system/linux-pam: [PD] fix, bump to 1.3.1, use utmpx

4 files changed, 268 insertions, 32 deletions

diff --git a/system/linux-pam/APKBUILD b/system/linux-pam/APKBUILD
index f55963c5c..bf6a19f93 100644
--- a/system/linux-pam/APKBUILD
+++ b/system/linux-pam/APKBUILD
@@ -1,22 +1,23 @@
 # Contributor: William Pitcock <nenolod@dereferenced.org>
-# Maintainer: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=linux-pam
-pkgver=1.3.0
-pkgrel=1
-pkgdesc="pluggable authentication modules for linux"
+pkgver=1.3.1
+pkgrel=0
+pkgdesc="Pluggable Authentication Modules"
 url="http://www.kernel.org/pub/linux/libs/pam"
 arch="all"
 license="BSD"
-depends_dev="gettext-dev"
-makedepends_host="$depends_dev"
+depends_dev="gettext-tiny-dev"
+makedepends_host="$depends_dev utmps-dev"
 makedepends_build="$depends_dev bison flex-dev autoconf automake libtool"
 makedepends="$makedepends_host $makedepends_build"
-options="suid !check"
-subpackages="$pkgname-dev $pkgname-doc"
-source="http://linux-pam.org/library/Linux-PAM-$pkgver.tar.bz2
+options="suid"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+source="https://github.com/$pkgname/$pkgname/releases/download/v1.3.1/Linux-PAM-$pkgver.tar.xz
 	fix-compat.patch
 	libpam-fix-build-with-eglibc-2.16.patch
 	musl-fix-pam_exec.patch
+	use-utmpx.patch
 
 	base-auth.pamd
 	base-account.pamd
@@ -39,7 +40,7 @@ build() {
 	cd "$builddir"
 	autoreconf -vif
 	[ "$CLIBC" = "musl" ] && export ac_cv_search_crypt=no
-	./configure \
+	LIBS="-lutmps -lskarnet" ./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
 		--prefix=/usr \
@@ -48,11 +49,15 @@ build() {
 		--mandir=/usr/share/man \
 		--infodir=/usr/share/info \
 		--localstatedir=/var \
-		--disable-nls \
 		--disable-db
 	make
 }
 
+check() {
+	cd "$builddir"
+	make check
+}
+
 package() {
 	cd "$builddir"
 	make DESTDIR="$pkgdir" install
@@ -73,15 +78,15 @@ package() {
 		esac
 	done
 
-	# delete pointless libtool archives.
 	chgrp shadow "$pkgdir"/sbin/unix_chkpwd \
 		&& chmod g+s "$pkgdir"/sbin/unix_chkpwd
 }
 
-sha512sums="4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42  Linux-PAM-1.3.0.tar.bz2
-52b97e23084f7b835ce1fa441663f91a50ea797cb38ba2c6662bcdaf0d25ba487118442674ac347fb17353af126dd6b3b696612faa56cac428dd842d14e1c90d  fix-compat.patch
+sha512sums="6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e  Linux-PAM-1.3.1.tar.xz
+1a8ae3a212684b0dfef12aaeb1d4cec6e85b056a79b13ddc9ebe1cd61fe8da1a6210a06eb3e4f5bacc0c2fa71b82346d87f673921ce1453cbc46cb905e86a6c6  fix-compat.patch
 f49edf3876cc6bcb87bbea4e7beaeb0a382d596898c755f5fbaf6c2ed4e0c8f082b2cd16dde8a74af82bb09a1334f463e07a4bb5b8a48f023ff90a67ad2fdd44  libpam-fix-build-with-eglibc-2.16.patch
-bc443d2a9b1d90b81959ce6fa154042365d5e7840f8696f847a145bbaaeffcbe1e9cd2b8ba76131a7b48737929e281f4fe864582fa4fc40315f2d10c650e0cd9  musl-fix-pam_exec.patch
+82fb1ec27b370ed5d30451f31aecbacf94ff8aff9db52e79090466dcdd1b1b2c18ca7e0641b1b51a3ed78ea7203fe9464b50f63d6dbf661e10f68366c79196ae  musl-fix-pam_exec.patch
+8352c0bd36f776251143d1e73d92a1e746e8f23778462e441cc989afd4204887aca6b310d87ab8e5b315b13c4ad1225c87531b71a0fef693772fc7e12bcde418  use-utmpx.patch
 0672ab21adb969af2a0082e2559f1196d8a4f8b1cff2836f97e5f24edb03b6aed156c61cf335a4df978e423dcd9934ffee8cb5784ed5dde704d7e5ddec4ba9f6  base-auth.pamd
 85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b  base-account.pamd
 8223b815148c3b9b874d2c283840f6428c266e56c7cf49ce8fc508c4945ae31c837bef96dab17f64a60812d1c9cd0055cf0a50d7951d23070b69bd2e5bb9666d  base-password.pamd
diff --git a/system/linux-pam/fix-compat.patch b/system/linux-pam/fix-compat.patch
index 4096c3a47..e450dbb0b 100644
--- a/system/linux-pam/fix-compat.patch
+++ b/system/linux-pam/fix-compat.patch
@@ -8,14 +8,3 @@
  #include <fcntl.h>
  #include <time.h>
  #include <errno.h>
-@@ -48,6 +49,10 @@
- 
- #ifndef _PATH_BTMP
- # define _PATH_BTMP "/var/log/btmp"
-+#endif
-+
-+#ifndef __GLIBC__
-+#define logwtmp(args...)
- #endif
- 
- /* XXX - time before ignoring lock. Is 1 sec enough? */
diff --git a/system/linux-pam/musl-fix-pam_exec.patch b/system/linux-pam/musl-fix-pam_exec.patch
index b6b999fae..52e316ac8 100644
--- a/system/linux-pam/musl-fix-pam_exec.patch
+++ b/system/linux-pam/musl-fix-pam_exec.patch
@@ -15,13 +15,14 @@
    if (argc < 1) {
      pam_syslog (pamh, LOG_ERR,
  		"This module needs at least one argument");
-@@ -178,11 +181,11 @@
+@@ -180,12 +183,12 @@
+ 	      if (resp)
+ 		{
+ 		  pam_set_item (pamh, PAM_AUTHTOK, resp);
+-		  authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
++		  authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
+ 		  _pam_drop (resp);
  		}
- 
- 	      pam_set_item (pamh, PAM_AUTHTOK, resp);
--	      authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
-+	      authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
- 	      _pam_drop (resp);
  	    }
  	  else
 -	    authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
diff --git a/system/linux-pam/use-utmpx.patch b/system/linux-pam/use-utmpx.patch
new file mode 100644
index 000000000..1ec0c9daf
--- /dev/null
+++ b/system/linux-pam/use-utmpx.patch
@@ -0,0 +1,241 @@
+--- Linux-PAM-1.3.1/libpam/pam_modutil_getlogin.c.old	2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/libpam/pam_modutil_getlogin.c	2018-06-15 19:45:00.100036938 -0500
+@@ -10,7 +10,7 @@
+ 
+ #include <stdlib.h>
+ #include <unistd.h>
+-#include <utmp.h>
++#include <utmpx.h>
+ 
+ #define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin"
+ 
+@@ -22,7 +22,7 @@
+     const void *void_curr_tty;
+     const char *curr_tty;
+     char *curr_user;
+-    struct utmp *ut, line;
++    struct utmpx *ut, line;
+ 
+     status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname);
+     if (status == PAM_SUCCESS) {
+@@ -48,10 +48,10 @@
+     }
+     logname = NULL;
+ 
+-    setutent();
++    setutxent();
+     strncpy(line.ut_line, curr_tty, sizeof(line.ut_line));
+ 
+-    if ((ut = getutline(&line)) == NULL) {
++    if ((ut = getutxline(&line)) == NULL) {
+ 	goto clean_up_and_go_home;
+     }
+ 
+@@ -74,7 +74,7 @@
+ 
+ clean_up_and_go_home:
+ 
+-    endutent();
++    endutxent();
+ 
+     return logname;
+ }
+--- Linux-PAM-1.3.1/modules/pam_issue/pam_issue.c.old	2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_issue/pam_issue.c	2018-06-15 19:53:16.459545509 -0500
+@@ -25,7 +25,13 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <sys/utsname.h>
+-#include <utmp.h>
++#if defined(HAVE_UTMPX_H)
++#    include <utmpx.h>
++#elif defined(HAVE_UTMP_H)
++#    include <utmp.h>
++#else
++#    error You must have either utmpx.h or utmp.h.
++#endif
+ #include <time.h>
+ #include <syslog.h>
+ 
+@@ -246,6 +252,15 @@
+ 	      case 'U':
+ 		{
+ 		    unsigned int users = 0;
++#if defined(HAVE_UTMPX_H)
++		    struct utmpx *utx;
++		    setutxent();
++		    while ((utx = getutxent())) {
++			if (utx->ut_type == USER_PROCESS)
++			    ++users;
++		    }
++		    endutxent();
++#elif defined(HAVE_UTMP_H)
+ 		    struct utmp *ut;
+ 		    setutent();
+ 		    while ((ut = getutent())) {
+@@ -253,6 +268,7 @@
+ 			    ++users;
+ 		    }
+ 		    endutent();
++#endif
+ 		    if (c == 'U')
+ 			snprintf (buf, sizeof buf, "%u %s", users,
+ 			          (users == 1) ? "user" : "users");
+--- Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c.old	2018-06-15 19:48:06.379852509 -0500
++++ Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c	2018-06-15 19:57:18.849305527 -0500
+@@ -14,7 +14,10 @@
+ #include <fcntl.h>
+ #include <time.h>
+ #include <errno.h>
++#ifdef HAVE_UTMPX_H
++# include <utmpx.h>
++#endif
+ #ifdef HAVE_UTMP_H
+ # include <utmp.h>
+ #else
+ # include <lastlog.h>
+@@ -448,8 +451,13 @@
+ {
+     int retval;
+     int fd;
++#ifdef HAVE_UTMPX_H
++    struct utmpx ut;
++    struct utmpx utuser;
++#else
+     struct utmp ut;
+     struct utmp utuser;
++#endif
+     int failed = 0;
+     char the_time[256];
+     char *date = NULL;
+--- Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.old	2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c	2018-06-15 20:25:21.737639355 -0500
+@@ -33,7 +33,11 @@
+ #include <sys/resource.h>
+ #include <limits.h>
+ #include <glob.h>
+-#include <utmp.h>
++#ifdef HAVE_UTMPX_H
++# include <utmpx.h>
++#else
++# include <utmp.h>
++#endif
+ #ifndef UT_USER  /* some systems have ut_name instead of ut_user */
+ #define UT_USER ut_user
+ #endif
+@@ -227,7 +231,11 @@
+ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
+               struct pam_limit_s *pl)
+ {
++#ifdef HAVE_UTMPX_H
++    struct utmpx *ut;
++#else
+     struct utmp *ut;
++#endif
+     int count;
+ 
+     if (ctrl & PAM_DEBUG_ARG) {
+@@ -242,12 +250,16 @@
+         return LOGIN_ERR;
+     }
+ 
++#ifdef HAVE_UTMPX_H
++    setutxent();
++#else
+     setutent();
++#endif
+ 
+     /* Because there is no definition about when an application
+        actually adds a utmp entry, some applications bizarrely do the
+-       utmp call before the have PAM authenticate them to the system:
+-       you're logged it, sort of...? Anyway, you can use the
++       utmp call before they have PAM authenticate them to the system:
++       you're logged in, sort of...? Anyway, you can use the
+        "utmp_early" module argument in your PAM config file to make
+        allowances for this sort of problem. (There should be a PAM
+        standard for this, since if a module wants to actually map a
+@@ -260,7 +272,11 @@
+ 	count = 1;
+     }
+ 
++#ifdef HAVE_UTMPX_H
++    while((ut = getutxent())) {
++#else
+     while((ut = getutent())) {
++#endif
+ #ifdef USER_PROCESS
+         if (ut->ut_type != USER_PROCESS) {
+             continue;
+@@ -296,7 +312,11 @@
+ 	    break;
+ 	}
+     }
++#ifdef HAVE_UTMPX_H
++    endutxent();
++#else
+     endutent();
++#endif
+     if (count > limit) {
+ 	if (name) {
+ 	    pam_syslog(pamh, LOG_NOTICE,
+--- Linux-PAM-1.3.1/modules/pam_timestamp/pam_timestamp.c.old	2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_timestamp/pam_timestamp.c	2018-06-15 20:34:52.997073770 -0500
+@@ -56,7 +56,11 @@
+ #include <time.h>
+ #include <sys/time.h>
+ #include <unistd.h>
+-#include <utmp.h>
++#ifdef HAVE_UTMPX_H
++# include <utmpx.h>
++#else
++# include <utmp.h>
++#endif
+ #include <syslog.h>
+ #include <paths.h>
+ #include "hmacsha1.h"
+@@ -197,12 +201,22 @@
+ static int
+ check_login_time(const char *ruser, time_t timestamp)
+ {
++#ifdef HAVE_UTMPX_H
++	struct utmpx utbuf, *ut;
++#else
+ 	struct utmp utbuf, *ut;
++#endif
+ 	time_t oldest_login = 0;
+ 
++#ifdef HAVE_UTMPX_H
++	setutxent();
++#else
+ 	setutent();
++#endif
+ 	while(
+-#ifdef HAVE_GETUTENT_R
++#ifdef HAVE_UTMPX_H
++	      (ut = getutxent()) != NULL
++#elif defined(HAVE_GETUTENT_R)
+ 	      !getutent_r(&utbuf, &ut)
+ #else
+ 	      (ut = getutent()) != NULL
+@@ -218,7 +232,11 @@
+ 			oldest_login = ut->ut_tv.tv_sec;
+ 		}
+ 	}
++#ifdef HAVE_UTMPX_H
++	endutxent();
++#else
+ 	endutent();
++#endif
+ 	if(oldest_login == 0 || timestamp < oldest_login) {
+ 		return PAM_AUTH_ERR;
+ 	}
+--- Linux-PAM-1.3.1/modules/pam_unix/support.c.old	2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_unix/support.c	2018-06-15 20:38:23.306865549 -0500
+@@ -13,7 +13,6 @@
+ #include <pwd.h>
+ #include <shadow.h>
+ #include <limits.h>
+-#include <utmp.h>
+ #include <errno.h>
+ #include <signal.h>
+ #include <ctype.h>