diff options
-rw-r--r-- | system/linux-pam/APKBUILD | 35 | ||||
-rw-r--r-- | system/linux-pam/fix-compat.patch | 11 | ||||
-rw-r--r-- | system/linux-pam/musl-fix-pam_exec.patch | 13 | ||||
-rw-r--r-- | system/linux-pam/use-utmpx.patch | 241 |
4 files changed, 268 insertions, 32 deletions
diff --git a/system/linux-pam/APKBUILD b/system/linux-pam/APKBUILD index f55963c5c..bf6a19f93 100644 --- a/system/linux-pam/APKBUILD +++ b/system/linux-pam/APKBUILD @@ -1,22 +1,23 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> -# Maintainer: William Pitcock <nenolod@dereferenced.org> +# Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=linux-pam -pkgver=1.3.0 -pkgrel=1 -pkgdesc="pluggable authentication modules for linux" +pkgver=1.3.1 +pkgrel=0 +pkgdesc="Pluggable Authentication Modules" url="http://www.kernel.org/pub/linux/libs/pam" arch="all" license="BSD" -depends_dev="gettext-dev" -makedepends_host="$depends_dev" +depends_dev="gettext-tiny-dev" +makedepends_host="$depends_dev utmps-dev" makedepends_build="$depends_dev bison flex-dev autoconf automake libtool" makedepends="$makedepends_host $makedepends_build" -options="suid !check" -subpackages="$pkgname-dev $pkgname-doc" -source="http://linux-pam.org/library/Linux-PAM-$pkgver.tar.bz2 +options="suid" +subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" +source="https://github.com/$pkgname/$pkgname/releases/download/v1.3.1/Linux-PAM-$pkgver.tar.xz fix-compat.patch libpam-fix-build-with-eglibc-2.16.patch musl-fix-pam_exec.patch + use-utmpx.patch base-auth.pamd base-account.pamd @@ -39,7 +40,7 @@ build() { cd "$builddir" autoreconf -vif [ "$CLIBC" = "musl" ] && export ac_cv_search_crypt=no - ./configure \ + LIBS="-lutmps -lskarnet" ./configure \ --build=$CBUILD \ --host=$CHOST \ --prefix=/usr \ @@ -48,11 +49,15 @@ build() { --mandir=/usr/share/man \ --infodir=/usr/share/info \ --localstatedir=/var \ - --disable-nls \ --disable-db make } +check() { + cd "$builddir" + make check +} + package() { cd "$builddir" make DESTDIR="$pkgdir" install @@ -73,15 +78,15 @@ package() { esac done - # delete pointless libtool archives. chgrp shadow "$pkgdir"/sbin/unix_chkpwd \ && chmod g+s "$pkgdir"/sbin/unix_chkpwd } -sha512sums="4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42 Linux-PAM-1.3.0.tar.bz2 -52b97e23084f7b835ce1fa441663f91a50ea797cb38ba2c6662bcdaf0d25ba487118442674ac347fb17353af126dd6b3b696612faa56cac428dd842d14e1c90d fix-compat.patch +sha512sums="6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e Linux-PAM-1.3.1.tar.xz +1a8ae3a212684b0dfef12aaeb1d4cec6e85b056a79b13ddc9ebe1cd61fe8da1a6210a06eb3e4f5bacc0c2fa71b82346d87f673921ce1453cbc46cb905e86a6c6 fix-compat.patch f49edf3876cc6bcb87bbea4e7beaeb0a382d596898c755f5fbaf6c2ed4e0c8f082b2cd16dde8a74af82bb09a1334f463e07a4bb5b8a48f023ff90a67ad2fdd44 libpam-fix-build-with-eglibc-2.16.patch -bc443d2a9b1d90b81959ce6fa154042365d5e7840f8696f847a145bbaaeffcbe1e9cd2b8ba76131a7b48737929e281f4fe864582fa4fc40315f2d10c650e0cd9 musl-fix-pam_exec.patch +82fb1ec27b370ed5d30451f31aecbacf94ff8aff9db52e79090466dcdd1b1b2c18ca7e0641b1b51a3ed78ea7203fe9464b50f63d6dbf661e10f68366c79196ae musl-fix-pam_exec.patch +8352c0bd36f776251143d1e73d92a1e746e8f23778462e441cc989afd4204887aca6b310d87ab8e5b315b13c4ad1225c87531b71a0fef693772fc7e12bcde418 use-utmpx.patch 0672ab21adb969af2a0082e2559f1196d8a4f8b1cff2836f97e5f24edb03b6aed156c61cf335a4df978e423dcd9934ffee8cb5784ed5dde704d7e5ddec4ba9f6 base-auth.pamd 85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b base-account.pamd 8223b815148c3b9b874d2c283840f6428c266e56c7cf49ce8fc508c4945ae31c837bef96dab17f64a60812d1c9cd0055cf0a50d7951d23070b69bd2e5bb9666d base-password.pamd diff --git a/system/linux-pam/fix-compat.patch b/system/linux-pam/fix-compat.patch index 4096c3a47..e450dbb0b 100644 --- a/system/linux-pam/fix-compat.patch +++ b/system/linux-pam/fix-compat.patch @@ -8,14 +8,3 @@ #include <fcntl.h> #include <time.h> #include <errno.h> -@@ -48,6 +49,10 @@ - - #ifndef _PATH_BTMP - # define _PATH_BTMP "/var/log/btmp" -+#endif -+ -+#ifndef __GLIBC__ -+#define logwtmp(args...) - #endif - - /* XXX - time before ignoring lock. Is 1 sec enough? */ diff --git a/system/linux-pam/musl-fix-pam_exec.patch b/system/linux-pam/musl-fix-pam_exec.patch index b6b999fae..52e316ac8 100644 --- a/system/linux-pam/musl-fix-pam_exec.patch +++ b/system/linux-pam/musl-fix-pam_exec.patch @@ -15,13 +15,14 @@ if (argc < 1) { pam_syslog (pamh, LOG_ERR, "This module needs at least one argument"); -@@ -178,11 +181,11 @@ +@@ -180,12 +183,12 @@ + if (resp) + { + pam_set_item (pamh, PAM_AUTHTOK, resp); +- authtok = strndupa (resp, PAM_MAX_RESP_SIZE); ++ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf)); + _pam_drop (resp); } - - pam_set_item (pamh, PAM_AUTHTOK, resp); -- authtok = strndupa (resp, PAM_MAX_RESP_SIZE); -+ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf)); - _pam_drop (resp); } else - authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); diff --git a/system/linux-pam/use-utmpx.patch b/system/linux-pam/use-utmpx.patch new file mode 100644 index 000000000..1ec0c9daf --- /dev/null +++ b/system/linux-pam/use-utmpx.patch @@ -0,0 +1,241 @@ +--- Linux-PAM-1.3.1/libpam/pam_modutil_getlogin.c.old 2017-02-10 04:10:15.000000000 -0600 ++++ Linux-PAM-1.3.1/libpam/pam_modutil_getlogin.c 2018-06-15 19:45:00.100036938 -0500 +@@ -10,7 +10,7 @@ + + #include <stdlib.h> + #include <unistd.h> +-#include <utmp.h> ++#include <utmpx.h> + + #define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" + +@@ -22,7 +22,7 @@ + const void *void_curr_tty; + const char *curr_tty; + char *curr_user; +- struct utmp *ut, line; ++ struct utmpx *ut, line; + + status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname); + if (status == PAM_SUCCESS) { +@@ -48,10 +48,10 @@ + } + logname = NULL; + +- setutent(); ++ setutxent(); + strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); + +- if ((ut = getutline(&line)) == NULL) { ++ if ((ut = getutxline(&line)) == NULL) { + goto clean_up_and_go_home; + } + +@@ -74,7 +74,7 @@ + + clean_up_and_go_home: + +- endutent(); ++ endutxent(); + + return logname; + } +--- Linux-PAM-1.3.1/modules/pam_issue/pam_issue.c.old 2017-02-10 04:10:15.000000000 -0600 ++++ Linux-PAM-1.3.1/modules/pam_issue/pam_issue.c 2018-06-15 19:53:16.459545509 -0500 +@@ -25,7 +25,13 @@ + #include <string.h> + #include <unistd.h> + #include <sys/utsname.h> +-#include <utmp.h> ++#if defined(HAVE_UTMPX_H) ++# include <utmpx.h> ++#elif defined(HAVE_UTMP_H) ++# include <utmp.h> ++#else ++# error You must have either utmpx.h or utmp.h. ++#endif + #include <time.h> + #include <syslog.h> + +@@ -246,6 +252,15 @@ + case 'U': + { + unsigned int users = 0; ++#if defined(HAVE_UTMPX_H) ++ struct utmpx *utx; ++ setutxent(); ++ while ((utx = getutxent())) { ++ if (utx->ut_type == USER_PROCESS) ++ ++users; ++ } ++ endutxent(); ++#elif defined(HAVE_UTMP_H) + struct utmp *ut; + setutent(); + while ((ut = getutent())) { +@@ -253,6 +268,7 @@ + ++users; + } + endutent(); ++#endif + if (c == 'U') + snprintf (buf, sizeof buf, "%u %s", users, + (users == 1) ? "user" : "users"); +--- Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c.old 2018-06-15 19:48:06.379852509 -0500 ++++ Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c 2018-06-15 19:57:18.849305527 -0500 +@@ -14,7 +14,10 @@ + #include <fcntl.h> + #include <time.h> + #include <errno.h> ++#ifdef HAVE_UTMPX_H ++# include <utmpx.h> ++#endif + #ifdef HAVE_UTMP_H + # include <utmp.h> + #else + # include <lastlog.h> +@@ -448,8 +451,13 @@ + { + int retval; + int fd; ++#ifdef HAVE_UTMPX_H ++ struct utmpx ut; ++ struct utmpx utuser; ++#else + struct utmp ut; + struct utmp utuser; ++#endif + int failed = 0; + char the_time[256]; + char *date = NULL; +--- Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.old 2017-02-10 04:10:15.000000000 -0600 ++++ Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c 2018-06-15 20:25:21.737639355 -0500 +@@ -33,7 +33,11 @@ + #include <sys/resource.h> + #include <limits.h> + #include <glob.h> +-#include <utmp.h> ++#ifdef HAVE_UTMPX_H ++# include <utmpx.h> ++#else ++# include <utmp.h> ++#endif + #ifndef UT_USER /* some systems have ut_name instead of ut_user */ + #define UT_USER ut_user + #endif +@@ -227,7 +231,11 @@ + check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, + struct pam_limit_s *pl) + { ++#ifdef HAVE_UTMPX_H ++ struct utmpx *ut; ++#else + struct utmp *ut; ++#endif + int count; + + if (ctrl & PAM_DEBUG_ARG) { +@@ -242,12 +250,16 @@ + return LOGIN_ERR; + } + ++#ifdef HAVE_UTMPX_H ++ setutxent(); ++#else + setutent(); ++#endif + + /* Because there is no definition about when an application + actually adds a utmp entry, some applications bizarrely do the +- utmp call before the have PAM authenticate them to the system: +- you're logged it, sort of...? Anyway, you can use the ++ utmp call before they have PAM authenticate them to the system: ++ you're logged in, sort of...? Anyway, you can use the + "utmp_early" module argument in your PAM config file to make + allowances for this sort of problem. (There should be a PAM + standard for this, since if a module wants to actually map a +@@ -260,7 +272,11 @@ + count = 1; + } + ++#ifdef HAVE_UTMPX_H ++ while((ut = getutxent())) { ++#else + while((ut = getutent())) { ++#endif + #ifdef USER_PROCESS + if (ut->ut_type != USER_PROCESS) { + continue; +@@ -296,7 +312,11 @@ + break; + } + } ++#ifdef HAVE_UTMPX_H ++ endutxent(); ++#else + endutent(); ++#endif + if (count > limit) { + if (name) { + pam_syslog(pamh, LOG_NOTICE, +--- Linux-PAM-1.3.1/modules/pam_timestamp/pam_timestamp.c.old 2017-02-10 04:10:15.000000000 -0600 ++++ Linux-PAM-1.3.1/modules/pam_timestamp/pam_timestamp.c 2018-06-15 20:34:52.997073770 -0500 +@@ -56,7 +56,11 @@ + #include <time.h> + #include <sys/time.h> + #include <unistd.h> +-#include <utmp.h> ++#ifdef HAVE_UTMPX_H ++# include <utmpx.h> ++#else ++# include <utmp.h> ++#endif + #include <syslog.h> + #include <paths.h> + #include "hmacsha1.h" +@@ -197,12 +201,22 @@ + static int + check_login_time(const char *ruser, time_t timestamp) + { ++#ifdef HAVE_UTMPX_H ++ struct utmpx utbuf, *ut; ++#else + struct utmp utbuf, *ut; ++#endif + time_t oldest_login = 0; + ++#ifdef HAVE_UTMPX_H ++ setutxent(); ++#else + setutent(); ++#endif + while( +-#ifdef HAVE_GETUTENT_R ++#ifdef HAVE_UTMPX_H ++ (ut = getutxent()) != NULL ++#elif defined(HAVE_GETUTENT_R) + !getutent_r(&utbuf, &ut) + #else + (ut = getutent()) != NULL +@@ -218,7 +232,11 @@ + oldest_login = ut->ut_tv.tv_sec; + } + } ++#ifdef HAVE_UTMPX_H ++ endutxent(); ++#else + endutent(); ++#endif + if(oldest_login == 0 || timestamp < oldest_login) { + return PAM_AUTH_ERR; + } +--- Linux-PAM-1.3.1/modules/pam_unix/support.c.old 2017-02-10 04:10:15.000000000 -0600 ++++ Linux-PAM-1.3.1/modules/pam_unix/support.c 2018-06-15 20:38:23.306865549 -0500 +@@ -13,7 +13,6 @@ + #include <pwd.h> + #include <shadow.h> + #include <limits.h> +-#include <utmp.h> + #include <errno.h> + #include <signal.h> + #include <ctype.h> |