Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Sep 2021 22:24:54 GMT
From:      Po-Chuan Hsieh <sunpoet@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 293b50911ab5 - main - security/pecl-pam: Update to 2.2.3
Message-ID:  <202109212224.18LMOssZ038448@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by sunpoet:

URL: https://cgit.FreeBSD.org/ports/commit/?id=293b50911ab590623c2924db77a0224404203120

commit 293b50911ab590623c2924db77a0224404203120
Author:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
AuthorDate: 2021-09-21 22:13:09 +0000
Commit:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
CommitDate: 2021-09-21 22:23:26 +0000

    security/pecl-pam: Update to 2.2.3
    
    Changes:        https://pecl.php.net/package-changelog.php?package=PAM
---
 security/pecl-pam/Makefile            |   9 +-
 security/pecl-pam/distinfo            |   6 +-
 security/pecl-pam/files/_pam_macros.h | 196 ++++++++++++++++++++++++++++++++++
 security/pecl-pam/files/patch-pam.c   | 130 ++--------------------
 4 files changed, 214 insertions(+), 127 deletions(-)

diff --git a/security/pecl-pam/Makefile b/security/pecl-pam/Makefile
index 162435e0928e..0c15ffe5a381 100644
--- a/security/pecl-pam/Makefile
+++ b/security/pecl-pam/Makefile
@@ -1,8 +1,7 @@
 # Created by: wen@FreeBSD.org
 
 PORTNAME=	pam
-PORTVERSION=	1.0.3
-PORTREVISION=	2
+PORTVERSION=	2.2.3
 CATEGORIES=	security pear
 
 MAINTAINER=	sunpoet@FreeBSD.org
@@ -10,8 +9,10 @@ COMMENT=	PECL classes for PAM integration
 
 LICENSE=	PHP202
 
-USES=		dos2unix php:pecl
+USES=		php:pecl
 
-IGNORE_WITH_PHP=80
+post-patch:
+# https://github.com/linux-pam/linux-pam/blob/master/libpam/include/security/_pam_macros.h
+	@${CP} ${FILESDIR}/_pam_macros.h ${WRKSRC}/_pam_macros.h
 
 .include <bsd.port.mk>
diff --git a/security/pecl-pam/distinfo b/security/pecl-pam/distinfo
index a4efd06f5ceb..7a26046393db 100644
--- a/security/pecl-pam/distinfo
+++ b/security/pecl-pam/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1491395894
-SHA256 (PECL/pam-1.0.3.tgz) = 2e00f253ffd987e2634b44689473beb61ae64120a3899b6f2d1ffdde06ddc887
-SIZE (PECL/pam-1.0.3.tgz) = 6671
+TIMESTAMP = 1632227500
+SHA256 (PECL/pam-2.2.3.tgz) = fda3b5f719d51cb278351eedd3d7a96db75661324d81fdcf8072a4309121bc92
+SIZE (PECL/pam-2.2.3.tgz) = 9422
diff --git a/security/pecl-pam/files/_pam_macros.h b/security/pecl-pam/files/_pam_macros.h
new file mode 100644
index 000000000000..e891e2261b5e
--- /dev/null
+++ b/security/pecl-pam/files/_pam_macros.h
@@ -0,0 +1,196 @@
+#ifndef PAM_MACROS_H
+#define PAM_MACROS_H
+
+/*
+ * All kind of macros used by PAM, but usable in some other
+ * programs too.
+ * Organized by Cristian Gafton <gafton@redhat.com>
+ */
+
+/* a 'safe' version of strdup */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define  x_strdup(s)  ( (s) ? strdup(s):NULL )
+
+/* Good policy to strike out passwords with some characters not just
+   free the memory */
+
+#define _pam_overwrite(x)        \
+do {                             \
+     register char *__xx__;      \
+     if ((__xx__=(x)))           \
+          while (*__xx__)        \
+               *__xx__++ = '\0'; \
+} while (0)
+
+#define _pam_overwrite_n(x,n)   \
+do {                             \
+     register char *__xx__;      \
+     register unsigned int __i__ = 0;    \
+     if ((__xx__=(x)))           \
+        for (;__i__<n; __i__++) \
+            __xx__[__i__] = 0; \
+} while (0)
+
+/*
+ * Don't just free it, forget it too.
+ */
+
+#define _pam_drop(X) \
+do {                 \
+    if (X) {         \
+        free(X);     \
+        X=NULL;      \
+    }                \
+} while (0)
+
+#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
+do {                                              \
+    int reply_i;                                  \
+                                                  \
+    for (reply_i=0; reply_i<replies; ++reply_i) { \
+	if (reply[reply_i].resp) {                \
+	    _pam_overwrite(reply[reply_i].resp);  \
+	    free(reply[reply_i].resp);            \
+	}                                         \
+    }                                             \
+    if (reply)                                    \
+	free(reply);                              \
+} while (0)
+
+/* some debugging code */
+
+#ifdef PAM_DEBUG
+
+/*
+ * This provides the necessary function to do debugging in PAM.
+ * Cristian Gafton <gafton@redhat.com>
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+/*
+ * This is for debugging purposes ONLY. DO NOT use on live systems !!!
+ * You have been warned :-) - CG
+ *
+ * to get automated debugging to the log file, it must be created manually.
+ * _PAM_LOGFILE must exist and be writable to the programs you debug.
+ */
+
+#ifndef _PAM_LOGFILE
+#define _PAM_LOGFILE "/var/run/pam-debug.log"
+#endif
+
+static void _pam_output_debug_info(const char *file, const char *fn
+				   , const int line)
+{
+    FILE *logfile;
+    int must_close = 1, fd;
+
+#ifdef O_NOFOLLOW
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+	if (!(logfile = fdopen(fd,"a"))) {
+	    logfile = stderr;
+	    must_close = 0;
+	    close(fd);
+	}
+    } else {
+        logfile = stderr;
+	must_close = 0;
+    }
+    fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
+    fflush(logfile);
+    if (must_close)
+        fclose(logfile);
+}
+
+static void _pam_output_debug(const char *format, ...)
+{
+    va_list args;
+    FILE *logfile;
+    int must_close = 1, fd;
+
+    va_start(args, format);
+
+#ifdef O_NOFOLLOW
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
+#else
+    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
+#endif
+	if (!(logfile = fdopen(fd,"a"))) {
+	    logfile = stderr;
+	    must_close = 0;
+	    close(fd);
+	}
+    } else {
+	logfile = stderr;
+	must_close = 0;
+    }
+    vfprintf(logfile, format, args);
+    fprintf(logfile, "\n");
+    fflush(logfile);
+    if (must_close)
+        fclose(logfile);
+
+    va_end(args);
+}
+
+#define D(x) do { \
+    _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
+    _pam_output_debug x ; \
+} while (0)
+
+#define _pam_show_mem(X,XS) do {                                      \
+      int i;                                                          \
+      register unsigned char *x;                                      \
+      x = (unsigned char *)X;                                         \
+      fprintf(stderr, "  <start at %p>\n", X);                        \
+      for (i = 0; i < XS ; ++x, ++i) {                                \
+          fprintf(stderr, "    %02X. <%p:%02X>\n", i, x, *x);         \
+      }                                                               \
+      fprintf(stderr, "  <end for %p after %d bytes>\n", X, XS);      \
+} while (0)
+
+#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \
+do {                                                                        \
+    int reply_i;                                                            \
+    setbuf(stderr, NULL);                                                   \
+    fprintf(stderr, "array at %p of size %d\n",reply,replies);              \
+    fflush(stderr);                                                         \
+    if (reply) {                                                            \
+	for (reply_i = 0; reply_i < replies; reply_i++) {                   \
+	    fprintf(stderr, "  elem# %d at %p: resp = %p, retcode = %d\n",  \
+		    reply_i, reply+reply_i, reply[reply_i].resp,            \
+		    reply[reply_i].resp, _retcode);                         \
+	    fflush(stderr);                                                 \
+	    if (reply[reply_i].resp) {                                      \
+		fprintf(stderr, "    resp[%d] = '%s'\n",                    \
+			strlen(reply[reply_i].resp), reply[reply_i].resp);  \
+		fflush(stderr);                                             \
+	    }                                                               \
+	}                                                                   \
+    }                                                                       \
+    fprintf(stderr, "done here\n");                                         \
+    fflush(stderr);                                                         \
+} while (0)
+
+#else
+
+#define D(x)                             do { } while (0)
+#define _pam_show_mem(X,XS)              do { } while (0)
+#define _pam_show_reply(reply, replies)  do { } while (0)
+
+#endif /* PAM_DEBUG */
+
+#endif  /* PAM_MACROS_H */
diff --git a/security/pecl-pam/files/patch-pam.c b/security/pecl-pam/files/patch-pam.c
index 7edcdcbfe9f7..02db30284d6f 100644
--- a/security/pecl-pam/files/patch-pam.c
+++ b/security/pecl-pam/files/patch-pam.c
@@ -1,121 +1,11 @@
-Obtained from Gentoo:
-	https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f113e301d3d56ef3c9623c40014000a102db15c
-
---- pam.c.orig	2018-01-02 11:11:25 UTC
+--- pam.c.orig	2021-06-08 06:30:45 UTC
 +++ pam.c
-@@ -227,8 +227,13 @@ int chpass_pam_talker(int num_msg,
- PHP_FUNCTION(pam_auth)
- {
- 	char *username, *password;
-+#if PHP_MAJOR_VERSION >= 7
-+ 	size_t username_len, password_len;
-+	zval *status = NULL, *server, *remote_addr;
-+#else
- 	int username_len, password_len;
- 	zval *status = NULL, **server, **remote_addr;
-+#endif
- 	zend_bool checkacctmgmt = 1;
- 
- 	pam_auth_t userinfo = {NULL, NULL};
-@@ -248,22 +253,37 @@ PHP_FUNCTION(pam_auth)
- 		if (status) {
- 			spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_start");
- 			zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+			ZVAL_STRING(status, error_msg);
-+			efree(error_msg);
-+#else
- 			ZVAL_STRING(status, error_msg, 0);
-+#endif
- 		}
- 		RETURN_FALSE;
- 	}
- 
-+#if PHP_MAJOR_VERSION >= 7
-+	if ((remote_addr = zend_hash_str_find(Z_ARR(PG(http_globals)[TRACK_VARS_SERVER]), "REMOTE_ADDR", sizeof("REMOTE_ADDR")-1)) != NULL && Z_TYPE_P(remote_addr) == IS_STRING) {
-+		pam_set_item(pamh, PAM_RHOST, Z_STRVAL_P(remote_addr));
-+#else
- 	if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **)&server) == SUCCESS && Z_TYPE_PP(server) == IS_ARRAY) {
- 		if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **)&remote_addr) == SUCCESS && Z_TYPE_PP(remote_addr) == IS_STRING) {
- 			pam_set_item(pamh, PAM_RHOST, Z_STRVAL_PP(remote_addr));
- 		}
-+#endif
- 	}
- 
- 	if ((result = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) {
- 		if (status) {
- 			spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_authenticate");
- 			zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+			ZVAL_STRING(status, error_msg);
-+			efree(error_msg);
-+#else
- 			ZVAL_STRING(status, error_msg, 0);
-+#endif
- 		}
- 		pam_end(pamh, PAM_SUCCESS);
- 		RETURN_FALSE;
-@@ -274,7 +294,12 @@ PHP_FUNCTION(pam_auth)
- 			if (status) {
- 				spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_acct_mgmt");
- 				zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+				ZVAL_STRING(status, error_msg);
-+				efree(error_msg);
-+#else
- 				ZVAL_STRING(status, error_msg, 0);
-+#endif
- 			}
- 			pam_end(pamh, PAM_SUCCESS);
- 			RETURN_FALSE;
-@@ -291,7 +316,11 @@ PHP_FUNCTION(pam_auth)
- PHP_FUNCTION(pam_chpass)
- {
- 	char *username, *oldpass, *newpass;
-+#if PHP_MAJOR_VERSION >= 7
-+	size_t username_len, oldpass_len, newpass_len;
-+#else
- 	int username_len, oldpass_len, newpass_len;
-+#endif
- 	zval *status = NULL;
- 
- 	pam_chpass_t userinfo = {NULL, NULL, NULL, 0};
-@@ -312,7 +341,12 @@ PHP_FUNCTION(pam_chpass)
- 		if (status) {
- 			spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_start");
- 			zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+			ZVAL_STRING(status, error_msg);
-+			efree(error_msg);
-+#else
- 			ZVAL_STRING(status, error_msg, 0);
-+#endif
- 		}
- 		RETURN_FALSE;
- 	}
-@@ -321,7 +355,12 @@ PHP_FUNCTION(pam_chpass)
- 		if (status) {
- 			spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_authenticate");
- 			zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+			ZVAL_STRING(status, error_msg);
-+			efree(error_msg);
-+#else
- 			ZVAL_STRING(status, error_msg, 0);
-+#endif
- 		}
- 		pam_end(pamh, PAM_SUCCESS);
- 		RETURN_FALSE;
-@@ -331,7 +370,12 @@ PHP_FUNCTION(pam_chpass)
- 		if (status) {
- 			spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_chauthtok");
- 			zval_dtor(status);
-+#if PHP_MAJOR_VERSION >= 7
-+			ZVAL_STRING(status, error_msg);
-+			efree(error_msg);
-+#else
- 			ZVAL_STRING(status, error_msg, 0);
-+#endif
- 		}
- 		pam_end(pamh, PAM_SUCCESS);
- 		RETURN_FALSE;
+@@ -25,7 +25,7 @@
+ #include "ext/standard/info.h"
+ #include "php_pam.h"
+ #include <security/pam_appl.h>
+-#include <security/_pam_macros.h>
++#include "_pam_macros.h"
+ 
+ #if PHP_VERSION_ID < 80000
+ #include "pam_legacy_arginfo.h"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109212224.18LMOssZ038448>