Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 5 Sep 2009 03:30:04 GMT
From:      Michael Schout <mschout@gkg.net>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/138483: security/pam_pwdfile port doesn't work post update to 0.99
Message-ID:  <200909050330.n853U4tK034695@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/138483; it has been noted by GNATS.

From: Michael Schout <mschout@gkg.net>
To: bug-followup@FreeBSD.org, me@benschumacher.com
Cc:  
Subject: Re: ports/138483: security/pam_pwdfile port doesn't work post update
 to 0.99
Date: Fri, 04 Sep 2009 22:20:08 -0500

 This is a multi-part message in MIME format.
 --------------090703090901050304020601
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 
 Very sorry about that.
 
 Attached patch against the port fixes all problems.
 
 the md5 files and also bigcrypt needed to get compiled.
 
 In addition, a header is needed, _pam_macros.h, which are not available
 on FreeBSD.  I pulled this header from the Linux-PAM package and
 included it so that it compiles.
 
 I bumped the portrevision to 1
 
 I ran pamtester against it, and it succeeds now.
 
 Please commit to security/pam_pwdfile in ports tree.
 
 --------------090703090901050304020601
 Content-Type: text/x-patch;
  name="pam_pwdfile-fix.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline;
  filename="pam_pwdfile-fix.patch"
 
 diff --git a/security/pam_pwdfile/Makefile b/security/pam_pwdfile/Makefile
 index f3c5ade..27272ab 100644
 --- a/security/pam_pwdfile/Makefile
 +++ b/security/pam_pwdfile/Makefile
 @@ -7,6 +7,7 @@
  
  PORTNAME=	pam_pwdfile
  PORTVERSION=	0.99
 +PORTREVISION=	1
  CATEGORIES=	security
  MASTER_SITES=	http://cpbotha.net/files/pam_pwdfile/
  
 @@ -17,9 +18,11 @@ MAKEFILE=	${FILESDIR}/Makefile.bsd
  
  PLIST_FILES=	lib/pam_pwdfile.so
  PORTDOCS=	README INSTALL changelog
 +CFLAGS+=	-I${WRKSRC}
  
  post-patch:
  	${REINPLACE_CMD} -e 's|#include <features.h>||g' ${WRKSRC}/pam_pwdfile.c
 +	${CP} ${FILESDIR}/_pam_macros.h ${WRKSRC}
  
  post-install:
  .if !defined(NOPORTDOCS)
 diff --git a/security/pam_pwdfile/files/Makefile.bsd b/security/pam_pwdfile/files/Makefile.bsd
 index 0a6f5c8..8c848c8 100644
 --- a/security/pam_pwdfile/files/Makefile.bsd
 +++ b/security/pam_pwdfile/files/Makefile.bsd
 @@ -1,6 +1,12 @@
  # inspired from pam-pgsql port :-)
  
 -SRCS=	pam_pwdfile.c
 +SRCS=	pam_pwdfile.c \
 +	bigcrypt.c \
 +	md5_good.c \
 +	md5_crypt_good.c \
 +	md5_broken.c \
 +	md5_crypt_broken.c 
 +
  SHLIB_NAME=	pam_pwdfile.so
  
  LDADD=		-lpam -lcrypt
 @@ -8,4 +14,16 @@ CFLAGS+=	-Wall -D_BSD_SOURCE
  
  LIBDIR=		${LOCALBASE}/lib
  
 +md5_good.c: md5.c
 +	$(CPP) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' -o $@ $>
 +
 +md5_broken.c: md5.c
 +	$(CPP) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' -o $@ $>
 +
 +md5_crypt_good.c: md5_crypt.c
 +	$(CPP) $(CPPFLAGS) -D'MD5Name(x)=Good##x' -o $@ $>
 +
 +md5_crypt_broken.c: md5_crypt.c
 +	$(CPP) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' -o $@ $>
 +
  .include <bsd.lib.mk>
 diff --git a/security/pam_pwdfile/files/_pam_macros.h b/security/pam_pwdfile/files/_pam_macros.h
 new file mode 100644
 index 0000000..bd107cf
 --- /dev/null
 +++ b/security/pam_pwdfile/files/_pam_macros.h
 @@ -0,0 +1,196 @@
 +#ifndef PAM_MACROS_H
 +#define PAM_MACROS_H
 +
 +/*
 + * All kind of macros used by PAM, but usable in some other
 + * programs too.
 + * Organized by Cristian Gafton <gafton@redhat.com>
 + */
 +
 +/* a 'safe' version of strdup */
 +
 +#include <stdlib.h>
 +#include <string.h>
 +
 +#define  x_strdup(s)  ( (s) ? strdup(s):NULL )
 +
 +/* Good policy to strike out passwords with some characters not just
 +   free the memory */
 +
 +#define _pam_overwrite(x)        \
 +do {                             \
 +     register char *__xx__;      \
 +     if ((__xx__=(x)))           \
 +          while (*__xx__)        \
 +               *__xx__++ = '\0'; \
 +} while (0)
 +
 +#define _pam_overwrite_n(x,n)   \
 +do {                             \
 +     register char *__xx__;      \
 +     register unsigned int __i__ = 0;    \
 +     if ((__xx__=(x)))           \
 +        for (;__i__<n; __i__++) \
 +            __xx__[__i__] = 0; \
 +} while (0)
 +
 +/*
 + * Don't just free it, forget it too.
 + */
 +
 +#define _pam_drop(X) \
 +do {                 \
 +    if (X) {         \
 +        free(X);     \
 +        X=NULL;      \
 +    }                \
 +} while (0)
 +
 +#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
 +do {                                              \
 +    int reply_i;                                  \
 +                                                  \
 +    for (reply_i=0; reply_i<replies; ++reply_i) { \
 +	if (reply[reply_i].resp) {                \
 +	    _pam_overwrite(reply[reply_i].resp);  \
 +	    free(reply[reply_i].resp);            \
 +	}                                         \
 +    }                                             \
 +    if (reply)                                    \
 +	free(reply);                              \
 +} while (0)
 +
 +/* some debugging code */
 +
 +#ifdef DEBUG
 +
 +/*
 + * This provides the necessary function to do debugging in PAM.
 + * Cristian Gafton <gafton@redhat.com>
 + */
 +
 +#include <stdio.h>
 +#include <sys/types.h>
 +#include <stdarg.h>
 +#include <errno.h>
 +#include <sys/stat.h>
 +#include <fcntl.h>
 +#include <unistd.h>
 +
 +/*
 + * This is for debugging purposes ONLY. DO NOT use on live systems !!!
 + * You have been warned :-) - CG
 + *
 + * to get automated debugging to the log file, it must be created manually.
 + * _PAM_LOGFILE must exist and be writable to the programs you debug.
 + */
 +
 +#ifndef _PAM_LOGFILE
 +#define _PAM_LOGFILE "/var/run/pam-debug.log"
 +#endif
 +
 +static void _pam_output_debug_info(const char *file, const char *fn
 +				   , const int line)
 +{
 +    FILE *logfile;
 +    int must_close = 1, fd;
 +
 +#ifdef O_NOFOLLOW
 +    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
 +#else
 +    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
 +#endif
 +	if (!(logfile = fdopen(fd,"a"))) {
 +	    logfile = stderr;
 +	    must_close = 0;
 +	    close(fd);
 +	}
 +    } else {
 +        logfile = stderr;
 +	must_close = 0;
 +    }
 +    fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
 +    fflush(logfile);
 +    if (must_close)
 +        fclose(logfile);
 +}
 +
 +static void _pam_output_debug(const char *format, ...)
 +{
 +    va_list args;
 +    FILE *logfile;
 +    int must_close = 1, fd;
 +
 +    va_start(args, format);
 +
 +#ifdef O_NOFOLLOW
 +    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
 +#else
 +    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
 +#endif
 +	if (!(logfile = fdopen(fd,"a"))) {
 +	    logfile = stderr;
 +	    must_close = 0;
 +	    close(fd);
 +	}
 +    } else {
 +	logfile = stderr;
 +	must_close = 0;
 +    }
 +    vfprintf(logfile, format, args);
 +    fprintf(logfile, "\n");
 +    fflush(logfile);
 +    if (must_close)
 +        fclose(logfile);
 +
 +    va_end(args);
 +}
 +
 +#define D(x) do { \
 +    _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
 +    _pam_output_debug x ; \
 +} while (0)
 +
 +#define _pam_show_mem(X,XS) do {                                      \
 +      int i;                                                          \
 +      register unsigned char *x;                                      \
 +      x = (unsigned char *)X;                                         \
 +      fprintf(stderr, "  <start at %p>\n", X);                        \
 +      for (i = 0; i < XS ; ++x, ++i) {                                \
 +          fprintf(stderr, "    %02X. <%p:%02X>\n", i, x, *x);         \
 +      }                                                               \
 +      fprintf(stderr, "  <end for %p after %d bytes>\n", X, XS);      \
 +} while (0)
 +
 +#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \
 +do {                                                                        \
 +    int reply_i;                                                            \
 +    setbuf(stderr, NULL);                                                   \
 +    fprintf(stderr, "array at %p of size %d\n",reply,replies);              \
 +    fflush(stderr);                                                         \
 +    if (reply) {                                                            \
 +	for (reply_i = 0; reply_i < replies; reply_i++) {                   \
 +	    fprintf(stderr, "  elem# %d at %p: resp = %p, retcode = %d\n",  \
 +		    reply_i, reply+reply_i, reply[reply_i].resp,            \
 +		    reply[reply_i].resp, _retcode);                         \
 +	    fflush(stderr);                                                 \
 +	    if (reply[reply_i].resp) {                                      \
 +		fprintf(stderr, "    resp[%d] = '%s'\n",                    \
 +			strlen(reply[reply_i].resp), reply[reply_i].resp);  \
 +		fflush(stderr);                                             \
 +	    }                                                               \
 +	}                                                                   \
 +    }                                                                       \
 +    fprintf(stderr, "done here\n");                                         \
 +    fflush(stderr);                                                         \
 +} while (0)
 +
 +#else
 +
 +#define D(x)                             do { } while (0)
 +#define _pam_show_mem(X,XS)              do { } while (0)
 +#define _pam_show_reply(reply, replies)  do { } while (0)
 +
 +#endif /* DEBUG */
 +
 +#endif  /* PAM_MACROS_H */
 diff --git a/security/pam_pwdfile/files/patch-bigcrypt.c b/security/pam_pwdfile/files/patch-bigcrypt.c
 new file mode 100644
 index 0000000..bb1f31c
 --- /dev/null
 +++ b/security/pam_pwdfile/files/patch-bigcrypt.c
 @@ -0,0 +1,11 @@
 +--- bigcrypt.c.orig	2009-09-04 18:37:28.000000000 -0500
 ++++ bigcrypt.c	2009-09-04 18:37:30.000000000 -0500
 +@@ -25,7 +25,7 @@
 +  */
 + 
 + #include <string.h>
 +-#include <security/_pam_macros.h>
 ++#include <_pam_macros.h>
 + 
 + char *crypt(const char *key, const char *salt);
 + char *bigcrypt(const char *key, const char *salt);
 
 --------------090703090901050304020601--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909050330.n853U4tK034695>