[packages/squid.git] / squid-3.0.PRE3-pam_auth.patch

Index: squid3/helpers/basic_auth/PAM/pam_auth.8
diff -c squid3/helpers/basic_auth/PAM/pam_auth.8:1.3 squid3/helpers/basic_auth/PAM/pam_auth.8:1.5
*** squid3/helpers/basic_auth/PAM/pam_auth.8:1.3	Wed May 15 06:03:57 2002
--- squid3/helpers/basic_auth/PAM/pam_auth.8	Wed Nov  5 03:00:40 2003
***************
*** 1,4 ****
! .TH pam_auth 8 "15 May 2002" "Squid PAM Auth"
  .
  .SH NAME
  pam_auth - Squid PAM authentication helper
--- 1,4 ----
! .TH pam_auth 8 "5 Sep 2003" "Squid PAM Auth"
  .
  .SH NAME
  pam_auth - Squid PAM authentication helper
***************
*** 17,38 ****
  .
  .TP
  .BI "-t " TTL
! Unless the -1 option is used, this specified for how long
! the connection to the PAM database should be kept open and
! reused for new logins. Defaults to 60 seconds.
  .
  .TP
  .BI "-o"
  Do not perform the PAM account management group (account
  expiration etc)
  
- .TP
- .BI "-1"
- Specifies "One shot" mode, where a new PAM connection will
- be opened for each new user. This is how PAM is normally
- used and may be required by some backend databases.
- The default is to reuse the PAM connection to maximize
- performance. (see -t above)
  .
  .SH CONFIGURATION
  .
--- 17,34 ----
  .
  .TP
  .BI "-t " TTL
! Enables persistent PAM connections where the connection to the PAM
! database is kept open and reused for new logins. The TTL specifies
! how long the connetion will be kept open (in seconds).  Default is
! to not keep PAM connections open. Please note that the use of
! persistent PAM connections is slightly outside the PAM
! specification and may not work with all PAM configurations.
  .
  .TP
  .BI "-o"
  Do not perform the PAM account management group (account
  expiration etc)
  
  .
  .SH CONFIGURATION
  .
***************
*** 76,82 ****
  .I Henrik Nordstrom <hno@squid-cache.org>
  .
  .SH COPYRIGHT
! Squid pam_auth and this manual is Copyright 1999,2002
  Henrik Nordstrom <hno@squid-cache.org>
  .
  .SH QUESTIONS
--- 72,78 ----
  .I Henrik Nordstrom <hno@squid-cache.org>
  .
  .SH COPYRIGHT
! Squid pam_auth and this manual is Copyright 1999,2002,2003
  Henrik Nordstrom <hno@squid-cache.org>
  .
  .SH QUESTIONS
Index: squid3/helpers/basic_auth/PAM/pam_auth.c
diff -c squid3/helpers/basic_auth/PAM/pam_auth.c:1.12 squid3/helpers/basic_auth/PAM/pam_auth.c:1.15
*** squid3/helpers/basic_auth/PAM/pam_auth.c:1.12	Wed Jan 22 17:35:35 2003
--- squid3/helpers/basic_auth/PAM/pam_auth.c	Wed Nov  5 11:14:25 2003
***************
*** 2,8 ****
   * $Id$
   *
   * PAM authenticator module for Squid.
!  * Copyright (C) 1999,2002 Henrik Nordstrom <hno@squid-cache.org>
   *
   *  This program is free software; you can redistribute it and/or modify
   *  it under the terms of the GNU General Public License as published by
--- 2,8 ----
   * $Id$
   *
   * PAM authenticator module for Squid.
!  * Copyright (C) 1999,2002,2003 Henrik Nordstrom <hno@squid-cache.org>
   *
   *  This program is free software; you can redistribute it and/or modify
   *  it under the terms of the GNU General Public License as published by
***************
*** 37,42 ****
--- 37,51 ----
   *
   * Change Log:
   *
+  *   Version 2.2, 2003-11-05
+  *      One shot mode is now the default mode of operation
+  *      with persistent PAM connections enabled by -t option.
+  *      Support for clearing the PAM_AUTHTOK attribute on
+  *      persistent PAM connections.
+  *
+  *   Version 2.1, 2002-08-12
+  *      Squid-2.5 support (URL encoded login, password strings)
+  *
   *   Version 2.0, 2002-01-07
   *      One shot mode, command line options
   *	man page
***************
*** 76,82 ****
  
  /* The default TTL */
  #ifndef DEFAULT_SQUID_PAM_TTL
! #define DEFAULT_SQUID_PAM_TTL 60
  #endif
  
  static char *password = NULL;	/* Workaround for Solaris 2.6 brokenness */
--- 85,91 ----
  
  /* The default TTL */
  #ifndef DEFAULT_SQUID_PAM_TTL
! #define DEFAULT_SQUID_PAM_TTL 0
  #endif
  
  static char *password = NULL;	/* Workaround for Solaris 2.6 brokenness */
***************
*** 221,226 ****
--- 230,236 ----
  	    }
  	    pamh_created = time(NULL);
  	}
+ 	/* Authentication */
  	retval = PAM_SUCCESS;
  	if (ttl != 0) {
  	    if (retval == PAM_SUCCESS)
***************
*** 238,244 ****
  error:
  	    fprintf(stdout, "ERR\n");
  	}
! 	if (ttl == 0) {
  	    retval = pam_end(pamh, retval);
  	    if (retval != PAM_SUCCESS) {
  		fprintf(stderr, "WARNING: failed to release PAM authenticator\n");
--- 248,262 ----
  error:
  	    fprintf(stdout, "ERR\n");
  	}
! 	/* cleanup */
! 	retval = PAM_SUCCESS;
! #ifdef PAM_AUTHTOK
! 	if (ttl != 0) {
! 	    if (retval == PAM_SUCCESS)
! 		retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
! 	}
! #endif
! 	if (ttl == 0 || retval != PAM_SUCCESS) {
  	    retval = pam_end(pamh, retval);
  	    if (retval != PAM_SUCCESS) {
  		fprintf(stderr, "WARNING: failed to release PAM authenticator\n");
Commit	Line	Data
36aa8c36 JR	1	Index: squid3/helpers/basic_auth/PAM/pam_auth.8
	2	diff -c squid3/helpers/basic_auth/PAM/pam_auth.8:1.3 squid3/helpers/basic_auth/PAM/pam_auth.8:1.5
	3	*** squid3/helpers/basic_auth/PAM/pam_auth.8:1.3 Wed May 15 06:03:57 2002
	4	--- squid3/helpers/basic_auth/PAM/pam_auth.8 Wed Nov 5 03:00:40 2003
	5	***************
	6	* 1,4 **
	7	! .TH pam_auth 8 "15 May 2002" "Squid PAM Auth"
	8	.
	9	.SH NAME
	10	pam_auth - Squid PAM authentication helper
	11	--- 1,4 ----
	12	! .TH pam_auth 8 "5 Sep 2003" "Squid PAM Auth"
	13	.
	14	.SH NAME
	15	pam_auth - Squid PAM authentication helper
	16	***************
	17	* 17,38 **
	18	.
	19	.TP
	20	.BI "-t " TTL
	21	! Unless the -1 option is used, this specified for how long
	22	! the connection to the PAM database should be kept open and
	23	! reused for new logins. Defaults to 60 seconds.
	24	.
	25	.TP
	26	.BI "-o"
	27	Do not perform the PAM account management group (account
	28	expiration etc)
	29
	30	- .TP
	31	- .BI "-1"
	32	- Specifies "One shot" mode, where a new PAM connection will
	33	- be opened for each new user. This is how PAM is normally
	34	- used and may be required by some backend databases.
	35	- The default is to reuse the PAM connection to maximize
	36	- performance. (see -t above)
	37	.
	38	.SH CONFIGURATION
	39	.
	40	--- 17,34 ----
	41	.
	42	.TP
	43	.BI "-t " TTL
	44	! Enables persistent PAM connections where the connection to the PAM
	45	! database is kept open and reused for new logins. The TTL specifies
	46	! how long the connetion will be kept open (in seconds). Default is
	47	! to not keep PAM connections open. Please note that the use of
	48	! persistent PAM connections is slightly outside the PAM
	49	! specification and may not work with all PAM configurations.
	50	.
	51	.TP
	52	.BI "-o"
	53	Do not perform the PAM account management group (account
	54	expiration etc)
	55
	56	.
	57	.SH CONFIGURATION
	58	.
	59	***************
	60	* 76,82 **
	61	.I Henrik Nordstrom <hno@squid-cache.org>
	62	.
	63	.SH COPYRIGHT
	64	! Squid pam_auth and this manual is Copyright 1999,2002
65	Henrik Nordstrom <hno@squid-cache.org>
66	.
67	.SH QUESTIONS
68	--- 72,78 ----
69	.I Henrik Nordstrom <hno@squid-cache.org>
70	.
71	.SH COPYRIGHT
72	! Squid pam_auth and this manual is Copyright 1999,2002,2003
73	Henrik Nordstrom <hno@squid-cache.org>
74	.
75	.SH QUESTIONS
76	Index: squid3/helpers/basic_auth/PAM/pam_auth.c
77	diff -c squid3/helpers/basic_auth/PAM/pam_auth.c:1.12 squid3/helpers/basic_auth/PAM/pam_auth.c:1.15
78	*** squid3/helpers/basic_auth/PAM/pam_auth.c:1.12 Wed Jan 22 17:35:35 2003
79	--- squid3/helpers/basic_auth/PAM/pam_auth.c Wed Nov 5 11:14:25 2003
80	***************
81	* 2,8 **
82	* $Id$
83	*
84	* PAM authenticator module for Squid.
85	! * Copyright (C) 1999,2002 Henrik Nordstrom <hno@squid-cache.org>
86	*
87	* This program is free software; you can redistribute it and/or modify
88	* it under the terms of the GNU General Public License as published by
89	--- 2,8 ----
90	* $Id$
91	*
92	* PAM authenticator module for Squid.
93	! * Copyright (C) 1999,2002,2003 Henrik Nordstrom <hno@squid-cache.org>
94	*
95	* This program is free software; you can redistribute it and/or modify
96	* it under the terms of the GNU General Public License as published by
97	***************
98	* 37,42 **
99	--- 37,51 ----
100	*
101	* Change Log:
102	*
103	+ * Version 2.2, 2003-11-05
104	+ * One shot mode is now the default mode of operation
105	+ * with persistent PAM connections enabled by -t option.
106	+ * Support for clearing the PAM_AUTHTOK attribute on
107	+ * persistent PAM connections.
108	+ *
109	+ * Version 2.1, 2002-08-12
110	+ * Squid-2.5 support (URL encoded login, password strings)
111	+ *
112	* Version 2.0, 2002-01-07
113	* One shot mode, command line options
114	* man page
115	***************
116	* 76,82 **
117
118	/* The default TTL */
119	#ifndef DEFAULT_SQUID_PAM_TTL
120	! #define DEFAULT_SQUID_PAM_TTL 60
121	#endif
122
123	static char password = NULL; / Workaround for Solaris 2.6 brokenness */
124	--- 85,91 ----
125
126	/* The default TTL */
127	#ifndef DEFAULT_SQUID_PAM_TTL
128	! #define DEFAULT_SQUID_PAM_TTL 0
129	#endif
130
131	static char password = NULL; / Workaround for Solaris 2.6 brokenness */
132	***************
133	* 221,226 **
134	--- 230,236 ----
135	}
136	pamh_created = time(NULL);
137	}
138	+ /* Authentication */
139	retval = PAM_SUCCESS;
140	if (ttl != 0) {
141	if (retval == PAM_SUCCESS)
142	***************
143	* 238,244 **
144	error:
145	fprintf(stdout, "ERR\n");
146	}
147	! if (ttl == 0) {
148	retval = pam_end(pamh, retval);
149	if (retval != PAM_SUCCESS) {
150	fprintf(stderr, "WARNING: failed to release PAM authenticator\n");
151	--- 248,262 ----
152	error:
153	fprintf(stdout, "ERR\n");
154	}
155	! /* cleanup */
156	! retval = PAM_SUCCESS;
157	! #ifdef PAM_AUTHTOK
158	! if (ttl != 0) {
159	! if (retval == PAM_SUCCESS)
160	! retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
161	! }
162	! #endif
163	! if (ttl == 0 \|\| retval != PAM_SUCCESS) {
164	retval = pam_end(pamh, retval);
165	if (retval != PAM_SUCCESS) {
166	fprintf(stderr, "WARNING: failed to release PAM authenticator\n");