Date: Tue, 21 Sep 2021 22:24:54 GMT From: Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 293b50911ab5 - main - security/pecl-pam: Update to 2.2.3 Message-ID: <202109212224.18LMOssZ038448@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=293b50911ab590623c2924db77a0224404203120 commit 293b50911ab590623c2924db77a0224404203120 Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org> AuthorDate: 2021-09-21 22:13:09 +0000 Commit: Po-Chuan Hsieh <sunpoet@FreeBSD.org> CommitDate: 2021-09-21 22:23:26 +0000 security/pecl-pam: Update to 2.2.3 Changes: https://pecl.php.net/package-changelog.php?package=PAM --- security/pecl-pam/Makefile | 9 +- security/pecl-pam/distinfo | 6 +- security/pecl-pam/files/_pam_macros.h | 196 ++++++++++++++++++++++++++++++++++ security/pecl-pam/files/patch-pam.c | 130 ++-------------------- 4 files changed, 214 insertions(+), 127 deletions(-) diff --git a/security/pecl-pam/Makefile b/security/pecl-pam/Makefile index 162435e0928e..0c15ffe5a381 100644 --- a/security/pecl-pam/Makefile +++ b/security/pecl-pam/Makefile @@ -1,8 +1,7 @@ # Created by: wen@FreeBSD.org PORTNAME= pam -PORTVERSION= 1.0.3 -PORTREVISION= 2 +PORTVERSION= 2.2.3 CATEGORIES= security pear MAINTAINER= sunpoet@FreeBSD.org @@ -10,8 +9,10 @@ COMMENT= PECL classes for PAM integration LICENSE= PHP202 -USES= dos2unix php:pecl +USES= php:pecl -IGNORE_WITH_PHP=80 +post-patch: +# https://github.com/linux-pam/linux-pam/blob/master/libpam/include/security/_pam_macros.h + @${CP} ${FILESDIR}/_pam_macros.h ${WRKSRC}/_pam_macros.h .include <bsd.port.mk> diff --git a/security/pecl-pam/distinfo b/security/pecl-pam/distinfo index a4efd06f5ceb..7a26046393db 100644 --- a/security/pecl-pam/distinfo +++ b/security/pecl-pam/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1491395894 -SHA256 (PECL/pam-1.0.3.tgz) = 2e00f253ffd987e2634b44689473beb61ae64120a3899b6f2d1ffdde06ddc887 -SIZE (PECL/pam-1.0.3.tgz) = 6671 +TIMESTAMP = 1632227500 +SHA256 (PECL/pam-2.2.3.tgz) = fda3b5f719d51cb278351eedd3d7a96db75661324d81fdcf8072a4309121bc92 +SIZE (PECL/pam-2.2.3.tgz) = 9422 diff --git a/security/pecl-pam/files/_pam_macros.h b/security/pecl-pam/files/_pam_macros.h new file mode 100644 index 000000000000..e891e2261b5e --- /dev/null +++ b/security/pecl-pam/files/_pam_macros.h @@ -0,0 +1,196 @@ +#ifndef PAM_MACROS_H +#define PAM_MACROS_H + +/* + * All kind of macros used by PAM, but usable in some other + * programs too. + * Organized by Cristian Gafton <gafton@redhat.com> + */ + +/* a 'safe' version of strdup */ + +#include <stdlib.h> +#include <string.h> + +#define x_strdup(s) ( (s) ? strdup(s):NULL ) + +/* Good policy to strike out passwords with some characters not just + free the memory */ + +#define _pam_overwrite(x) \ +do { \ + register char *__xx__; \ + if ((__xx__=(x))) \ + while (*__xx__) \ + *__xx__++ = '\0'; \ +} while (0) + +#define _pam_overwrite_n(x,n) \ +do { \ + register char *__xx__; \ + register unsigned int __i__ = 0; \ + if ((__xx__=(x))) \ + for (;__i__<n; __i__++) \ + __xx__[__i__] = 0; \ +} while (0) + +/* + * Don't just free it, forget it too. + */ + +#define _pam_drop(X) \ +do { \ + if (X) { \ + free(X); \ + X=NULL; \ + } \ +} while (0) + +#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ +do { \ + int reply_i; \ + \ + for (reply_i=0; reply_i<replies; ++reply_i) { \ + if (reply[reply_i].resp) { \ + _pam_overwrite(reply[reply_i].resp); \ + free(reply[reply_i].resp); \ + } \ + } \ + if (reply) \ + free(reply); \ +} while (0) + +/* some debugging code */ + +#ifdef PAM_DEBUG + +/* + * This provides the necessary function to do debugging in PAM. + * Cristian Gafton <gafton@redhat.com> + */ + +#include <stdio.h> +#include <sys/types.h> +#include <stdarg.h> +#include <errno.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> + +/* + * This is for debugging purposes ONLY. DO NOT use on live systems !!! + * You have been warned :-) - CG + * + * to get automated debugging to the log file, it must be created manually. + * _PAM_LOGFILE must exist and be writable to the programs you debug. + */ + +#ifndef _PAM_LOGFILE +#define _PAM_LOGFILE "/var/run/pam-debug.log" +#endif + +static void _pam_output_debug_info(const char *file, const char *fn + , const int line) +{ + FILE *logfile; + int must_close = 1, fd; + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; + } + fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); + fflush(logfile); + if (must_close) + fclose(logfile); +} + +static void _pam_output_debug(const char *format, ...) +{ + va_list args; + FILE *logfile; + int must_close = 1, fd; + + va_start(args, format); + +#ifdef O_NOFOLLOW + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { +#else + if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { +#endif + if (!(logfile = fdopen(fd,"a"))) { + logfile = stderr; + must_close = 0; + close(fd); + } + } else { + logfile = stderr; + must_close = 0; + } + vfprintf(logfile, format, args); + fprintf(logfile, "\n"); + fflush(logfile); + if (must_close) + fclose(logfile); + + va_end(args); +} + +#define D(x) do { \ + _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ + _pam_output_debug x ; \ +} while (0) + +#define _pam_show_mem(X,XS) do { \ + int i; \ + register unsigned char *x; \ + x = (unsigned char *)X; \ + fprintf(stderr, " <start at %p>\n", X); \ + for (i = 0; i < XS ; ++x, ++i) { \ + fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \ + } \ + fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \ +} while (0) + +#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \ +do { \ + int reply_i; \ + setbuf(stderr, NULL); \ + fprintf(stderr, "array at %p of size %d\n",reply,replies); \ + fflush(stderr); \ + if (reply) { \ + for (reply_i = 0; reply_i < replies; reply_i++) { \ + fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \ + reply_i, reply+reply_i, reply[reply_i].resp, \ + reply[reply_i].resp, _retcode); \ + fflush(stderr); \ + if (reply[reply_i].resp) { \ + fprintf(stderr, " resp[%d] = '%s'\n", \ + strlen(reply[reply_i].resp), reply[reply_i].resp); \ + fflush(stderr); \ + } \ + } \ + } \ + fprintf(stderr, "done here\n"); \ + fflush(stderr); \ +} while (0) + +#else + +#define D(x) do { } while (0) +#define _pam_show_mem(X,XS) do { } while (0) +#define _pam_show_reply(reply, replies) do { } while (0) + +#endif /* PAM_DEBUG */ + +#endif /* PAM_MACROS_H */ diff --git a/security/pecl-pam/files/patch-pam.c b/security/pecl-pam/files/patch-pam.c index 7edcdcbfe9f7..02db30284d6f 100644 --- a/security/pecl-pam/files/patch-pam.c +++ b/security/pecl-pam/files/patch-pam.c @@ -1,121 +1,11 @@ -Obtained from Gentoo: - https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f113e301d3d56ef3c9623c40014000a102db15c - ---- pam.c.orig 2018-01-02 11:11:25 UTC +--- pam.c.orig 2021-06-08 06:30:45 UTC +++ pam.c -@@ -227,8 +227,13 @@ int chpass_pam_talker(int num_msg, - PHP_FUNCTION(pam_auth) - { - char *username, *password; -+#if PHP_MAJOR_VERSION >= 7 -+ size_t username_len, password_len; -+ zval *status = NULL, *server, *remote_addr; -+#else - int username_len, password_len; - zval *status = NULL, **server, **remote_addr; -+#endif - zend_bool checkacctmgmt = 1; - - pam_auth_t userinfo = {NULL, NULL}; -@@ -248,22 +253,37 @@ PHP_FUNCTION(pam_auth) - if (status) { - spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_start"); - zval_dtor(status); -+#if PHP_MAJOR_VERSION >= 7 -+ ZVAL_STRING(status, error_msg); -+ efree(error_msg); -+#else - ZVAL_STRING(status, error_msg, 0); -+#endif - } - RETURN_FALSE; - } - -+#if PHP_MAJOR_VERSION >= 7 -+ if ((remote_addr = zend_hash_str_find(Z_ARR(PG(http_globals)[TRACK_VARS_SERVER]), "REMOTE_ADDR", sizeof("REMOTE_ADDR")-1)) != NULL && Z_TYPE_P(remote_addr) == IS_STRING) { -+ pam_set_item(pamh, PAM_RHOST, Z_STRVAL_P(remote_addr)); -+#else - if (zend_hash_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER"), (void **)&server) == SUCCESS && Z_TYPE_PP(server) == IS_ARRAY) { - if (zend_hash_find(Z_ARRVAL_PP(server), "REMOTE_ADDR", sizeof("REMOTE_ADDR"), (void **)&remote_addr) == SUCCESS && Z_TYPE_PP(remote_addr) == IS_STRING) { - pam_set_item(pamh, PAM_RHOST, Z_STRVAL_PP(remote_addr)); - } -+#endif - } - - if ((result = pam_authenticate(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) { - if (status) { - spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_authenticate"); - zval_dtor(status); -+#if PHP_MAJOR_VERSION >= 7 -+ ZVAL_STRING(status, error_msg); -+ efree(error_msg); -+#else - ZVAL_STRING(status, error_msg, 0); -+#endif - } - pam_end(pamh, PAM_SUCCESS); - RETURN_FALSE; -@@ -274,7 +294,12 @@ PHP_FUNCTION(pam_auth) - if (status) { - spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_acct_mgmt"); - zval_dtor(status); -+#if PHP_MAJOR_VERSION >= 7 -+ ZVAL_STRING(status, error_msg); -+ efree(error_msg); -+#else - ZVAL_STRING(status, error_msg, 0); -+#endif - } - pam_end(pamh, PAM_SUCCESS); - RETURN_FALSE; -@@ -291,7 +316,11 @@ PHP_FUNCTION(pam_auth) - PHP_FUNCTION(pam_chpass) - { - char *username, *oldpass, *newpass; -+#if PHP_MAJOR_VERSION >= 7 -+ size_t username_len, oldpass_len, newpass_len; -+#else - int username_len, oldpass_len, newpass_len; -+#endif - zval *status = NULL; - - pam_chpass_t userinfo = {NULL, NULL, NULL, 0}; -@@ -312,7 +341,12 @@ PHP_FUNCTION(pam_chpass) - if (status) { - spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_start"); - zval_dtor(status); -+#if PHP_MAJOR_VERSION >= 7 -+ ZVAL_STRING(status, error_msg); -+ efree(error_msg); -+#else - ZVAL_STRING(status, error_msg, 0); -+#endif - } - RETURN_FALSE; - } -@@ -321,7 +355,12 @@ PHP_FUNCTION(pam_chpass) - if (status) { - spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_authenticate"); - zval_dtor(status); -+#if PHP_MAJOR_VERSION >= 7 -+ ZVAL_STRING(status, error_msg); -+ efree(error_msg); -+#else - ZVAL_STRING(status, error_msg, 0); -+#endif - } - pam_end(pamh, PAM_SUCCESS); - RETURN_FALSE; -@@ -331,7 +370,12 @@ PHP_FUNCTION(pam_chpass) - if (status) { - spprintf(&error_msg, 0, "%s (in %s)", (char *) pam_strerror(pamh, result), "pam_chauthtok"); - zval_dtor(status); -+#if PHP_MAJOR_VERSION >= 7 -+ ZVAL_STRING(status, error_msg); -+ efree(error_msg); -+#else - ZVAL_STRING(status, error_msg, 0); -+#endif - } - pam_end(pamh, PAM_SUCCESS); - RETURN_FALSE; +@@ -25,7 +25,7 @@ + #include "ext/standard/info.h" + #include "php_pam.h" + #include <security/pam_appl.h> +-#include <security/_pam_macros.h> ++#include "_pam_macros.h" + + #if PHP_VERSION_ID < 80000 + #include "pam_legacy_arginfo.h"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109212224.18LMOssZ038448>