++ programs/xdm/greeter/verify.c 2000/10/08 10:10:28
@@ -163,7 +163,7 @@
{
struct passwd *p;
#ifdef USE_PAM
- pam_handle_t *pamh = thepamh();
+ pam_handle_t **pamh = thepamh();
#else
#ifdef USESHADOW
struct spwd *sp;
@@ -312,19 +312,19 @@
#else /* USE_PAM */
#define PAM_BAIL \
- if (pam_error != PAM_SUCCESS) { pam_end(pamh, 0); return 0; }
+ if (pam_error != PAM_SUCCESS) { pam_end(*pamh, 0); return 0; }
PAM_password = greet->password;
- pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, &pamh);
+ pam_error = pam_start("xdm", p->pw_name, &PAM_conversation, pamh);
PAM_BAIL;
- pam_error = pam_set_item(pamh, PAM_TTY, d->name);
+ pam_error = pam_set_item(*pamh, PAM_TTY, d->name);
PAM_BAIL;
- pam_error = pam_authenticate(pamh, 0);
+ pam_error = pam_authenticate(*pamh, 0);
PAM_BAIL;
- pam_error = pam_acct_mgmt(pamh, 0);
+ pam_error = pam_acct_mgmt(*pamh, 0);
/* really should do password changing, but it doesn't fit well */
PAM_BAIL;
- pam_error = pam_setcred(pamh, 0);
+ pam_error = pam_setcred(*pamh, 0);
PAM_BAIL;
#undef PAM_BAIL
#endif /* USE_PAM */
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011051007.eA5A7oV19205>