Date: Sat, 5 Sep 2009 03:30:04 GMT From: Michael Schout <mschout@gkg.net> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/138483: security/pam_pwdfile port doesn't work post update to 0.99 Message-ID: <200909050330.n853U4tK034695@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/138483; it has been noted by GNATS. From: Michael Schout <mschout@gkg.net> To: bug-followup@FreeBSD.org, me@benschumacher.com Cc: Subject: Re: ports/138483: security/pam_pwdfile port doesn't work post update to 0.99 Date: Fri, 04 Sep 2009 22:20:08 -0500 This is a multi-part message in MIME format. --------------090703090901050304020601 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Very sorry about that. Attached patch against the port fixes all problems. the md5 files and also bigcrypt needed to get compiled. In addition, a header is needed, _pam_macros.h, which are not available on FreeBSD. I pulled this header from the Linux-PAM package and included it so that it compiles. I bumped the portrevision to 1 I ran pamtester against it, and it succeeds now. Please commit to security/pam_pwdfile in ports tree. --------------090703090901050304020601 Content-Type: text/x-patch; name="pam_pwdfile-fix.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="pam_pwdfile-fix.patch" diff --git a/security/pam_pwdfile/Makefile b/security/pam_pwdfile/Makefile index f3c5ade..27272ab 100644 --- a/security/pam_pwdfile/Makefile +++ b/security/pam_pwdfile/Makefile @@ -7,6 +7,7 @@ PORTNAME= pam_pwdfile PORTVERSION= 0.99 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://cpbotha.net/files/pam_pwdfile/ @@ -17,9 +18,11 @@ MAKEFILE= ${FILESDIR}/Makefile.bsd PLIST_FILES= lib/pam_pwdfile.so PORTDOCS= README INSTALL changelog +CFLAGS+= -I${WRKSRC} post-patch: ${REINPLACE_CMD} -e 's|#include <features.h>||g' ${WRKSRC}/pam_pwdfile.c + ${CP} ${FILESDIR}/_pam_macros.h ${WRKSRC} post-install: .if !defined(NOPORTDOCS) diff --git a/security/pam_pwdfile/files/Makefile.bsd b/security/pam_pwdfile/files/Makefile.bsd index 0a6f5c8..8c848c8 100644 --- a/security/pam_pwdfile/files/Makefile.bsd +++ b/security/pam_pwdfile/files/Makefile.bsd @@ -1,6 +1,12 @@ # inspired from pam-pgsql port :-) -SRCS= pam_pwdfile.c +SRCS= pam_pwdfile.c \ + bigcrypt.c \ + md5_good.c \ + md5_crypt_good.c \ + md5_broken.c \ + md5_crypt_broken.c + SHLIB_NAME= pam_pwdfile.so LDADD= -lpam -lcrypt @@ -8,4 +14,16 @@ CFLAGS+= -Wall -D_BSD_SOURCE LIBDIR= ${LOCALBASE}/lib +md5_good.c: md5.c + $(CPP) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' -o $@ $> + +md5_broken.c: md5.c + $(CPP) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' -o $@ $> + +md5_crypt_good.c: md5_crypt.c + $(CPP) $(CPPFLAGS) -D'MD5Name(x)=Good##x' -o $@ $> + +md5_crypt_broken.c: md5_crypt.c + $(CPP) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' -o $@ $> + .include <bsd.lib.mk> diff --git a/security/pam_pwdfile/files/_pam_macros.h b/security/pam_pwdfile/files/_pam_macros.h new file mode 100644 index 0000000..bd107cf --- /dev/null +++ b/security/pam_pwdfile/files/_pam_macros.h @@ -0,0 +1,196 @@ +#ifndef PAM_MACROS_H +#define PAM_MACROS_H + +/* + * All kind of macros used by PAM, but usable in some other + * programs too. + * Organized by Cristian Gafton <gafton@redhat.com> + */ + +/* a 'safe' version of strdup */ + +#include <stdlib.h> +#include <string.h> + +#define x_strdup(s) ( (s) ? strdup(s):NULL ) + +/* Good policy to strike out passwords with some characters not just + free the memory */ + +#define _pam_overwrite(x) \ +do { \ + register char *__xx__; \ + if ((__xx__=(x))) \ + while (*__xx__) \ + *__xx__++ = '\0'; \ +} while (0) + +#define _pam_overwrite_n(x,n) \ +do { \ + register char *__xx__; \ + register unsigned int __i__ = 0; \ + if ((__xx__=(x))) \ + for (;__i__<n; __i__++) \ + __xx__[__i__] = 0; \ +} while (0) + +/* + * Don't just free it, forget it too. + */ + +#define _pam_drop(X) \ +do { \ + if (X) { \ + free(X); \ + X=NULL; \ + } \ +} while (0) + +#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ +do { \ + int reply_i; \ + \ + for (reply_i=0; reply_i<replies; ++reply_i) { \ + if (reply[reply_i].resp) { \ + _pam_overwrite(reply[reply_i].resp); \ + free(reply[reply_i].resp); \ + } \ + } \ + if (reply) \ + free(reply); \ +} while (0) + +/* some debugging code */ + +#ifdef DEBUG + +/* + * This provides the necessary function to do debugging in PAM. + * Cristian Gafton <gafton@redhat.com> + */ + +#include <stdio.h> +#include <sys/types.h> +#include <stdarg.h> +#include <errno.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> + +/* + * This is for debugging purposes ONLY. DO NOT use on live systems !!! + * You have been warned :-) - CG + * + * to get automated debugging to the log file, it must be created manually. + * _PAM_LOGFILE must exist and be writable to the programs you debug. + */ + +#ifndef _PAM_LOGFILE +#define _PAM_LOGFILE "/var/run/pam-debug.log" +#endif + +static void _pam_output_debug_info(const char *file, const char *fn + , const int line) +{ + FILE *logfile; + int must_close = 1, fd; + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; + } + fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); + fflush(logfile); + if (must_close) + fclose(logfile); +} + +static void _pam_output_debug(const char *format, ...) +{ + va_list args; + FILE *logfile; + int must_close = 1, fd; + + va_start(args, format); + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; + } + vfprintf(logfile, format, args); + fprintf(logfile, "\n"); + fflush(logfile); + if (must_close) + fclose(logfile); + + va_end(args); +} + +#define D(x) do { \ + _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ + _pam_output_debug x ; \ +} while (0) + +#define _pam_show_mem(X,XS) do { \ + int i; \ + register unsigned char *x; \ + x = (unsigned char *)X; \ + fprintf(stderr, " <start at %p>\n", X); \ + for (i = 0; i < XS ; ++x, ++i) { \ + fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \ + } \ + fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \ +} while (0) + +#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \ +do { \ + int reply_i; \ + setbuf(stderr, NULL); \ + fprintf(stderr, "array at %p of size %d\n",reply,replies); \ + fflush(stderr); \ + if (reply) { \ + for (reply_i = 0; reply_i < replies; reply_i++) { \ + fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \ + reply_i, reply+reply_i, reply[reply_i].resp, \ + reply[reply_i].resp, _retcode); \ + fflush(stderr); \ + if (reply[reply_i].resp) { \ + fprintf(stderr, " resp[%d] = '%s'\n", \ + strlen(reply[reply_i].resp), reply[reply_i].resp); \ + fflush(stderr); \ + } \ + } \ + } \ + fprintf(stderr, "done here\n"); \ + fflush(stderr); \ +} while (0) + +#else + +#define D(x) do { } while (0) +#define _pam_show_mem(X,XS) do { } while (0) +#define _pam_show_reply(reply, replies) do { } while (0) + +#endif /* DEBUG */ + +#endif /* PAM_MACROS_H */ diff --git a/security/pam_pwdfile/files/patch-bigcrypt.c b/security/pam_pwdfile/files/patch-bigcrypt.c new file mode 100644 index 0000000..bb1f31c --- /dev/null +++ b/security/pam_pwdfile/files/patch-bigcrypt.c @@ -0,0 +1,11 @@ +--- bigcrypt.c.orig 2009-09-04 18:37:28.000000000 -0500 ++++ bigcrypt.c 2009-09-04 18:37:30.000000000 -0500 +@@ -25,7 +25,7 @@ + */ + + #include <string.h> +-#include <security/_pam_macros.h> ++#include <_pam_macros.h> + + char *crypt(const char *key, const char *salt); + char *bigcrypt(const char *key, const char *salt); --------------090703090901050304020601--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909050330.n853U4tK034695>