1 |
flameeyes 08/08/31 11:44:39 |
2 |
|
3 |
Added: Linux-PAM-1.0.2-noyp.patch |
4 |
Log: |
5 |
Add a patch that checks if the system includes support for NIS. This way Linux-PAM 1.0.x can build on uClibc systems. Closes bug #235431. |
6 |
(Portage version: 2.2_rc8/cvs/Linux 2.6.26-gentoo-r1 x86_64) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-libs/pam/files/Linux-PAM-1.0.2-noyp.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: Linux-PAM-1.0.2-noyp.patch |
15 |
=================================================================== |
16 |
Index: Linux-PAM-1.0.2/configure.in |
17 |
=================================================================== |
18 |
--- Linux-PAM-1.0.2.orig/configure.in |
19 |
+++ Linux-PAM-1.0.2/configure.in |
20 |
@@ -399,12 +399,27 @@ fi |
21 |
AC_SUBST(LIBDB) |
22 |
AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"]) |
23 |
|
24 |
-AC_CHECK_LIB([nsl],[yp_get_default_domain], LIBNSL="-lnsl", LIBNSL="") |
25 |
-BACKUP_LIBS=$LIBS |
26 |
-LIBS="$LIBS $LIBNSL" |
27 |
-AC_CHECK_FUNCS(yp_get_default_domain) |
28 |
-LIBS=$BACKUP_LIBS |
29 |
-AC_SUBST(LIBNSL) |
30 |
+LIBNSL=""; AC_SUBST(LIBNSL) |
31 |
+have_nis="yes" |
32 |
+ |
33 |
+AC_CHECK_HEADERS([rpcsvc/ypclnt.h rpcsvc/yp_prot.h netdb.h], [:], |
34 |
+ [have_nis=no; break; ]) |
35 |
+ |
36 |
+AS_IF([test "x$have_nis" = "xyes"], [ |
37 |
+ AC_CHECK_FUNCS([yp_get_default_domain], [:], |
38 |
+ AC_CHECK_LIB([nsl], [yp_get_default_domain], [LIBNSL="-lnsl"], |
39 |
+ [have_nis=no])) |
40 |
+]) |
41 |
+ |
42 |
+AS_IF([test "x$have_nis" = "xyes"], [ |
43 |
+ AC_CHECK_FUNCS([innetgr], [:], [have_nis=no; break;]) |
44 |
+]) |
45 |
+ |
46 |
+AS_IF([test "x$have_nis" = "xyes"], [ |
47 |
+ AC_DEFINE([HAVE_NIS], [1], [Define this if you have NIS support]) |
48 |
+]) |
49 |
+ |
50 |
+AM_CONDITIONAL([HAVE_NIS], [test "x$have_nis" = "xyes"]) |
51 |
|
52 |
AC_ARG_ENABLE([selinux], |
53 |
AC_HELP_STRING([--disable-selinux],[do not use SELinux]), |
54 |
Index: Linux-PAM-1.0.2/modules/pam_access/pam_access.c |
55 |
=================================================================== |
56 |
--- Linux-PAM-1.0.2.orig/modules/pam_access/pam_access.c |
57 |
+++ Linux-PAM-1.0.2/modules/pam_access/pam_access.c |
58 |
@@ -41,7 +41,9 @@ |
59 |
#include <errno.h> |
60 |
#include <ctype.h> |
61 |
#include <sys/utsname.h> |
62 |
+#ifdef HAVE_NIS |
63 |
#include <rpcsvc/ypclnt.h> |
64 |
+#endif |
65 |
#include <arpa/inet.h> |
66 |
#include <netdb.h> |
67 |
#include <sys/socket.h> |
68 |
@@ -471,11 +473,11 @@ static char *myhostname(void) |
69 |
} |
70 |
|
71 |
/* netgroup_match - match group against machine or user */ |
72 |
- |
73 |
static int |
74 |
netgroup_match (pam_handle_t *pamh, const char *netgroup, |
75 |
const char *machine, const char *user, int debug) |
76 |
{ |
77 |
+#ifdef HAVE_NIS |
78 |
char *mydomain = NULL; |
79 |
int retval; |
80 |
|
81 |
@@ -490,7 +492,12 @@ netgroup_match (pam_handle_t *pamh, cons |
82 |
machine ? machine : "NULL", |
83 |
user ? user : "NULL", mydomain ? mydomain : "NULL"); |
84 |
return retval; |
85 |
+#else |
86 |
+ pam_syslog(pamh, LOG_DEBUG, |
87 |
+ "netgroup match: no YellowPages support."); |
88 |
|
89 |
+ return NO; |
90 |
+#endif |
91 |
} |
92 |
|
93 |
/* user_match - match a username against one token */ |
94 |
Index: Linux-PAM-1.0.2/modules/pam_unix/Makefile.am |
95 |
=================================================================== |
96 |
--- Linux-PAM-1.0.2.orig/modules/pam_unix/Makefile.am |
97 |
+++ Linux-PAM-1.0.2/modules/pam_unix/Makefile.am |
98 |
@@ -40,7 +40,11 @@ noinst_PROGRAMS = bigcrypt |
99 |
|
100 |
pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ |
101 |
pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ |
102 |
- passverify.c yppasswd_xdr.c md5_good.c md5_broken.c |
103 |
+ passverify.c md5_good.c md5_broken.c |
104 |
+ |
105 |
+if HAVE_NIS |
106 |
+pam_unix_la_SOURCES += yppasswd_xdr.c |
107 |
+endif |
108 |
|
109 |
bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c |
110 |
bigcrypt_CFLAGS = $(AM_CFLAGS) |
111 |
Index: Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c |
112 |
=================================================================== |
113 |
--- Linux-PAM-1.0.2.orig/modules/pam_unix/pam_unix_passwd.c |
114 |
+++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix_passwd.c |
115 |
@@ -55,8 +55,10 @@ |
116 |
#include <sys/time.h> |
117 |
#include <sys/stat.h> |
118 |
#include <rpc/rpc.h> |
119 |
+#ifdef HAVE_NIS |
120 |
#include <rpcsvc/yp_prot.h> |
121 |
#include <rpcsvc/ypclnt.h> |
122 |
+#endif |
123 |
|
124 |
#include <signal.h> |
125 |
#include <errno.h> |
126 |
@@ -103,6 +105,7 @@ extern int getrpcport(const char *host, |
127 |
|
128 |
#define MAX_PASSWD_TRIES 3 |
129 |
|
130 |
+#ifdef HAVE_NIS |
131 |
static char *getNISserver(pam_handle_t *pamh) |
132 |
{ |
133 |
char *master; |
134 |
@@ -132,6 +135,7 @@ static char *getNISserver(pam_handle_t * |
135 |
} |
136 |
return master; |
137 |
} |
138 |
+#endif |
139 |
|
140 |
#ifdef WITH_SELINUX |
141 |
|
142 |
@@ -299,6 +303,7 @@ static int _do_setpass(pam_handle_t* pam |
143 |
goto done; |
144 |
} |
145 |
|
146 |
+#ifdef HAVE_NIS |
147 |
if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { |
148 |
if ((master=getNISserver(pamh)) != NULL) { |
149 |
struct timeval timeout; |
150 |
@@ -366,6 +371,7 @@ static int _do_setpass(pam_handle_t* pam |
151 |
retval = PAM_TRY_AGAIN; |
152 |
} |
153 |
} |
154 |
+#endif |
155 |
|
156 |
if (_unix_comesfromsource(pamh, forwho, 1, 0)) { |
157 |
if(unlocked) { |
158 |
Index: Linux-PAM-1.0.2/modules/pam_unix/support.c |
159 |
=================================================================== |
160 |
--- Linux-PAM-1.0.2.orig/modules/pam_unix/support.c |
161 |
+++ Linux-PAM-1.0.2/modules/pam_unix/support.c |
162 |
@@ -19,7 +19,9 @@ |
163 |
#include <ctype.h> |
164 |
#include <syslog.h> |
165 |
#include <sys/resource.h> |
166 |
+#ifdef HAVE_NIS |
167 |
#include <rpcsvc/ypclnt.h> |
168 |
+#endif |
169 |
|
170 |
#include <security/_pam_macros.h> |
171 |
#include <security/pam_modules.h> |
172 |
@@ -263,6 +265,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c |
173 |
} |
174 |
} |
175 |
|
176 |
+#ifdef HAVE_NIS |
177 |
if (!matched && nis) { |
178 |
char *userinfo = NULL, *domain = NULL; |
179 |
int len = 0, i; |
180 |
@@ -281,6 +284,7 @@ int _unix_getpwnam(pam_handle_t *pamh, c |
181 |
} |
182 |
} |
183 |
} |
184 |
+#endif |
185 |
|
186 |
if (matched && (ret != NULL)) { |
187 |
*ret = NULL; |
188 |
Index: Linux-PAM-1.0.2/modules/pam_group/pam_group.c |
189 |
=================================================================== |
190 |
--- Linux-PAM-1.0.2.orig/modules/pam_group/pam_group.c |
191 |
+++ Linux-PAM-1.0.2/modules/pam_group/pam_group.c |
192 |
@@ -659,7 +659,11 @@ static int check_account(pam_handle_t *p |
193 |
} |
194 |
/* If buffer starts with @, we are using netgroups */ |
195 |
if (buffer[0] == '@') |
196 |
+#ifdef HAVE_NIS |
197 |
good &= innetgr (&buffer[1], NULL, user, NULL); |
198 |
+#else |
199 |
+ good = 0; |
200 |
+#endif |
201 |
else |
202 |
good &= logic_field(pamh,user, buffer, count, is_same); |
203 |
D(("with user: %s", good ? "passes":"fails" )); |
204 |
Index: Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c |
205 |
=================================================================== |
206 |
--- Linux-PAM-1.0.2.orig/modules/pam_succeed_if/pam_succeed_if.c |
207 |
+++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.c |
208 |
@@ -229,6 +229,7 @@ evaluate_notingroup(pam_handle_t *pamh, |
209 |
return PAM_SUCCESS; |
210 |
return PAM_AUTH_ERR; |
211 |
} |
212 |
+#ifdef HAVE_NIS |
213 |
/* Return PAM_SUCCESS if the (host,user) is in the netgroup. */ |
214 |
static int |
215 |
evaluate_innetgr(const char *host, const char *user, const char *group) |
216 |
@@ -245,6 +246,7 @@ evaluate_notinnetgr(const char *host, co |
217 |
return PAM_SUCCESS; |
218 |
return PAM_AUTH_ERR; |
219 |
} |
220 |
+#endif |
221 |
|
222 |
/* Match a triple. */ |
223 |
static int |
224 |
@@ -356,6 +358,7 @@ evaluate(pam_handle_t *pamh, int debug, |
225 |
if (strcasecmp(qual, "notingroup") == 0) { |
226 |
return evaluate_notingroup(pamh, pwd->pw_name, right); |
227 |
} |
228 |
+#ifdef HAVE_NIS |
229 |
/* (Rhost, user) is in this netgroup. */ |
230 |
if (strcasecmp(qual, "innetgr") == 0) { |
231 |
const void *rhost; |
232 |
@@ -370,6 +373,14 @@ evaluate(pam_handle_t *pamh, int debug, |
233 |
rhost = NULL; |
234 |
return evaluate_notinnetgr(rhost, pwd->pw_name, right); |
235 |
} |
236 |
+#else |
237 |
+ if (strcasecmp(qual, "innetgr") == 0 || |
238 |
+ strcasecmp(qual, "notinnetgr") == 0) { |
239 |
+ pam_syslog(pamh, LOG_CRIT, "option \"%s\" not supported as no NIS support is present", qual); |
240 |
+ return PAM_SERVICE_ERR; |
241 |
+ } |
242 |
+#endif |
243 |
+ |
244 |
/* Fail closed. */ |
245 |
return PAM_SERVICE_ERR; |
246 |
} |
247 |
Index: Linux-PAM-1.0.2/modules/pam_time/pam_time.c |
248 |
=================================================================== |
249 |
--- Linux-PAM-1.0.2.orig/modules/pam_time/pam_time.c |
250 |
+++ Linux-PAM-1.0.2/modules/pam_time/pam_time.c |
251 |
@@ -555,7 +555,11 @@ check_account(pam_handle_t *pamh, const |
252 |
} |
253 |
/* If buffer starts with @, we are using netgroups */ |
254 |
if (buffer[0] == '@') |
255 |
+#ifdef HAVE_NIS |
256 |
good &= innetgr (&buffer[1], NULL, user, NULL); |
257 |
+#else |
258 |
+ good = 0; |
259 |
+#endif |
260 |
else |
261 |
good &= logic_field(pamh, user, buffer, count, is_same); |
262 |
D(("with user: %s", good ? "passes":"fails" )); |