summaryrefslogtreecommitdiff
path: root/system/linux-pam
diff options
context:
space:
mode:
Diffstat (limited to 'system/linux-pam')
-rw-r--r--system/linux-pam/APKBUILD35
-rw-r--r--system/linux-pam/fix-compat.patch11
-rw-r--r--system/linux-pam/musl-fix-pam_exec.patch13
-rw-r--r--system/linux-pam/use-utmpx.patch241
4 files changed, 268 insertions, 32 deletions
diff --git a/system/linux-pam/APKBUILD b/system/linux-pam/APKBUILD
index f55963c5c..bf6a19f93 100644
--- a/system/linux-pam/APKBUILD
+++ b/system/linux-pam/APKBUILD
@@ -1,22 +1,23 @@
# Contributor: William Pitcock <nenolod@dereferenced.org>
-# Maintainer: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=linux-pam
-pkgver=1.3.0
-pkgrel=1
-pkgdesc="pluggable authentication modules for linux"
+pkgver=1.3.1
+pkgrel=0
+pkgdesc="Pluggable Authentication Modules"
url="http://www.kernel.org/pub/linux/libs/pam"
arch="all"
license="BSD"
-depends_dev="gettext-dev"
-makedepends_host="$depends_dev"
+depends_dev="gettext-tiny-dev"
+makedepends_host="$depends_dev utmps-dev"
makedepends_build="$depends_dev bison flex-dev autoconf automake libtool"
makedepends="$makedepends_host $makedepends_build"
-options="suid !check"
-subpackages="$pkgname-dev $pkgname-doc"
-source="http://linux-pam.org/library/Linux-PAM-$pkgver.tar.bz2
+options="suid"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+source="https://github.com/$pkgname/$pkgname/releases/download/v1.3.1/Linux-PAM-$pkgver.tar.xz
fix-compat.patch
libpam-fix-build-with-eglibc-2.16.patch
musl-fix-pam_exec.patch
+ use-utmpx.patch
base-auth.pamd
base-account.pamd
@@ -39,7 +40,7 @@ build() {
cd "$builddir"
autoreconf -vif
[ "$CLIBC" = "musl" ] && export ac_cv_search_crypt=no
- ./configure \
+ LIBS="-lutmps -lskarnet" ./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
@@ -48,11 +49,15 @@ build() {
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--localstatedir=/var \
- --disable-nls \
--disable-db
make
}
+check() {
+ cd "$builddir"
+ make check
+}
+
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
@@ -73,15 +78,15 @@ package() {
esac
done
- # delete pointless libtool archives.
chgrp shadow "$pkgdir"/sbin/unix_chkpwd \
&& chmod g+s "$pkgdir"/sbin/unix_chkpwd
}
-sha512sums="4a89ca4b6f4676107aca4018f7c11addf03495266b209cb11c913f8b5d191d9a1f72197715dcf2a69216b4036de88780bcbbb5a8652e386910d71ba1b6282e42 Linux-PAM-1.3.0.tar.bz2
-52b97e23084f7b835ce1fa441663f91a50ea797cb38ba2c6662bcdaf0d25ba487118442674ac347fb17353af126dd6b3b696612faa56cac428dd842d14e1c90d fix-compat.patch
+sha512sums="6bc8e2a5b64686f0a23846221c5228c88418ba485b17c53b3a12f91262b5bb73566d6b6a5daa1f63bbae54310aee918b987e44a72ce809b4e7c668f0fadfe08e Linux-PAM-1.3.1.tar.xz
+1a8ae3a212684b0dfef12aaeb1d4cec6e85b056a79b13ddc9ebe1cd61fe8da1a6210a06eb3e4f5bacc0c2fa71b82346d87f673921ce1453cbc46cb905e86a6c6 fix-compat.patch
f49edf3876cc6bcb87bbea4e7beaeb0a382d596898c755f5fbaf6c2ed4e0c8f082b2cd16dde8a74af82bb09a1334f463e07a4bb5b8a48f023ff90a67ad2fdd44 libpam-fix-build-with-eglibc-2.16.patch
-bc443d2a9b1d90b81959ce6fa154042365d5e7840f8696f847a145bbaaeffcbe1e9cd2b8ba76131a7b48737929e281f4fe864582fa4fc40315f2d10c650e0cd9 musl-fix-pam_exec.patch
+82fb1ec27b370ed5d30451f31aecbacf94ff8aff9db52e79090466dcdd1b1b2c18ca7e0641b1b51a3ed78ea7203fe9464b50f63d6dbf661e10f68366c79196ae musl-fix-pam_exec.patch
+8352c0bd36f776251143d1e73d92a1e746e8f23778462e441cc989afd4204887aca6b310d87ab8e5b315b13c4ad1225c87531b71a0fef693772fc7e12bcde418 use-utmpx.patch
0672ab21adb969af2a0082e2559f1196d8a4f8b1cff2836f97e5f24edb03b6aed156c61cf335a4df978e423dcd9934ffee8cb5784ed5dde704d7e5ddec4ba9f6 base-auth.pamd
85462201a4044c7e170e617d39b0eceb4790abc6c0504999117548030a16d80a9d2078d1ad97690d7d346e6374201f0c52e792ccb08ce2b1c4bbf0cc2be96f5b base-account.pamd
8223b815148c3b9b874d2c283840f6428c266e56c7cf49ce8fc508c4945ae31c837bef96dab17f64a60812d1c9cd0055cf0a50d7951d23070b69bd2e5bb9666d base-password.pamd
diff --git a/system/linux-pam/fix-compat.patch b/system/linux-pam/fix-compat.patch
index 4096c3a47..e450dbb0b 100644
--- a/system/linux-pam/fix-compat.patch
+++ b/system/linux-pam/fix-compat.patch
@@ -8,14 +8,3 @@
#include <fcntl.h>
#include <time.h>
#include <errno.h>
-@@ -48,6 +49,10 @@
-
- #ifndef _PATH_BTMP
- # define _PATH_BTMP "/var/log/btmp"
-+#endif
-+
-+#ifndef __GLIBC__
-+#define logwtmp(args...)
- #endif
-
- /* XXX - time before ignoring lock. Is 1 sec enough? */
diff --git a/system/linux-pam/musl-fix-pam_exec.patch b/system/linux-pam/musl-fix-pam_exec.patch
index b6b999fae..52e316ac8 100644
--- a/system/linux-pam/musl-fix-pam_exec.patch
+++ b/system/linux-pam/musl-fix-pam_exec.patch
@@ -15,13 +15,14 @@
if (argc < 1) {
pam_syslog (pamh, LOG_ERR,
"This module needs at least one argument");
-@@ -178,11 +181,11 @@
+@@ -180,12 +183,12 @@
+ if (resp)
+ {
+ pam_set_item (pamh, PAM_AUTHTOK, resp);
+- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
++ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
+ _pam_drop (resp);
}
-
- pam_set_item (pamh, PAM_AUTHTOK, resp);
-- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
-+ authtok = strncpy(authtok_buf, resp, sizeof(authtok_buf));
- _pam_drop (resp);
}
else
- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
diff --git a/system/linux-pam/use-utmpx.patch b/system/linux-pam/use-utmpx.patch
new file mode 100644
index 000000000..1ec0c9daf
--- /dev/null
+++ b/system/linux-pam/use-utmpx.patch
@@ -0,0 +1,241 @@
+--- Linux-PAM-1.3.1/libpam/pam_modutil_getlogin.c.old 2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/libpam/pam_modutil_getlogin.c 2018-06-15 19:45:00.100036938 -0500
+@@ -10,7 +10,7 @@
+
+ #include <stdlib.h>
+ #include <unistd.h>
+-#include <utmp.h>
++#include <utmpx.h>
+
+ #define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin"
+
+@@ -22,7 +22,7 @@
+ const void *void_curr_tty;
+ const char *curr_tty;
+ char *curr_user;
+- struct utmp *ut, line;
++ struct utmpx *ut, line;
+
+ status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname);
+ if (status == PAM_SUCCESS) {
+@@ -48,10 +48,10 @@
+ }
+ logname = NULL;
+
+- setutent();
++ setutxent();
+ strncpy(line.ut_line, curr_tty, sizeof(line.ut_line));
+
+- if ((ut = getutline(&line)) == NULL) {
++ if ((ut = getutxline(&line)) == NULL) {
+ goto clean_up_and_go_home;
+ }
+
+@@ -74,7 +74,7 @@
+
+ clean_up_and_go_home:
+
+- endutent();
++ endutxent();
+
+ return logname;
+ }
+--- Linux-PAM-1.3.1/modules/pam_issue/pam_issue.c.old 2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_issue/pam_issue.c 2018-06-15 19:53:16.459545509 -0500
+@@ -25,7 +25,13 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <sys/utsname.h>
+-#include <utmp.h>
++#if defined(HAVE_UTMPX_H)
++# include <utmpx.h>
++#elif defined(HAVE_UTMP_H)
++# include <utmp.h>
++#else
++# error You must have either utmpx.h or utmp.h.
++#endif
+ #include <time.h>
+ #include <syslog.h>
+
+@@ -246,6 +252,15 @@
+ case 'U':
+ {
+ unsigned int users = 0;
++#if defined(HAVE_UTMPX_H)
++ struct utmpx *utx;
++ setutxent();
++ while ((utx = getutxent())) {
++ if (utx->ut_type == USER_PROCESS)
++ ++users;
++ }
++ endutxent();
++#elif defined(HAVE_UTMP_H)
+ struct utmp *ut;
+ setutent();
+ while ((ut = getutent())) {
+@@ -253,6 +268,7 @@
+ ++users;
+ }
+ endutent();
++#endif
+ if (c == 'U')
+ snprintf (buf, sizeof buf, "%u %s", users,
+ (users == 1) ? "user" : "users");
+--- Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c.old 2018-06-15 19:48:06.379852509 -0500
++++ Linux-PAM-1.3.1/modules/pam_lastlog/pam_lastlog.c 2018-06-15 19:57:18.849305527 -0500
+@@ -14,7 +14,10 @@
+ #include <fcntl.h>
+ #include <time.h>
+ #include <errno.h>
++#ifdef HAVE_UTMPX_H
++# include <utmpx.h>
++#endif
+ #ifdef HAVE_UTMP_H
+ # include <utmp.h>
+ #else
+ # include <lastlog.h>
+@@ -448,8 +451,13 @@
+ {
+ int retval;
+ int fd;
++#ifdef HAVE_UTMPX_H
++ struct utmpx ut;
++ struct utmpx utuser;
++#else
+ struct utmp ut;
+ struct utmp utuser;
++#endif
+ int failed = 0;
+ char the_time[256];
+ char *date = NULL;
+--- Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c.old 2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_limits/pam_limits.c 2018-06-15 20:25:21.737639355 -0500
+@@ -33,7 +33,11 @@
+ #include <sys/resource.h>
+ #include <limits.h>
+ #include <glob.h>
+-#include <utmp.h>
++#ifdef HAVE_UTMPX_H
++# include <utmpx.h>
++#else
++# include <utmp.h>
++#endif
+ #ifndef UT_USER /* some systems have ut_name instead of ut_user */
+ #define UT_USER ut_user
+ #endif
+@@ -227,7 +231,11 @@
+ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
+ struct pam_limit_s *pl)
+ {
++#ifdef HAVE_UTMPX_H
++ struct utmpx *ut;
++#else
+ struct utmp *ut;
++#endif
+ int count;
+
+ if (ctrl & PAM_DEBUG_ARG) {
+@@ -242,12 +250,16 @@
+ return LOGIN_ERR;
+ }
+
++#ifdef HAVE_UTMPX_H
++ setutxent();
++#else
+ setutent();
++#endif
+
+ /* Because there is no definition about when an application
+ actually adds a utmp entry, some applications bizarrely do the
+- utmp call before the have PAM authenticate them to the system:
+- you're logged it, sort of...? Anyway, you can use the
++ utmp call before they have PAM authenticate them to the system:
++ you're logged in, sort of...? Anyway, you can use the
+ "utmp_early" module argument in your PAM config file to make
+ allowances for this sort of problem. (There should be a PAM
+ standard for this, since if a module wants to actually map a
+@@ -260,7 +272,11 @@
+ count = 1;
+ }
+
++#ifdef HAVE_UTMPX_H
++ while((ut = getutxent())) {
++#else
+ while((ut = getutent())) {
++#endif
+ #ifdef USER_PROCESS
+ if (ut->ut_type != USER_PROCESS) {
+ continue;
+@@ -296,7 +312,11 @@
+ break;
+ }
+ }
++#ifdef HAVE_UTMPX_H
++ endutxent();
++#else
+ endutent();
++#endif
+ if (count > limit) {
+ if (name) {
+ pam_syslog(pamh, LOG_NOTICE,
+--- Linux-PAM-1.3.1/modules/pam_timestamp/pam_timestamp.c.old 2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_timestamp/pam_timestamp.c 2018-06-15 20:34:52.997073770 -0500
+@@ -56,7 +56,11 @@
+ #include <time.h>
+ #include <sys/time.h>
+ #include <unistd.h>
+-#include <utmp.h>
++#ifdef HAVE_UTMPX_H
++# include <utmpx.h>
++#else
++# include <utmp.h>
++#endif
+ #include <syslog.h>
+ #include <paths.h>
+ #include "hmacsha1.h"
+@@ -197,12 +201,22 @@
+ static int
+ check_login_time(const char *ruser, time_t timestamp)
+ {
++#ifdef HAVE_UTMPX_H
++ struct utmpx utbuf, *ut;
++#else
+ struct utmp utbuf, *ut;
++#endif
+ time_t oldest_login = 0;
+
++#ifdef HAVE_UTMPX_H
++ setutxent();
++#else
+ setutent();
++#endif
+ while(
+-#ifdef HAVE_GETUTENT_R
++#ifdef HAVE_UTMPX_H
++ (ut = getutxent()) != NULL
++#elif defined(HAVE_GETUTENT_R)
+ !getutent_r(&utbuf, &ut)
+ #else
+ (ut = getutent()) != NULL
+@@ -218,7 +232,11 @@
+ oldest_login = ut->ut_tv.tv_sec;
+ }
+ }
++#ifdef HAVE_UTMPX_H
++ endutxent();
++#else
+ endutent();
++#endif
+ if(oldest_login == 0 || timestamp < oldest_login) {
+ return PAM_AUTH_ERR;
+ }
+--- Linux-PAM-1.3.1/modules/pam_unix/support.c.old 2017-02-10 04:10:15.000000000 -0600
++++ Linux-PAM-1.3.1/modules/pam_unix/support.c 2018-06-15 20:38:23.306865549 -0500
+@@ -13,7 +13,6 @@
+ #include <pwd.h>
+ #include <shadow.h>
+ #include <limits.h>
+-#include <utmp.h>
+ #include <errno.h>
+ #include <signal.h>
+ #include <ctype.h>